| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner durch Download eines Wurms infiziert oder nicht?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.11.2011, 11:43
| #16 |
 |  Rechner durch Download eines Wurms infiziert oder nicht? Hi, hier ist das Scanergebnis. XXXXXX = MeinKontoName Code:
ATTFilter OTL logfile created on: 01.11.2011 11:24:24 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\XXXXXX\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 80,88% Memory free 6,50 Gb Paging File | 5,48 Gb Available in Paging File | 84,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,18 Gb Total Space | 9,78 Gb Free Space | 28,60% Space Free | Partition Type: NTFS Drive D: | 39,07 Gb Total Space | 31,97 Gb Free Space | 81,83% Space Free | Partition Type: NTFS Drive E: | 97,66 Gb Total Space | 97,40 Gb Free Space | 99,73% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 71,79 Gb Free Space | 73,51% Space Free | Partition Type: NTFS Drive G: | 97,66 Gb Total Space | 97,53 Gb Free Space | 99,87% Space Free | Partition Type: NTFS Drive H: | 97,66 Gb Total Space | 87,37 Gb Free Space | 89,47% Space Free | Partition Type: NTFS Drive I: | 63,48 Gb Total Space | 30,90 Gb Free Space | 48,68% Space Free | Partition Type: NTFS Drive J: | 68,79 Gb Total Space | 47,12 Gb Free Space | 68,49% Space Free | Partition Type: NTFS Drive K: | 567,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: XXXXXX-PC | User Name: XXXXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.30 18:37:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXXX\Desktop\OTL.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.26 23:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.01.26 23:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.01.26 18:00:16 | 000,284,672 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe PRC - [2009.03.31 08:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.03.10 08:58:18 | 000,130,560 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008.02.22 08:11:02 | 000,120,320 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe ========== Modules (No Company Name) ========== MOD - [2011.10.12 05:10:10 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\273292e88c7b60ecbae9d85e94cd097e\WindowsFormsIntegration.ni.dll MOD - [2011.10.12 05:08:56 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll MOD - [2011.10.12 04:57:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll MOD - [2011.10.12 04:57:12 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll MOD - [2011.10.12 04:57:01 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll MOD - [2011.10.12 04:57:01 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll MOD - [2011.10.12 04:56:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.10.12 04:56:48 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.12 04:56:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011.10.12 04:56:31 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll MOD - [2011.10.12 04:56:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.12 04:56:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.12 04:56:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.12 04:56:14 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.12 04:56:04 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.01.26 18:00:22 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2011.01.26 17:48:02 | 000,243,712 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.11.13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.01.26 23:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.01.26 18:00:16 | 000,284,672 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.31 08:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - [2011.10.03 15:49:32 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2011.10.03 15:49:32 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2011.10.03 15:49:32 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2011.10.03 15:49:32 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2011.03.15 21:56:13 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2011.02.26 19:04:57 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011.01.27 00:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011.01.27 00:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.01.26 23:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.12.21 06:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010.12.21 06:55:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.12.21 06:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.17 13:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1) DRV - [2010.05.25 04:07:38 | 000,204,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2010.01.27 03:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.03.31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2007.09.17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 59 4B 1E 23 E6 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: "127.0.0.1" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 8888 FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: true FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: "127.0.0.1" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 8888 FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: "127.0.0.1" FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 8888 FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: "" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: "" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1" FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888 FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: {0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}:1.0.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.2.06 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 8888 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 8888 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 8888 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 8888 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8888 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 8888 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 8888 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XXXXXX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XXXXXX\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\XXXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.05.31 16:04:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.05.31 16:04:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.05.31 16:04:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 21:00:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.25 19:34:24 | 000,000,000 | ---D | M] [2011.02.26 19:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Extensions [2011.10.29 22:19:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\w109xuvd.default\extensions [2011.02.26 20:05:31 | 000,000,000 | ---D | M] (Auto Copy) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\w109xuvd.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} [2011.10.26 23:47:22 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\w109xuvd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.02.26 20:07:44 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\w109xuvd.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2011.10.14 18:52:26 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\w109xuvd.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2011.02.26 20:07:44 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\w109xuvd.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} [2011.03.01 07:21:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\w109xuvd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.08.18 17:55:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\w109xuvd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.10.11 20:59:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\w109xuvd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.07.03 10:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.02.26 23:35:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 10:06:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.02.26 19:52:09 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2011.02.26 19:52:09 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak () (No name found) -- C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W109XUVD.DEFAULT\EXTENSIONS\{3E9A3920-1B27-11DA-8CD6-0800200C9A66}.XPI () (No name found) -- C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W109XUVD.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI () (No name found) -- C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W109XUVD.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W109XUVD.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI () (No name found) -- C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W109XUVD.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI () (No name found) -- C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W109XUVD.DEFAULT\EXTENSIONS\FIREFOXADDON@SIMILARWEB.COM.XPI [2011.09.30 21:00:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll [2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.09.30 21:00:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.30 21:00:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.30 21:00:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.30 21:00:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.30 21:00:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.30 21:00:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\XXXXXX\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\XXXXXX\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\XXXXXX\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmidas.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Unity Player (Enabled) = C:\Users\XXXXXX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\XXXXXX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Friendly Gaming Simplifier = C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcaniaehcjkignnobkmdgacafghkplh\1.1.0.48_0\ CHR - Extension: FB Photo Zoom = C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\ CHR - Extension: Ti\u00EBsto = C:\Users\XXXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ O1 HOSTS File: ([2011.10.31 22:37:19 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EAB692E-1F69-4D1C-A821-AE51960E5D14}: DhcpNameServer = 192.168.1.1 O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004.05.04 11:40:53 | 000,000,058 | R--- | M] () - K:\AutoRun.inf -- [ CDFS ] O33 - MountPoints2\{8a068c68-41ce-11e0-9403-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8a068c68-41ce-11e0-9403-806e6f6e6963}\Shell\AutoRun\command - "" = K:\Start\Start.exe -- [2003.10.08 22:35:02 | 000,441,856 | R--- | M] () O33 - MountPoints2\{b0459556-41f2-11e0-90fb-00241d250b39}\Shell - "" = AutoRun O33 - MountPoints2\{b0459556-41f2-11e0-90fb-00241d250b39}\Shell\AutoRun\command - "" = M:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{855324FC-DC1E-42A9-80CB-9B6DC33BBC66} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.31 20:41:30 | 000,000,000 | ---D | C] -- C:\_OTL [2011.10.31 15:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.10.30 22:34:49 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\TuneUp Software [2011.10.30 22:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.10.30 22:34:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011.10.30 19:35:57 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Malwarebytes [2011.10.30 19:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.30 19:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.30 19:35:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.30 19:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.10.30 18:38:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\XXXXXX\Desktop\OTL.exe [2011.10.29 21:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CVBot - Project DEVIL [2011.10.29 21:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\CVBot - Project DEVIL [2011.10.28 13:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2011.10.02 12:20:35 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys [2011.10.02 12:20:35 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys [2011.10.02 12:20:35 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys [2011.10.02 12:20:35 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys [2011.10.02 12:20:35 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys [2011.10.02 12:20:35 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys [2011.10.02 12:20:35 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys [2011.10.02 12:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.10.02 12:19:09 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll ========== Files - Modified Within 30 Days ========== [2011.11.01 11:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1585553797-2081959960-1909403373-1001UA.job [2011.11.01 09:19:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.01 07:12:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1585553797-2081959960-1909403373-1001Core.job [2011.10.31 22:45:50 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.31 22:45:50 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.31 22:42:52 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.31 22:42:52 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.31 22:42:52 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.31 22:42:52 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.31 22:38:13 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2011.10.31 22:37:19 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011.10.30 19:55:31 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\defogger_reenable [2011.10.30 19:35:45 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.30 18:49:37 | 000,050,477 | ---- | M] () -- C:\Users\XXXXXX\Desktop\Defogger.exe [2011.10.30 18:37:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXXX\Desktop\OTL.exe [2011.10.30 13:05:05 | 000,000,127 | ---- | M] () -- C:\options.ini [2011.10.28 13:18:16 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2011.10.19 12:52:49 | 000,003,947 | ---- | M] () -- C:\Users\XXXXXX\.recently-used.xbel [2011.10.12 04:55:08 | 000,270,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.10.30 19:55:31 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\defogger_reenable [2011.10.30 19:35:45 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.30 19:32:14 | 000,302,592 | ---- | C] () -- C:\Users\XXXXXX\Desktop\gmer.exe [2011.10.30 18:53:33 | 000,050,477 | ---- | C] () -- C:\Users\XXXXXX\Desktop\Defogger.exe [2011.10.29 22:42:36 | 000,000,127 | ---- | C] () -- C:\options.ini [2011.10.28 13:12:02 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2011.10.19 12:52:49 | 000,003,947 | ---- | C] () -- C:\Users\XXXXXX\.recently-used.xbel [2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.06.23 13:44:08 | 000,000,017 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\resmon.resmoncfg [2011.04.29 19:10:02 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.04.29 19:10:02 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.04.23 21:38:00 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe [2011.02.26 23:13:58 | 004,178,264 | ---- | C] () -- C:\Windows\System32\!D3DX9_41.dll [2011.02.26 23:13:58 | 001,846,632 | ---- | C] () -- C:\Windows\System32\D3DCompiler_41.dll [2011.02.26 23:13:58 | 000,453,456 | ---- | C] () -- C:\Windows\System32\!d3dx10_41.dll [2011.02.26 23:13:57 | 004,379,984 | ---- | C] () -- C:\Windows\System32\D3DX9_40.dll [2011.02.26 23:13:57 | 002,036,576 | ---- | C] () -- C:\Windows\System32\D3DCompiler_40.dll [2011.02.26 23:13:57 | 000,452,440 | ---- | C] () -- C:\Windows\System32\d3dx10_40.dll [2011.02.26 23:13:57 | 000,022,360 | ---- | C] () -- C:\Windows\System32\!X3DAudio1_6.dll [2011.02.26 23:13:56 | 003,851,784 | ---- | C] () -- C:\Windows\System32\D3DX9_39.dll [2011.02.26 23:13:56 | 003,850,760 | ---- | C] () -- C:\Windows\System32\D3DX9_38.dll [2011.02.26 23:13:56 | 001,493,528 | ---- | C] () -- C:\Windows\System32\D3DCompiler_39.dll [2011.02.26 23:13:56 | 001,491,992 | ---- | C] () -- C:\Windows\System32\D3DCompiler_38.dll [2011.02.26 23:13:56 | 000,467,984 | ---- | C] () -- C:\Windows\System32\d3dx10_39.dll [2011.02.26 23:13:56 | 000,467,984 | ---- | C] () -- C:\Windows\System32\d3dx10_38.dll [2011.02.26 23:13:56 | 000,065,032 | ---- | C] () -- C:\Windows\System32\XAPOFX1_0.dll [2011.02.26 23:13:56 | 000,025,608 | ---- | C] () -- C:\Windows\System32\X3DAudio1_4.dll [2011.02.26 23:13:55 | 003,786,760 | ---- | C] () -- C:\Windows\System32\D3DX9_37.dll [2011.02.26 23:13:55 | 001,420,824 | ---- | C] () -- C:\Windows\System32\D3DCompiler_37.dll [2011.02.26 23:13:55 | 000,462,864 | ---- | C] () -- C:\Windows\System32\d3dx10_37.dll [2011.02.26 23:13:55 | 000,025,608 | ---- | C] () -- C:\Windows\System32\X3DAudio1_3.dll [2011.02.26 23:13:54 | 003,734,536 | ---- | C] () -- C:\Windows\System32\d3dx9_36.dll [2011.02.26 23:13:54 | 003,727,720 | ---- | C] () -- C:\Windows\System32\d3dx9_35.dll [2011.02.26 23:13:54 | 001,374,232 | ---- | C] () -- C:\Windows\System32\D3DCompiler_36.dll [2011.02.26 23:13:54 | 001,358,192 | ---- | C] () -- C:\Windows\System32\D3DCompiler_35.dll [2011.02.26 23:13:54 | 001,124,720 | ---- | C] () -- C:\Windows\System32\D3DCompiler_34.dll [2011.02.26 23:13:54 | 000,444,776 | ---- | C] () -- C:\Windows\System32\d3dx10_36.dll [2011.02.26 23:13:54 | 000,444,776 | ---- | C] () -- C:\Windows\System32\d3dx10_35.dll [2011.02.26 23:13:54 | 000,443,752 | ---- | C] () -- C:\Windows\System32\d3dx10_34.dll [2011.02.26 23:13:53 | 003,497,832 | ---- | C] () -- C:\Windows\System32\d3dx9_34.dll [2011.02.26 23:13:53 | 003,495,784 | ---- | C] () -- C:\Windows\System32\d3dx9_33.dll [2011.02.26 23:13:53 | 003,426,072 | ---- | C] () -- C:\Windows\System32\d3dx9_32.dll [2011.02.26 23:13:53 | 002,414,360 | ---- | C] () -- C:\Windows\System32\d3dx9_31.dll [2011.02.26 23:13:53 | 001,123,696 | ---- | C] () -- C:\Windows\System32\D3DCompiler_33.dll [2011.02.26 23:13:53 | 000,443,752 | ---- | C] () -- C:\Windows\System32\d3dx10_33.dll [2011.02.26 23:13:53 | 000,081,768 | ---- | C] () -- C:\Windows\System32\!xinput1_3.dll [2011.02.26 19:45:52 | 000,000,206 | ---- | C] () -- C:\Windows\wininit.ini [2011.02.26 19:05:24 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.02.26 19:05:24 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.02.26 18:43:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.21 03:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.12.17 17:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.10.06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009.07.14 09:47:43 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,270,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,651,938 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,120,870 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys ========== LOP Check ========== [2011.03.22 17:16:29 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\AnvSoft [2011.02.26 19:31:15 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Canneverbe Limited [2011.03.25 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Charles [2011.09.23 19:07:25 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoft [2011.03.01 07:21:48 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers [2011.03.24 17:08:01 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Foxit Software [2011.10.19 12:52:10 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\gtk-2.0 [2011.07.31 21:12:51 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Jens Lorek [2011.06.21 20:14:12 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Mp3tag [2011.04.29 21:59:29 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\PC Suite [2011.06.16 18:10:46 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\RavensburgerTipToi [2011.10.02 12:18:53 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Samsung [2011.03.22 10:00:38 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TrueCrypt [2011.06.14 13:08:41 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TubeBox [2011.10.30 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TuneUp Software [2011.09.20 04:20:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.21 12:38:08 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Adobe [2011.03.22 17:16:29 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\AnvSoft [2011.02.26 19:52:48 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\ATI [2011.02.26 19:31:15 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Canneverbe Limited [2011.03.25 17:23:43 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Charles [2011.03.22 17:17:14 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\dvdcss [2011.09.23 19:07:25 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoft [2011.03.01 07:21:48 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.26 22:28:14 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\FastStone [2011.03.24 17:08:01 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Foxit Software [2011.10.19 12:52:10 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\gtk-2.0 [2011.02.26 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Identities [2011.07.31 21:12:51 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Jens Lorek [2011.02.26 19:30:01 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Macromedia [2011.10.30 19:35:57 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Malwarebytes [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Media Center Programs [2011.06.14 13:08:31 | 000,000,000 | --SD | M] -- C:\Users\XXXXXX\AppData\Roaming\Microsoft [2011.02.26 19:29:30 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Mozilla [2011.06.21 20:14:12 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Mp3tag [2011.04.29 21:59:29 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\PC Suite [2011.06.16 18:10:46 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\RavensburgerTipToi [2011.10.02 12:18:53 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Samsung [2011.03.22 10:00:38 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TrueCrypt [2011.06.14 13:08:41 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TubeBox [2011.10.30 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TuneUp Software [2011.06.07 19:37:41 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\vlc [2011.03.15 18:12:00 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Winamp [2011.03.14 19:12:11 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.06.20 19:25:15 | 000,038,784 | ---- | M] () -- C:\Users\XXXXXX\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.07.31 21:11:48 | 000,034,494 | R--- | M] () -- C:\Users\XXXXXX\AppData\Roaming\Microsoft\Installer\{15C82F5E-6EA9-44FE-A0FC-B6D08A684037}\_6FEFF9B68218417F98F549.exe [2011.08.09 20:00:49 | 000,010,134 | R--- | M] () -- C:\Users\XXXXXX\AppData\Roaming\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_0F341F58BFBE20EFADEE80.exe [2011.08.09 20:00:49 | 000,355,574 | R--- | M] () -- C:\Users\XXXXXX\AppData\Roaming\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_4D80B784D15D49ECBF5A0B.exe [2011.08.09 20:00:49 | 000,034,494 | R--- | M] () -- C:\Users\XXXXXX\AppData\Roaming\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_6FEFF9B68218417F98F549.exe [2011.08.09 20:00:49 | 000,080,992 | R--- | M] () -- C:\Users\XXXXXX\AppData\Roaming\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_72A5724C31215BEBBACE39.exe [2011.08.09 20:00:49 | 000,355,574 | R--- | M] () -- C:\Users\XXXXXX\AppData\Roaming\Microsoft\Installer\{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}\_748E2FBA50E030F9090CC4.exe [2011.06.14 13:09:24 | 000,034,494 | R--- | M] () -- C:\Users\XXXXXX\AppData\Roaming\Microsoft\Installer\{7223945A-F037-4AE1-92F9-BA8304F0E21A}\_6FEFF9B68218417F98F549.exe [2011.06.14 13:08:31 | 000,034,494 | R--- | M] () -- C:\Users\XXXXXX\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe [2011.04.29 21:35:15 | 089,280,248 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\XXXXXX\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys [2011.02.26 19:04:57 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.01.26 23:56:30 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2010.10.05 20:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll < End of report > |
|
01.11.2011, 13:09
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rechner durch Download eines Wurms infiziert oder nicht? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl-start.computerbild.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 59 4B 1E 23 E6 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
F - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: true
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8888
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8888
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8888
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8888
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8888
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8888
FF - prefs.js..network.proxy.type: 0
[2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup] File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.05.04 11:40:53 | 000,000,058 | R--- | M] () - K:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{8a068c68-41ce-11e0-9403-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8a068c68-41ce-11e0-9403-806e6f6e6963}\Shell\AutoRun\command - "" = K:\Start\Start.exe -- [2003.10.08 22:35:02 | 000,441,856 | R--- | M] ()
O33 - MountPoints2\{b0459556-41f2-11e0-90fb-00241d250b39}\Shell - "" = AutoRun
O33 - MountPoints2\{b0459556-41f2-11e0-90fb-00241d250b39}\Shell\AutoRun\command - "" = M:\setup.exe
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
01.11.2011, 15:15
| #18 |
| | Rechner durch Download eines Wurms infiziert oder nicht? Habe den OTL-Fix ausgeführt, das LOG-File öffnete sich aber wieder nicht automatisch.
__________________Der Rechner wurde neu gestartet und erst nachdem ich OTL erneut gestartet habe, kam dieses LOG-File zum Vorschein. Ist das denn so normal? Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Programme\Mozilla Firefox\plugins\npmidas.dll moved successfully.
C:\Programme\Mozilla Firefox\plugins\npwachk.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. K:\AutoRun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a068c68-41ce-11e0-9403-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a068c68-41ce-11e0-9403-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a068c68-41ce-11e0-9403-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a068c68-41ce-11e0-9403-806e6f6e6963}\ not found.
File move failed. K:\Start\Start.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0459556-41f2-11e0-90fb-00241d250b39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0459556-41f2-11e0-90fb-00241d250b39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0459556-41f2-11e0-90fb-00241d250b39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0459556-41f2-11e0-90fb-00241d250b39}\ not found.
File M:\setup.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WinampAgent\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
User: Default
-> No Temporary Internet Files cache folder defined!
User: Default User
-> No Temporary Internet Files cache folder defined!
User: Public
-> No Temporary Internet Files cache folder defined!
User: XXXXXX
-> No Temporary Internet Files cache folder defined!
User: XXXXXX_Admin
-> No Temporary Internet Files cache folder defined!
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57156 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 11012011_150542
Files\Folders moved on Reboot...
File move failed. K:\AutoRun.inf scheduled to be moved on reboot.
File move failed. K:\Start\Start.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Geändert von Nenilix (01.11.2011 um 15:58 Uhr) |
|
01.11.2011, 15:46
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner durch Download eines Wurms infiziert oder nicht? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.11.2011, 15:57
| #20 |
| | Rechner durch Download eines Wurms infiziert oder nicht? Hier ist das LOG-File des TDSS-Killer Code:
ATTFilter 15:54:58.0376 3156 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
15:54:58.0516 3156 ============================================================
15:54:58.0516 3156 Current date / time: 2011/11/01 15:54:58.0516
15:54:58.0516 3156 SystemInfo:
15:54:58.0516 3156
15:54:58.0516 3156 OS Version: 6.1.7601 ServicePack: 1.0
15:54:58.0516 3156 Product type: Workstation
15:54:58.0516 3156 ComputerName: XXXXXX-PC
15:54:58.0516 3156 UserName: XXXXXX_Admin
15:54:58.0516 3156 Windows directory: C:\Windows
15:54:58.0516 3156 System windows directory: C:\Windows
15:54:58.0516 3156 Processor architecture: Intel x86
15:54:58.0516 3156 Number of processors: 3
15:54:58.0516 3156 Page size: 0x1000
15:54:58.0516 3156 Boot type: Normal boot
15:54:58.0516 3156 ============================================================
15:54:59.0577 3156 Initialize success
15:55:27.0288 4100 ============================================================
15:55:27.0288 4100 Scan started
15:55:27.0288 4100 Mode: Manual; SigCheck; TDLFS;
15:55:27.0288 4100 ============================================================
15:55:28.0801 4100 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:55:28.0910 4100 1394ohci - ok
15:55:28.0941 4100 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:55:28.0957 4100 ACPI - ok
15:55:28.0988 4100 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:55:29.0019 4100 AcpiPmi - ok
15:55:29.0050 4100 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:55:29.0082 4100 adp94xx - ok
15:55:29.0097 4100 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:55:29.0128 4100 adpahci - ok
15:55:29.0144 4100 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:55:29.0160 4100 adpu320 - ok
15:55:29.0191 4100 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:55:29.0238 4100 AFD - ok
15:55:29.0253 4100 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:55:29.0269 4100 agp440 - ok
15:55:29.0269 4100 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:55:29.0284 4100 aic78xx - ok
15:55:29.0316 4100 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:55:29.0316 4100 aliide - ok
15:55:29.0362 4100 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:55:29.0362 4100 amdagp - ok
15:55:29.0378 4100 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:55:29.0394 4100 amdide - ok
15:55:29.0425 4100 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
15:55:29.0472 4100 amdiox86 - ok
15:55:29.0487 4100 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:55:29.0518 4100 AmdK8 - ok
15:55:29.0674 4100 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
15:55:29.0893 4100 amdkmdag - ok
15:55:29.0924 4100 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
15:55:29.0940 4100 amdkmdap - ok
15:55:29.0971 4100 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:55:30.0002 4100 AmdPPM - ok
15:55:30.0033 4100 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:55:30.0064 4100 amdsata - ok
15:55:30.0096 4100 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:55:30.0096 4100 amdsbs - ok
15:55:30.0111 4100 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:55:30.0127 4100 amdxata - ok
15:55:30.0158 4100 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:55:30.0252 4100 AppID - ok
15:55:30.0267 4100 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:55:30.0267 4100 arc - ok
15:55:30.0283 4100 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:55:30.0298 4100 arcsas - ok
15:55:30.0330 4100 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:55:30.0423 4100 AsyncMac - ok
15:55:30.0439 4100 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:55:30.0454 4100 atapi - ok
15:55:30.0501 4100 AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) C:\Windows\system32\drivers\AtihdW73.sys
15:55:30.0517 4100 AtiHDAudioService - ok
15:55:30.0720 4100 atikmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
15:55:30.0798 4100 atikmdag - ok
15:55:30.0907 4100 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:55:30.0969 4100 b06bdrv - ok
15:55:31.0000 4100 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:55:31.0032 4100 b57nd60x - ok
15:55:31.0047 4100 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:55:31.0078 4100 Beep - ok
15:55:31.0094 4100 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:55:31.0110 4100 blbdrive - ok
15:55:31.0141 4100 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:55:31.0156 4100 bowser - ok
15:55:31.0172 4100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:55:31.0203 4100 BrFiltLo - ok
15:55:31.0219 4100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:55:31.0250 4100 BrFiltUp - ok
15:55:31.0266 4100 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:55:31.0281 4100 Brserid - ok
15:55:31.0297 4100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:55:31.0312 4100 BrSerWdm - ok
15:55:31.0328 4100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:55:31.0344 4100 BrUsbMdm - ok
15:55:31.0359 4100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:55:31.0375 4100 BrUsbSer - ok
15:55:31.0390 4100 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:55:31.0406 4100 BTHMODEM - ok
15:55:31.0437 4100 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:55:31.0468 4100 cdfs - ok
15:55:31.0500 4100 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
15:55:31.0546 4100 cdrom - ok
15:55:31.0562 4100 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:55:31.0578 4100 circlass - ok
15:55:31.0609 4100 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:55:31.0624 4100 CLFS - ok
15:55:31.0671 4100 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:55:31.0702 4100 CmBatt - ok
15:55:31.0702 4100 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:55:31.0718 4100 cmdide - ok
15:55:31.0749 4100 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:55:31.0765 4100 CNG - ok
15:55:31.0780 4100 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:55:31.0796 4100 Compbatt - ok
15:55:31.0812 4100 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:55:31.0827 4100 CompositeBus - ok
15:55:31.0890 4100 cpuz130 - ok
15:55:31.0905 4100 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:55:31.0936 4100 crcdisk - ok
15:55:31.0968 4100 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:55:31.0999 4100 DfsC - ok
15:55:32.0014 4100 dgderdrv - ok
15:55:32.0030 4100 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:55:32.0061 4100 discache - ok
15:55:32.0092 4100 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:55:32.0092 4100 Disk - ok
15:55:32.0124 4100 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:55:32.0139 4100 drmkaud - ok
15:55:32.0186 4100 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:55:32.0233 4100 DXGKrnl - ok
15:55:32.0326 4100 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:55:32.0451 4100 ebdrv - ok
15:55:32.0482 4100 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
15:55:32.0498 4100 ElbyCDIO - ok
15:55:32.0514 4100 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:55:32.0529 4100 elxstor - ok
15:55:32.0560 4100 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
15:55:32.0576 4100 ENTECH - ok
15:55:32.0592 4100 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:55:32.0607 4100 ErrDev - ok
15:55:32.0623 4100 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:55:32.0670 4100 exfat - ok
15:55:32.0685 4100 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:55:32.0716 4100 fastfat - ok
15:55:32.0732 4100 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:55:32.0748 4100 fdc - ok
15:55:32.0763 4100 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:55:32.0779 4100 FileInfo - ok
15:55:32.0794 4100 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:55:32.0826 4100 Filetrace - ok
15:55:32.0841 4100 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:55:32.0857 4100 flpydisk - ok
15:55:32.0872 4100 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:55:32.0888 4100 FltMgr - ok
15:55:32.0904 4100 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:55:32.0904 4100 FsDepends - ok
15:55:32.0966 4100 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
15:55:32.0997 4100 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
15:55:32.0997 4100 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
15:55:33.0028 4100 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:55:33.0044 4100 Fs_Rec - ok
15:55:33.0075 4100 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:55:33.0106 4100 fvevol - ok
15:55:33.0122 4100 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:55:33.0122 4100 gagp30kx - ok
15:55:33.0138 4100 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:55:33.0153 4100 hcw85cir - ok
15:55:33.0184 4100 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:55:33.0231 4100 HdAudAddService - ok
15:55:33.0262 4100 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:55:33.0294 4100 HDAudBus - ok
15:55:33.0309 4100 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:55:33.0340 4100 HidBatt - ok
15:55:33.0356 4100 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:55:33.0372 4100 HidBth - ok
15:55:33.0387 4100 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:55:33.0403 4100 HidIr - ok
15:55:33.0434 4100 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:55:33.0434 4100 HidUsb - ok
15:55:33.0496 4100 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:55:33.0528 4100 HpSAMD - ok
15:55:33.0730 4100 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:55:33.0777 4100 HTTP - ok
15:55:33.0793 4100 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:55:33.0808 4100 hwpolicy - ok
15:55:33.0824 4100 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:55:33.0840 4100 i8042prt - ok
15:55:33.0871 4100 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:55:33.0886 4100 iaStorV - ok
15:55:33.0933 4100 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:55:33.0964 4100 iirsp - ok
15:55:34.0074 4100 IntcAzAudAddService (da6ee479071883d263e75be7a67a70b8) C:\Windows\system32\drivers\RTKVHDA.sys
15:55:34.0167 4100 IntcAzAudAddService - ok
15:55:34.0183 4100 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:55:34.0198 4100 intelide - ok
15:55:34.0214 4100 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:55:34.0230 4100 intelppm - ok
15:55:34.0245 4100 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:55:34.0276 4100 IpFilterDriver - ok
15:55:34.0292 4100 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:55:34.0308 4100 IPMIDRV - ok
15:55:34.0323 4100 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:55:34.0354 4100 IPNAT - ok
15:55:34.0386 4100 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:55:34.0401 4100 IRENUM - ok
15:55:34.0417 4100 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:55:34.0417 4100 isapnp - ok
15:55:34.0432 4100 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:55:34.0448 4100 iScsiPrt - ok
15:55:34.0464 4100 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
15:55:34.0464 4100 kbdclass - ok
15:55:34.0495 4100 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
15:55:34.0510 4100 kbdhid - ok
15:55:34.0526 4100 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
15:55:34.0542 4100 KL1 - ok
15:55:34.0557 4100 kl2 (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
15:55:34.0573 4100 kl2 - ok
15:55:34.0604 4100 KLIF (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys
15:55:34.0620 4100 KLIF - ok
15:55:34.0651 4100 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
15:55:34.0651 4100 KLIM6 - ok
15:55:34.0682 4100 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
15:55:34.0682 4100 klmouflt - ok
15:55:34.0698 4100 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
15:55:34.0713 4100 KSecDD - ok
15:55:34.0729 4100 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
15:55:34.0744 4100 KSecPkg - ok
15:55:34.0776 4100 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:55:34.0822 4100 lltdio - ok
15:55:34.0854 4100 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:55:34.0869 4100 LSI_FC - ok
15:55:34.0885 4100 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:55:34.0900 4100 LSI_SAS - ok
15:55:34.0900 4100 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:55:34.0916 4100 LSI_SAS2 - ok
15:55:34.0932 4100 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:55:34.0947 4100 LSI_SCSI - ok
15:55:34.0963 4100 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:55:34.0994 4100 luafv - ok
15:55:35.0056 4100 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
15:55:35.0088 4100 MBAMProtector - ok
15:55:35.0119 4100 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:55:35.0134 4100 megasas - ok
15:55:35.0150 4100 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:55:35.0150 4100 MegaSR - ok
15:55:35.0166 4100 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:55:35.0197 4100 Modem - ok
15:55:35.0212 4100 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:55:35.0244 4100 monitor - ok
15:55:35.0259 4100 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
15:55:35.0275 4100 mouclass - ok
15:55:35.0290 4100 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:55:35.0306 4100 mouhid - ok
15:55:35.0337 4100 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:55:35.0353 4100 mountmgr - ok
15:55:35.0368 4100 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:55:35.0384 4100 mpio - ok
15:55:35.0400 4100 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:55:35.0415 4100 mpsdrv - ok
15:55:35.0446 4100 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:55:35.0462 4100 MRxDAV - ok
15:55:35.0478 4100 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:55:35.0524 4100 mrxsmb - ok
15:55:35.0571 4100 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:55:35.0618 4100 mrxsmb10 - ok
15:55:35.0649 4100 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:55:35.0680 4100 mrxsmb20 - ok
15:55:35.0696 4100 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:55:35.0712 4100 msahci - ok
15:55:35.0743 4100 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:55:35.0758 4100 msdsm - ok
15:55:35.0790 4100 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:55:35.0805 4100 Msfs - ok
15:55:35.0836 4100 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:55:35.0852 4100 mshidkmdf - ok
15:55:35.0868 4100 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:55:35.0883 4100 msisadrv - ok
15:55:35.0914 4100 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:55:35.0946 4100 MSKSSRV - ok
15:55:35.0961 4100 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:55:35.0992 4100 MSPCLOCK - ok
15:55:35.0992 4100 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:55:36.0024 4100 MSPQM - ok
15:55:36.0024 4100 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:55:36.0039 4100 MsRPC - ok
15:55:36.0055 4100 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:55:36.0070 4100 mssmbios - ok
15:55:36.0070 4100 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:55:36.0102 4100 MSTEE - ok
15:55:36.0117 4100 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:55:36.0117 4100 MTConfig - ok
15:55:36.0133 4100 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:55:36.0148 4100 Mup - ok
15:55:36.0164 4100 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:55:36.0180 4100 NativeWifiP - ok
15:55:36.0226 4100 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:55:36.0273 4100 NDIS - ok
15:55:36.0289 4100 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:55:36.0304 4100 NdisCap - ok
15:55:36.0320 4100 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:55:36.0351 4100 NdisTapi - ok
15:55:36.0382 4100 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:55:36.0414 4100 Ndisuio - ok
15:55:36.0429 4100 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:55:36.0460 4100 NdisWan - ok
15:55:36.0492 4100 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:55:36.0538 4100 NDProxy - ok
15:55:36.0554 4100 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:55:36.0585 4100 NetBIOS - ok
15:55:36.0601 4100 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:55:36.0632 4100 NetBT - ok
15:55:36.0679 4100 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:55:36.0679 4100 nfrd960 - ok
15:55:36.0741 4100 npf (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
15:55:36.0757 4100 npf - ok
15:55:36.0788 4100 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:55:36.0835 4100 Npfs - ok
15:55:36.0850 4100 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:55:36.0882 4100 nsiproxy - ok
15:55:36.0913 4100 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:55:36.0960 4100 Ntfs - ok
15:55:36.0960 4100 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:55:36.0991 4100 Null - ok
15:55:37.0022 4100 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:55:37.0038 4100 nvraid - ok
15:55:37.0069 4100 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:55:37.0100 4100 nvstor - ok
15:55:37.0116 4100 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:55:37.0131 4100 nv_agp - ok
15:55:37.0162 4100 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:55:37.0194 4100 ohci1394 - ok
15:55:37.0209 4100 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:55:37.0240 4100 Parport - ok
15:55:37.0256 4100 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:55:37.0272 4100 partmgr - ok
15:55:37.0287 4100 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:55:37.0318 4100 Parvdm - ok
15:55:37.0350 4100 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:55:37.0381 4100 pccsmcfd - ok
15:55:37.0396 4100 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:55:37.0412 4100 pci - ok
15:55:37.0412 4100 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:55:37.0428 4100 pciide - ok
15:55:37.0443 4100 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:55:37.0443 4100 pcmcia - ok
15:55:37.0459 4100 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:55:37.0474 4100 pcw - ok
15:55:37.0490 4100 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:55:37.0537 4100 PEAUTH - ok
15:55:37.0584 4100 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:55:37.0615 4100 PptpMiniport - ok
15:55:37.0630 4100 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:55:37.0630 4100 Processor - ok
15:55:37.0662 4100 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:55:37.0693 4100 Psched - ok
15:55:37.0724 4100 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:55:37.0771 4100 ql2300 - ok
15:55:37.0786 4100 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:55:37.0802 4100 ql40xx - ok
15:55:37.0818 4100 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:55:37.0833 4100 QWAVEdrv - ok
15:55:37.0833 4100 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:55:37.0880 4100 RasAcd - ok
15:55:37.0896 4100 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:55:37.0927 4100 RasAgileVpn - ok
15:55:37.0942 4100 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:55:37.0974 4100 Rasl2tp - ok
15:55:37.0989 4100 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:55:38.0020 4100 RasPppoe - ok
15:55:38.0036 4100 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:55:38.0067 4100 RasSstp - ok
15:55:38.0098 4100 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:55:38.0114 4100 rdbss - ok
15:55:38.0130 4100 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:55:38.0145 4100 rdpbus - ok
15:55:38.0176 4100 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:55:38.0208 4100 RDPCDD - ok
15:55:38.0223 4100 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:55:38.0254 4100 RDPENCDD - ok
15:55:38.0270 4100 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:55:38.0286 4100 RDPREFMP - ok
15:55:38.0317 4100 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
15:55:38.0332 4100 RDPWD - ok
15:55:38.0364 4100 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:55:38.0379 4100 rdyboost - ok
15:55:38.0410 4100 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:55:38.0426 4100 rspndr - ok
15:55:38.0473 4100 RTHDMIAzAudService (2fdc33b63f80fbfe95203c2186af0ce8) C:\Windows\system32\drivers\RtHDMIV.sys
15:55:38.0504 4100 RTHDMIAzAudService - ok
15:55:38.0535 4100 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:55:38.0566 4100 RTL8167 - ok
15:55:38.0598 4100 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:55:38.0613 4100 sbp2port - ok
15:55:38.0629 4100 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:55:38.0660 4100 scfilter - ok
15:55:38.0676 4100 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:55:38.0691 4100 secdrv - ok
15:55:38.0800 4100 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:55:38.0832 4100 Serenum - ok
15:55:38.0863 4100 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:55:38.0878 4100 Serial - ok
15:55:38.0894 4100 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:55:38.0910 4100 sermouse - ok
15:55:38.0941 4100 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:55:38.0956 4100 sffdisk - ok
15:55:38.0972 4100 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:55:38.0988 4100 sffp_mmc - ok
15:55:38.0988 4100 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:55:39.0019 4100 sffp_sd - ok
15:55:39.0019 4100 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:55:39.0034 4100 sfloppy - ok
15:55:39.0050 4100 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:55:39.0066 4100 sisagp - ok
15:55:39.0081 4100 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:55:39.0081 4100 SiSRaid2 - ok
15:55:39.0112 4100 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:55:39.0128 4100 SiSRaid4 - ok
15:55:39.0159 4100 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:55:39.0175 4100 Smb - ok
15:55:39.0206 4100 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:55:39.0206 4100 spldr - ok
15:55:39.0237 4100 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:55:39.0268 4100 srv - ok
15:55:39.0284 4100 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:55:39.0300 4100 srv2 - ok
15:55:39.0315 4100 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:55:39.0346 4100 srvnet - ok
15:55:39.0362 4100 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
15:55:39.0393 4100 ssadbus - ok
15:55:39.0424 4100 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:55:39.0440 4100 ssadmdfl - ok
15:55:39.0456 4100 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:55:39.0456 4100 ssadmdm - ok
15:55:39.0487 4100 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
15:55:39.0502 4100 sscdbus - ok
15:55:39.0518 4100 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:55:39.0518 4100 sscdmdfl - ok
15:55:39.0534 4100 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:55:39.0549 4100 sscdmdm - ok
15:55:39.0580 4100 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
15:55:39.0612 4100 ss_bbus - ok
15:55:39.0627 4100 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
15:55:39.0627 4100 ss_bmdfl - ok
15:55:39.0643 4100 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
15:55:39.0658 4100 ss_bmdm - ok
15:55:39.0674 4100 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:55:39.0690 4100 stexstor - ok
15:55:39.0705 4100 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:55:39.0721 4100 swenum - ok
15:55:39.0768 4100 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
15:55:39.0814 4100 Tcpip - ok
15:55:39.0846 4100 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
15:55:39.0877 4100 TCPIP6 - ok
15:55:39.0908 4100 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:55:39.0924 4100 tcpipreg - ok
15:55:39.0955 4100 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:55:39.0986 4100 TDPIPE - ok
15:55:40.0002 4100 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
15:55:40.0033 4100 TDTCP - ok
15:55:40.0048 4100 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:55:40.0080 4100 tdx - ok
15:55:40.0080 4100 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:55:40.0095 4100 TermDD - ok
15:55:40.0158 4100 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
15:55:40.0189 4100 truecrypt - ok
15:55:40.0220 4100 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:55:40.0251 4100 tssecsrv - ok
15:55:40.0267 4100 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:55:40.0298 4100 TsUsbFlt - ok
15:55:40.0314 4100 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:55:40.0345 4100 tunnel - ok
15:55:40.0376 4100 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:55:40.0392 4100 uagp35 - ok
15:55:40.0407 4100 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:55:40.0438 4100 udfs - ok
15:55:40.0470 4100 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:55:40.0485 4100 uliagpkx - ok
15:55:40.0501 4100 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:55:40.0516 4100 umbus - ok
15:55:40.0532 4100 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:55:40.0532 4100 UmPass - ok
15:55:40.0563 4100 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
15:55:40.0579 4100 usbccgp - ok
15:55:40.0594 4100 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:55:40.0626 4100 usbcir - ok
15:55:40.0641 4100 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:55:40.0657 4100 usbehci - ok
15:55:40.0672 4100 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:55:40.0688 4100 usbhub - ok
15:55:40.0719 4100 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
15:55:40.0735 4100 usbohci - ok
15:55:40.0750 4100 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:55:40.0766 4100 usbprint - ok
15:55:40.0797 4100 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:55:40.0828 4100 USBSTOR - ok
15:55:40.0844 4100 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
15:55:40.0860 4100 usbuhci - ok
15:55:40.0906 4100 VBoxDrv (8f417b4b9985f0095ccaf37c58859c4e) C:\Windows\system32\DRIVERS\VBoxDrv.sys
15:55:40.0906 4100 VBoxDrv - ok
15:55:40.0953 4100 VBoxNetAdp (ef3f7e498ad2e617fdcbee939a258015) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
15:55:40.0969 4100 VBoxNetAdp - ok
15:55:40.0984 4100 VBoxNetFlt (0e6574175245acfe0410947e415f408f) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
15:55:41.0000 4100 VBoxNetFlt - ok
15:55:41.0062 4100 VBoxUSBMon (8adaa94b516c7cb6962846e527fbcbfa) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
15:55:41.0062 4100 VBoxUSBMon - ok
15:55:41.0094 4100 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
15:55:41.0109 4100 VClone - ok
15:55:41.0140 4100 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:55:41.0156 4100 vdrvroot - ok
15:55:41.0187 4100 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:55:41.0234 4100 vga - ok
15:55:41.0281 4100 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:55:41.0343 4100 VgaSave - ok
15:55:41.0359 4100 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:55:41.0390 4100 vhdmp - ok
15:55:41.0406 4100 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:55:41.0421 4100 viaagp - ok
15:55:41.0437 4100 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:55:41.0468 4100 ViaC7 - ok
15:55:41.0484 4100 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:55:41.0484 4100 viaide - ok
15:55:41.0499 4100 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:55:41.0515 4100 volmgr - ok
15:55:41.0546 4100 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:55:41.0562 4100 volmgrx - ok
15:55:41.0577 4100 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:55:41.0593 4100 volsnap - ok
15:55:41.0624 4100 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:55:41.0640 4100 vsmraid - ok
15:55:41.0655 4100 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:55:41.0671 4100 vwifibus - ok
15:55:41.0702 4100 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:55:41.0718 4100 WacomPen - ok
15:55:41.0749 4100 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:41.0780 4100 WANARP - ok
15:55:41.0780 4100 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:41.0796 4100 Wanarpv6 - ok
15:55:41.0811 4100 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:55:41.0827 4100 Wd - ok
15:55:41.0842 4100 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:55:41.0858 4100 Wdf01000 - ok
15:55:41.0889 4100 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:55:41.0920 4100 WfpLwf - ok
15:55:41.0952 4100 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:55:41.0967 4100 WIMMount - ok
15:55:42.0014 4100 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:55:42.0030 4100 WinUsb - ok
15:55:42.0045 4100 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:55:42.0061 4100 WmiAcpi - ok
15:55:42.0076 4100 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:55:42.0108 4100 ws2ifsl - ok
15:55:42.0139 4100 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:55:42.0154 4100 WudfPf - ok
15:55:42.0186 4100 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:55:42.0201 4100 WUDFRd - ok
15:55:42.0232 4100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:55:42.0342 4100 \Device\Harddisk0\DR0 - ok
15:55:42.0357 4100 Boot (0x1200) (f50683cb1e4971990bdff18a001c8d91) \Device\Harddisk0\DR0\Partition0
15:55:42.0357 4100 \Device\Harddisk0\DR0\Partition0 - ok
15:55:42.0357 4100 Boot (0x1200) (4622f72edbe4979f2fd15dbb0538e771) \Device\Harddisk0\DR0\Partition1
15:55:42.0373 4100 \Device\Harddisk0\DR0\Partition1 - ok
15:55:42.0388 4100 Boot (0x1200) (c7a8efd59319c0519219ed2d20ebf225) \Device\Harddisk0\DR0\Partition2
15:55:42.0388 4100 \Device\Harddisk0\DR0\Partition2 - ok
15:55:42.0404 4100 Boot (0x1200) (d4de0c923cdcfe9793cfbfa2be736c5c) \Device\Harddisk0\DR0\Partition3
15:55:42.0420 4100 \Device\Harddisk0\DR0\Partition3 - ok
15:55:42.0451 4100 Boot (0x1200) (079a390c9fcb22e6e96692225e1e5b2b) \Device\Harddisk0\DR0\Partition4
15:55:42.0466 4100 \Device\Harddisk0\DR0\Partition4 - ok
15:55:42.0482 4100 Boot (0x1200) (b34237cc9fb62457c861f67bd18fd301) \Device\Harddisk0\DR0\Partition5
15:55:42.0498 4100 \Device\Harddisk0\DR0\Partition5 - ok
15:55:42.0529 4100 Boot (0x1200) (eaafff91282482b2775a16c361b4bc44) \Device\Harddisk0\DR0\Partition6
15:55:42.0529 4100 \Device\Harddisk0\DR0\Partition6 - ok
15:55:42.0544 4100 Boot (0x1200) (bdd465d2ce6fe8e3dda0faada4fb25a2) \Device\Harddisk0\DR0\Partition7
15:55:42.0544 4100 \Device\Harddisk0\DR0\Partition7 - ok
15:55:42.0544 4100 ============================================================
15:55:42.0544 4100 Scan finished
15:55:42.0544 4100 ============================================================
15:55:42.0560 3880 Detected object count: 1
15:55:42.0560 3880 Actual detected object count: 1
15:55:56.0616 3880 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:56.0616 3880 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.11.2011, 15:58
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner durch Download eines Wurms infiziert oder nicht? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Rechner durch Download eines Wurms infiziert oder nicht? |
|
01.11.2011, 16:16
| #22 |
| | Rechner durch Download eines Wurms infiziert oder nicht? Hier kommt das ComboFix-Log-File Code:
ATTFilter ComboFix 11-11-01.03 - XXXXXX_Admin 01.11.2011 16:05:09.1.3 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3326.2626 [GMT 1:00]
ausgeführt von:: c:\users\XXXXXX\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-01 bis 2011-11-01 ))))))))))))))))))))))))))))))
.
.
2011-11-01 15:09 . 2011-11-01 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 14:09 . 2011-11-01 14:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{564AF2D4-A041-4941-A7AD-EA4B6EBB70DF}\offreg.dll
2011-11-01 06:11 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{564AF2D4-A041-4941-A7AD-EA4B6EBB70DF}\mpengine.dll
2011-10-31 19:41 . 2011-10-31 19:41 -------- d-----w- C:\_OTL
2011-10-31 14:11 . 2011-10-31 14:11 -------- d-----w- c:\program files\ESET
2011-10-30 23:29 . 2011-10-30 23:29 -------- d-----w- c:\users\XXXXXX_Admin
2011-10-30 21:34 . 2011-10-30 21:34 -------- d-----w- c:\users\XXXXXX\AppData\Roaming\TuneUp Software
2011-10-30 21:34 . 2011-10-30 21:39 -------- d-----w- c:\programdata\TuneUp Software
2011-10-30 21:34 . 2011-10-30 21:34 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2011-10-30 18:35 . 2011-10-30 18:35 -------- d-----w- c:\users\XXXXXX\AppData\Roaming\Malwarebytes
2011-10-30 18:35 . 2011-10-30 18:35 -------- d-----w- c:\programdata\Malwarebytes
2011-10-30 18:35 . 2011-10-30 18:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-30 18:35 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-29 20:55 . 2011-10-29 20:56 -------- d-----w- c:\program files\CVBot - Project DEVIL
2011-10-28 12:12 . 2011-10-03 14:49 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-10-28 12:11 . 2011-10-03 14:49 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-10-12 03:24 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 03:24 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 03:24 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 03:24 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 03:24 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-10-03 14:49 . 2011-10-03 14:49 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-10-03 14:49 . 2011-10-03 14:49 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-10-03 14:49 . 2011-10-03 14:49 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 03:27 . 2011-05-16 15:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-16 09:55 . 2011-05-06 17:09 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-09-16 09:54 . 2011-09-16 09:54 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-09-16 09:54 . 2011-09-16 09:54 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-09-16 09:54 . 2011-09-16 09:54 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-09-16 09:54 . 2011-10-02 11:19 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-09-30 20:00 . 2011-06-25 22:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-02 9808488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 cpuz130;cpuz130;c:\users\XXXXXX\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 123648]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-10-03 104752]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-10-03 158512]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-10-03 91440]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 284672]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-10-03 116016]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 46170631
*Deregistered* - 46170631
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1585553797-2081959960-1909403373-1001Core.job
- c:\users\XXXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-14 07:46]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1585553797-2081959960-1909403373-1001UA.job
- c:\users\XXXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-14 07:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Samsung Mobile phone USB driver Drive - c:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-01 16:11:40
ComboFix-quarantined-files.txt 2011-11-01 15:11
.
Vor Suchlauf: 11 Verzeichnis(se), 10.159.247.360 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 11.708.940.288 Bytes frei
.
- - End Of File - - C4D248FAC1F75D354DDEDB4A78479DDF
XXXXXX steht wieder für den UserName |
|
01.11.2011, 16:44
| #23 |
| | Rechner durch Download eines Wurms infiziert oder nicht? Nachdem ich nun das ComboFix-Tool laufen lassen habe, meldet das Wartungscenter ein Sicherheitsproblem bei den Internetsicherheitseinstellungen. Es sieht nach dem Sicherheitsbereich "Eingeschränkte Sites" aus. Als Option steht manuelles oder automatisches Zurücksetzen der Einstellungen zur Verfügung. Nun kurz die Frage, ist die Meldung momentan noch OK und behebt sich durch einen der nächsten Schritte oder soll ich es über den automatischen Modus zurücksetzen lassen? |
|
01.11.2011, 20:22
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner durch Download eines Wurms infiziert oder nicht? Wurde Windows nach CF neu gestartet?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2011, 20:32
| #25 |
| | Rechner durch Download eines Wurms infiziert oder nicht? Nein. (Das habe ich später mal selbst gemacht. Die Meldung ist aber geblieben.) Ich war jedoch plötzlich im "falschen" User-Account. Gestartet habe ich das Tool unter meinem eingeschränkten Konto (aber mit Adminrechten). Nachdem das Tool fertig war, war ich plötzlich mit dem Admin-Konto eingeloggt. Das alles aber ohne mein Zutun. |
|
01.11.2011, 21:24
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner durch Download eines Wurms infiziert oder nicht? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.11.2011, 23:31
| #27 |
| | Rechner durch Download eines Wurms infiziert oder nicht? Hi, habe die drei Scans durchlaufen lassen. Hier die Ergebnisse: Gmer Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-01 22:43:23
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6 WDC_WD6400AAKS-00A7B0 rev.01.03B01
Running: pu0sioeq.exe; Driver: C:\Users\XXXXXX_~1\AppData\Local\Temp\kglorpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x8C764DAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x8C766FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x8C767262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x8C7674D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x8C7656BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x8C7664F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x8C766A3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x8C76599A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x8C766922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x8C764998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x8C7667F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x8C764B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x8C766B5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x8C765344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x8C765442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x8C767722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x8C76688C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x8C76824A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x8C765E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x8C769458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x8C765C2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x8C76833C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x8C768AA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x8C766AD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x8C765740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x8C7669B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x8C764FE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x8C76883E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x8C766BF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x8C764ED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x8C7677DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x8C768DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x8C7686D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x8C763652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x8C766F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x8C766E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x8C767FE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x8C7639CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x8C7692FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x8C7635EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x8C766238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x8C765560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x8C76787E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x8C7684DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x8C768F2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x8C769020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x8C76915A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x8C76816E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x8C76518E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x8C7650E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x8C768C82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x8C76527A]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 8324E349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83287D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 8328ED8C 4 Bytes [AA, 4D, 76, 8C] {STOSB ; DEC EBP; JBE 0xffffffffffffff90}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 8328EDB4 8 Bytes CALL E5B56428
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 8328EDF8 4 Bytes [D8, 74, 76, 8C] {FDIV DWORD [ESI+ESI*2-0x74]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 8328EE24 4 Bytes [BE, 56, 76, 8C]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 8328EE48 4 Bytes [F2, 64, 76, 8C]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92E20000, 0x37D761, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:46:39 on 01.11.2011 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-1585553797-2081959960-1909403373-1001Core.job" - "Google Inc." - C:\Users\xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1585553797-2081959960-1909403373-1001UA.job" - "Google Inc." - C:\Users\xxxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\xxxxxx_~1\AppData\Local\Temp\catchme.sys (File not found) "cpuz130" (cpuz130) - ? - C:\Users\xxxxxx\AppData\Local\Temp\cpuz130\cpuz_x32.sys (File not found) "dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "ENTECH" (ENTECH) - "EnTech Taiwan" - C:\Windows\system32\DRIVERS\ENTECH.sys "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "kglorpow" (kglorpow) - ? - C:\Users\xxxxxx_~1\AppData\Local\Temp\kglorpow.sys (Hidden registry entry, rootkit activity | File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "NetGroup Packet Filter Driver" (npf) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys [Explorer] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\xxxxxx_Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ATICustomerCare" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" "AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" "KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s "KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AMD FUEL Service" (AMD FUEL Service) - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe "AMD Reservation Manager" (AMD Reservation Manager) - "Advanced Micro Devices" - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-01 22:55:36
-----------------------------
22:55:36.967 OS Version: Windows 6.1.7601 Service Pack 1
22:55:36.967 Number of processors: 3 586 0x402
22:55:36.967 ComputerName: xxxxxx-PC UserName:
22:55:37.419 Initialize success
22:57:22.587 AVAST engine defs: 11110103
22:58:08.462 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6
22:58:08.478 Disk 0 Vendor: WDC_WD6400AAKS-00A7B0 01.03B01 Size: 610479MB BusType: 3
22:58:10.537 Disk 0 MBR read successfully
22:58:10.553 Disk 0 MBR scan
22:58:10.568 Disk 0 Windows 7 default MBR code
22:58:10.568 Disk 0 scanning sectors +1250258625
22:58:10.787 Disk 0 scanning C:\Windows\system32\drivers
22:58:43.141 Service scanning
22:58:43.609 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:58:43.609 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
22:58:43.609 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:58:43.625 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:58:44.249 Modules scanning
22:59:01.019 Disk 0 trace - called modules:
22:59:01.050 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:59:01.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b5cac8]
22:59:01.066 3 CLASSPNP.SYS[8cfa759e] -> nt!IofCallDriver -> [0x86687790]
22:59:01.081 5 ACPI.sys[8c1a33d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-6[0x86683908]
22:59:02.173 AVAST engine scan C:\Windows
22:59:07.711 AVAST engine scan C:\Windows\system32
23:05:34.810 AVAST engine scan C:\Windows\system32\drivers
23:05:48.101 AVAST engine scan C:\Users\xxxxxx_Admin
23:06:19.504 AVAST engine scan C:\ProgramData
23:20:29.051 Scan finished successfully
23:21:30.624 Disk 0 MBR has been saved successfully to "C:\Users\xxxxxx\Desktop\MBR.dat"
23:21:30.624 The log file has been saved successfully to "C:\Users\xxxxxx\Desktop\aswMBR.txt"
xxxxxx = UserName zur Info: Die Warnmeldung des Service-Centers besteht leider immer noch. Geändert von Nenilix (01.11.2011 um 23:40 Uhr) |
|
02.11.2011, 09:44
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner durch Download eines Wurms infiziert oder nicht? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.11.2011, 16:21
| #29 |
| | Rechner durch Download eines Wurms infiziert oder nicht? Hi, hier kommen die drei Log's. Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8068
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
02.11.2011 12:27:27
mbam-log-2011-11-02 (12-27-26).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 292129
Laufzeit: 22 Minute(n), 13 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
SASW Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 11/02/2011 at 01:18 PM
Application Version : 5.0.1134
Core Rules Database Version : 7885
Trace Rules Database Version: 5697
Scan type : Complete Scan
Total Scan Time : 00:42:20
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 614
Memory threats detected : 0
Registry items scanned : 38700
Registry threats detected : 0
File items scanned : 124249
File threats detected : 679
Adware.Tracking Cookie
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\GLQT0BIY.txt [ /traffictrack.de ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\SQCX6673.txt [ /apmebf.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\82DZWD90.txt [ /mediaplex.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\AFV3I20T.txt [ /zanox.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\XIUB6RJJ.txt [ /webmasterplan.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\2GD769S1.txt [ /tradedoubler.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\LZ51WMOI.txt [ /2o7.net ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\V4OUPTS8.txt [ /serving-sys.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\HFTDZBX6.txt [ /c.atdmt.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\U9DTHXNC.txt [ /adfarm1.adition.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\4X8KNRGU.txt [ /ad.ad-srv.net ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\L9R5A9ZM.txt [ /bs.serving-sys.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\YF28NH25.txt [ /tracking.quisma.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\0LW0APH7.txt [ /invitemedia.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\SMXSNYV7.txt [ /ad.yieldmanager.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\L90Q257H.txt [ /fl01.ct2.comclick.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\1NL29QCL.txt [ /doubleclick.net ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\DKHU7T2U.txt [ /unitymedia.de ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\AB2SNZQ4.txt [ /atdmt.com ]
C:\Users\XXXXXX_Admin\AppData\Roaming\Microsoft\Windows\Cookies\2BC102GF.txt [ /ads.creative-serving.com ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Y2QUL5PK.txt [ Cookie:XXXXXX@yieldmanager.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\JSR8HSJP.txt [ Cookie:XXXXXX@questionmarket.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@media.gan-online[2].txt [ Cookie:XXXXXX@media.gan-online.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\RYAYRMI7.txt [ Cookie:XXXXXX@at.atwola.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\2UZ1G812.txt [ Cookie:XXXXXX@adform.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@zedo[2].txt [ Cookie:XXXXXX@zedo.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\78VESB0E.txt [ Cookie:XXXXXX@ad3.adfarm1.adition.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\1NBHN3V0.txt [ Cookie:XXXXXX@adfarm1.adition.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\W87XLUCZ.txt [ Cookie:XXXXXX@invitemedia.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@revsci[1].txt [ Cookie:XXXXXX@revsci.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\I9Z8N1U1.txt [ Cookie:XXXXXX@mediabrandsww.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\900THL4R.txt [ Cookie:XXXXXX@mediaplex.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\FWUV1600.txt [ Cookie:XXXXXX@serving-sys.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@www.googleadservices[1].txt [ Cookie:XXXXXX@www.googleadservices.com/pagead/conversion/984789662/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@unitymedia[2].txt [ Cookie:XXXXXX@unitymedia.de/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\VQN72W15.txt [ Cookie:XXXXXX@tacoda.at.atwola.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\MI6G8RQ5.txt [ Cookie:XXXXXX@ad.yieldmanager.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\C2OG740Q.txt [ Cookie:XXXXXX@adbrite.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\5R4EMWEF.txt [ Cookie:XXXXXX@fastclick.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@server.cpmstar[1].txt [ Cookie:XXXXXX@server.cpmstar.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\89TASJYT.txt [ Cookie:XXXXXX@track.adform.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\GH4VHVSP.txt [ Cookie:XXXXXX@ich.adscale.de/adserver-ich/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@traffictrack[1].txt [ Cookie:XXXXXX@traffictrack.de/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\FP2FDI8M.txt [ Cookie:XXXXXX@ad1.adfarm1.adition.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\UGZIFJWL.txt [ Cookie:XXXXXX@ad2.adfarm1.adition.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\F0ZYAOB2.txt [ Cookie:XXXXXX@statcounter.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\35V5VDOV.txt [ Cookie:XXXXXX@content.yieldmanager.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@imrworldwide[4].txt [ Cookie:XXXXXX@imrworldwide.com/cgi-bin ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@ad.adserver01[2].txt [ Cookie:XXXXXX@ad.adserver01.de/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\T8QXW23Z.txt [ Cookie:XXXXXX@apmebf.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\MVHXVKUP.txt [ Cookie:XXXXXX@ad.yieldmanager.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\KNB3HIK4.txt [ Cookie:XXXXXX@tacoda.at.atwola.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\KOKTG58U.txt [ Cookie:XXXXXX@content.yieldmanager.com/ak/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\K8GA79H9.txt [ Cookie:XXXXXX@lucidmedia.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@adserver[1].txt [ Cookie:XXXXXX@adserver.gs/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@bs.serving-sys[1].txt [ Cookie:XXXXXX@bs.serving-sys.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\W066AHCG.txt [ Cookie:XXXXXX@ad.adition.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@adsrv1.admediate[4].txt [ Cookie:XXXXXX@adsrv1.admediate.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\I163D39N.txt [ Cookie:XXXXXX@advertising.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@track.effiliation[6].txt [ Cookie:XXXXXX@track.effiliation.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@adxpose[4].txt [ Cookie:XXXXXX@adxpose.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\B4OWHN6L.txt [ Cookie:XXXXXX@media6degrees.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\F6XQ9JGD.txt [ Cookie:XXXXXX@tradedoubler.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@specificclick[2].txt [ Cookie:XXXXXX@specificclick.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@zanox-affiliate[1].txt [ Cookie:XXXXXX@zanox-affiliate.de/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\FMS2A5IO.txt [ Cookie:XXXXXX@casalemedia.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\PF5AUB2A.txt [ Cookie:XXXXXX@ad.adnet.de/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\KXE28IZN.txt [ Cookie:XXXXXX@doubleclick.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@adsonar[3].txt [ Cookie:XXXXXX@adsonar.com/adserving ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\8V6KF1Z8.txt [ Cookie:XXXXXX@content.yieldmanager.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\XXXXXX@tracking.mindshare[2].txt [ Cookie:XXXXXX@tracking.mindshare.de/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@tracking.hannoversche[1].txt [ Cookie:XXXXXX@tracking.hannoversche.de/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@microsoftsto.112.2o7[1].txt [ Cookie:XXXXXX@microsoftsto.112.2o7.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PUUOZH5.txt [ Cookie:XXXXXX@zedo.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@ad3.adfarm1.adition[1].txt [ Cookie:XXXXXX@ad3.adfarm1.adition.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@adfarm1.adition[2].txt [ Cookie:XXXXXX@adfarm1.adition.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QV93AW7.txt [ Cookie:XXXXXX@invitemedia.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@mediaplex[3].txt [ Cookie:XXXXXX@mediaplex.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\AITKSQP8.txt [ Cookie:XXXXXX@ad.yieldmanager.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@tribalfusion[1].txt [ Cookie:XXXXXX@tribalfusion.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\OXDP7K7X.txt [ Cookie:XXXXXX@fastclick.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@autoscout24.112.2o7[1].txt [ Cookie:XXXXXX@autoscout24.112.2o7.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@yadro[2].txt [ Cookie:XXXXXX@yadro.ru/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@adscendmedia[1].txt [ Cookie:XXXXXX@adscendmedia.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@traffictrack[1].txt [ Cookie:XXXXXX@traffictrack.de/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@ad2.adfarm1.adition[2].txt [ Cookie:XXXXXX@ad2.adfarm1.adition.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@ad4.adfarm1.adition[1].txt [ Cookie:XXXXXX@ad4.adfarm1.adition.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@imrworldwide[2].txt [ Cookie:XXXXXX@imrworldwide.com/cgi-bin ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\M8TH2L1S.txt [ Cookie:XXXXXX@apmebf.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\90ATEQCD.txt [ Cookie:XXXXXX@superrtl.122.2o7.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@112.2o7[2].txt [ Cookie:XXXXXX@112.2o7.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\UZFBT8O6.txt [ Cookie:XXXXXX@smartadserver.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@tradedoubler[2].txt [ Cookie:XXXXXX@tradedoubler.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\VJ2LQWV4.txt [ Cookie:XXXXXX@media6degrees.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@specificclick[2].txt [ Cookie:XXXXXX@specificclick.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@zanox-affiliate[1].txt [ Cookie:XXXXXX@zanox-affiliate.de/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@doubleclick[1].txt [ Cookie:XXXXXX@doubleclick.net/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\CJ571QNP.txt [ Cookie:XXXXXX@content.yieldmanager.com/ ]
C:\USERS\XXXXXX\AppData\Roaming\Microsoft\Windows\Cookies\Low\XXXXXX@de.sitestat[1].txt [ Cookie:XXXXXX@de.sitestat.com/sport1/sport1-de/ ]
C:\USERS\XXXXXX\Cookies\Y2QUL5PK.txt [ Cookie:XXXXXX@yieldmanager.net/ ]
C:\USERS\XXXXXX\Cookies\JSR8HSJP.txt [ Cookie:XXXXXX@questionmarket.com/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@media.gan-online[2].txt [ Cookie:XXXXXX@media.gan-online.com/ ]
C:\USERS\XXXXXX\Cookies\RYAYRMI7.txt [ Cookie:XXXXXX@at.atwola.com/ ]
C:\USERS\XXXXXX\Cookies\2UZ1G812.txt [ Cookie:XXXXXX@adform.net/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@zedo[2].txt [ Cookie:XXXXXX@zedo.com/ ]
C:\USERS\XXXXXX\Cookies\78VESB0E.txt [ Cookie:XXXXXX@ad3.adfarm1.adition.com/ ]
C:\USERS\XXXXXX\Cookies\1NBHN3V0.txt [ Cookie:XXXXXX@adfarm1.adition.com/ ]
C:\USERS\XXXXXX\Cookies\W87XLUCZ.txt [ Cookie:XXXXXX@invitemedia.com/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@revsci[1].txt [ Cookie:XXXXXX@revsci.net/ ]
C:\USERS\XXXXXX\Cookies\I9Z8N1U1.txt [ Cookie:XXXXXX@mediabrandsww.com/ ]
C:\USERS\XXXXXX\Cookies\900THL4R.txt [ Cookie:XXXXXX@mediaplex.com/ ]
C:\USERS\XXXXXX\Cookies\FWUV1600.txt [ Cookie:XXXXXX@serving-sys.com/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@www.googleadservices[1].txt [ Cookie:XXXXXX@www.googleadservices.com/pagead/conversion/984789662/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@unitymedia[2].txt [ Cookie:XXXXXX@unitymedia.de/ ]
C:\USERS\XXXXXX\Cookies\VQN72W15.txt [ Cookie:XXXXXX@tacoda.at.atwola.com/ ]
C:\USERS\XXXXXX\Cookies\MI6G8RQ5.txt [ Cookie:XXXXXX@ad.yieldmanager.com/ ]
C:\USERS\XXXXXX\Cookies\C2OG740Q.txt [ Cookie:XXXXXX@adbrite.com/ ]
C:\USERS\XXXXXX\Cookies\5R4EMWEF.txt [ Cookie:XXXXXX@fastclick.net/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@server.cpmstar[1].txt [ Cookie:XXXXXX@server.cpmstar.com/ ]
C:\USERS\XXXXXX\Cookies\89TASJYT.txt [ Cookie:XXXXXX@track.adform.net/ ]
C:\USERS\XXXXXX\Cookies\GH4VHVSP.txt [ Cookie:XXXXXX@ich.adscale.de/adserver-ich/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@traffictrack[1].txt [ Cookie:XXXXXX@traffictrack.de/ ]
C:\USERS\XXXXXX\Cookies\FP2FDI8M.txt [ Cookie:XXXXXX@ad1.adfarm1.adition.com/ ]
C:\USERS\XXXXXX\Cookies\UGZIFJWL.txt [ Cookie:XXXXXX@ad2.adfarm1.adition.com/ ]
C:\USERS\XXXXXX\Cookies\F0ZYAOB2.txt [ Cookie:XXXXXX@statcounter.com/ ]
C:\USERS\XXXXXX\Cookies\35V5VDOV.txt [ Cookie:XXXXXX@content.yieldmanager.com/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@imrworldwide[4].txt [ Cookie:XXXXXX@imrworldwide.com/cgi-bin ]
C:\USERS\XXXXXX\Cookies\XXXXXX@ad.adserver01[2].txt [ Cookie:XXXXXX@ad.adserver01.de/ ]
C:\USERS\XXXXXX\Cookies\T8QXW23Z.txt [ Cookie:XXXXXX@apmebf.com/ ]
C:\USERS\XXXXXX\Cookies\MVHXVKUP.txt [ Cookie:XXXXXX@ad.yieldmanager.com/ ]
C:\USERS\XXXXXX\Cookies\KNB3HIK4.txt [ Cookie:XXXXXX@tacoda.at.atwola.com/ ]
C:\USERS\XXXXXX\Cookies\KOKTG58U.txt [ Cookie:XXXXXX@content.yieldmanager.com/ak/ ]
C:\USERS\XXXXXX\Cookies\K8GA79H9.txt [ Cookie:XXXXXX@lucidmedia.com/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@adserver[1].txt [ Cookie:XXXXXX@adserver.gs/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@bs.serving-sys[1].txt [ Cookie:XXXXXX@bs.serving-sys.com/ ]
C:\USERS\XXXXXX\Cookies\W066AHCG.txt [ Cookie:XXXXXX@ad.adition.net/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@adsrv1.admediate[4].txt [ Cookie:XXXXXX@adsrv1.admediate.com/ ]
C:\USERS\XXXXXX\Cookies\I163D39N.txt [ Cookie:XXXXXX@advertising.com/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@track.effiliation[6].txt [ Cookie:XXXXXX@track.effiliation.com/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@adxpose[4].txt [ Cookie:XXXXXX@adxpose.com/ ]
C:\USERS\XXXXXX\Cookies\B4OWHN6L.txt [ Cookie:XXXXXX@media6degrees.com/ ]
C:\USERS\XXXXXX\Cookies\F6XQ9JGD.txt [ Cookie:XXXXXX@tradedoubler.com/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@specificclick[2].txt [ Cookie:XXXXXX@specificclick.net/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@zanox-affiliate[1].txt [ Cookie:XXXXXX@zanox-affiliate.de/ ]
C:\USERS\XXXXXX\Cookies\FMS2A5IO.txt [ Cookie:XXXXXX@casalemedia.com/ ]
C:\USERS\XXXXXX\Cookies\PF5AUB2A.txt [ Cookie:XXXXXX@ad.adnet.de/ ]
C:\USERS\XXXXXX\Cookies\KXE28IZN.txt [ Cookie:XXXXXX@doubleclick.net/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@adsonar[3].txt [ Cookie:XXXXXX@adsonar.com/adserving ]
C:\USERS\XXXXXX\Cookies\8V6KF1Z8.txt [ Cookie:XXXXXX@content.yieldmanager.com/ ]
C:\USERS\XXXXXX\Cookies\XXXXXX@tracking.mindshare[2].txt [ Cookie:XXXXXX@tracking.mindshare.de/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\GLQT0BIY.txt [ Cookie:XXXXXX_admin@traffictrack.de/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\SQCX6673.txt [ Cookie:XXXXXX_admin@apmebf.com/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\82DZWD90.txt [ Cookie:XXXXXX_admin@mediaplex.com/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\AFV3I20T.txt [ Cookie:XXXXXX_admin@zanox.com/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\2GD769S1.txt [ Cookie:XXXXXX_admin@tradedoubler.com/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\LZ51WMOI.txt [ Cookie:XXXXXX_admin@2o7.net/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\V4OUPTS8.txt [ Cookie:XXXXXX_admin@serving-sys.com/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\HFTDZBX6.txt [ Cookie:XXXXXX_admin@c.atdmt.com/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\L9R5A9ZM.txt [ Cookie:XXXXXX_admin@bs.serving-sys.com/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\YF28NH25.txt [ Cookie:XXXXXX_admin@tracking.quisma.com/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\0LW0APH7.txt [ Cookie:XXXXXX_admin@invitemedia.com/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\L90Q257H.txt [ Cookie:XXXXXX_admin@fl01.ct2.comclick.com/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\1NL29QCL.txt [ Cookie:XXXXXX_admin@doubleclick.net/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\DKHU7T2U.txt [ Cookie:XXXXXX_admin@unitymedia.de/ ]
C:\USERS\XXXXXX_ADMIN\Cookies\AB2SNZQ4.txt [ Cookie:XXXXXX_admin@atdmt.com/ ]
.im.banner.t-online.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.webtrekk.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.revenuemax.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sonyeurope.112.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sevenoneintermedia.112.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.paypal.112.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.quartermedia.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.zanox-affiliate.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.quartermedia.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eaeacom.112.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.guj.122.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.quartermedia.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.quartermedia.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.gan-online.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imagesrv.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imagesrv.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.superrtl.122.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.secmedia.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
urbia.wwe-media.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nike.112.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dealtime.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.dealtime.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.homepornon.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homepornon.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homepornon.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homepornon.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sex.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sex.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.homepornon.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homepornon.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.homepornon.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ipcmedia.122.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cunda.122.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.adserver01.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6aekiogcpweo.stats.esomniture.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trinitymirror.112.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6aelyojdjolo.stats.esomniture.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wfkikndjsfp.stats.esomniture.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hightraffic.hugoboss.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.snapfish.112.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.en.profilbanner.me [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.en.profilbanner.me [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnportal.112.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.gan-online.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.fck.onvert.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.macromedia-fachhochschule.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.macromedia-fachhochschule.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vodafonegroup.122.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.partypoker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de.partypoker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de.partypoker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de.partypoker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
keyword-advertising.web.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserv.kwick.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserv.kwick.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6aekigmajkaq.stats.esomniture.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s2.trafficmaxx.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.internet-yadro.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tns-counter.ru [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rambler.ru [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banner.kiev.ua [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kaspersky.122.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.premiumtv.122.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
zbox.zanox.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.adserver01.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.aim4media.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
partners.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ec-track.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fl01.ct2.comclick.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.dyntracker.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
de.sitestat.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.dyntracker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.olympiaverlag.122.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mmotraffic.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wmliaicjilp.stats.esomniture.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bmuk.burstnet.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bmuk.burstnet.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.sim-technik.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas4.emediate.eu [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.edge.download.newmedia.nacamar.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.edge.download.newmedia.nacamar.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.adxvalue.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mmotraffic.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.zanox-affiliate.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.gameforge.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.sevenload.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stepstone.112.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.quartermedia.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
studivz.adfarm1.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
studivz.adfarm1.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adfarm1.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
count.asnetworks.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
banner.electronic-arts.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tto2.traffictrack.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.dyntracker.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unitymedia.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.gan-online.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.webtrekk.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\XXXXXX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADSRV1.ADMEDIATE[1].TXT [ /ADSRV1.ADMEDIATE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@ADVIVA[1].TXT [ /ADVIVA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@ADS.AUTO-MOTOR-UND-SPORT[2].TXT [ /ADS.AUTO-MOTOR-UND-SPORT ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@ADTECH[1].TXT [ /ADTECH ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@APMEBF[1].TXT [ /APMEBF ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@ACLICKMOVIE.BLOGSPOT[2].TXT [ /ACLICKMOVIE.BLOGSPOT ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@ADS.GLISPA[2].TXT [ /ADS.GLISPA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@STATS.YME[2].TXT [ /STATS.YME ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@ATDMT[3].TXT [ /ATDMT ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@WWW.MEDIAMARKT[1].TXT [ /WWW.MEDIAMARKT ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@AUDIAG.112.2O7[1].TXT [ /AUDIAG.112.2O7 ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XXXXXX@ATDMT[1].TXT [ /ATDMT ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADVERTISING[3].TXT [ /ADVERTISING ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADSRV1.ADMEDIATE[2].TXT [ /ADSRV1.ADMEDIATE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AD.YIELDMANAGER[3].TXT [ /AD.YIELDMANAGER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADVIVA[1].TXT [ /ADVIVA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ZANOX[3].TXT [ /ZANOX ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AT.ATWOLA[1].TXT [ /AT.ATWOLA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADVERTISING[2].TXT [ /ADVERTISING ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AD.ZANOX[3].TXT [ /AD.ZANOX ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRACK.EFFILIATION[3].TXT [ /TRACK.EFFILIATION ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ROTATOR.ADJUGGLER[2].TXT [ /ROTATOR.ADJUGGLER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRACK.EFFILIATION[2].TXT [ /TRACK.EFFILIATION ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADSRV.ADMEDIATE[3].TXT [ /ADSRV.ADMEDIATE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADTECH[1].TXT [ /ADTECH ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ROTATOR.ADJUGGLER[1].TXT [ /ROTATOR.ADJUGGLER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADXPOSE[1].TXT [ /ADXPOSE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@CONTENT.YIELDMANAGER[4].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@VODAFONEGROUP.122.2O7[1].TXT [ /VODAFONEGROUP.122.2O7 ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRADEDOUBLER[3].TXT [ /TRADEDOUBLER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AD.ZANOX[4].TXT [ /AD.ZANOX ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADSRV.ADMEDIATE[1].TXT [ /ADSRV.ADMEDIATE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TACODA.AT.ATWOLA[4].TXT [ /TACODA.AT.ATWOLA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRACK.EFFILIATION[5].TXT [ /TRACK.EFFILIATION ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRACK.EFFILIATION[7].TXT [ /TRACK.EFFILIATION ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@INVITEMEDIA[3].TXT [ /INVITEMEDIA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AD.YIELDMANAGER[4].TXT [ /AD.YIELDMANAGER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADXPOSE[2].TXT [ /ADXPOSE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADXPOSE[3].TXT [ /ADXPOSE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@IMRWORLDWIDE[3].TXT [ /IMRWORLDWIDE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRACK.EFFILIATION[4].TXT [ /TRACK.EFFILIATION ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADVERTISING[4].TXT [ /ADVERTISING ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TRACK.EFFILIATION[8].TXT [ /TRACK.EFFILIATION ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AT.ATWOLA[3].TXT [ /AT.ATWOLA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TACODA.AT.ATWOLA[3].TXT [ /TACODA.AT.ATWOLA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADSRV.ADMEDIATE[2].TXT [ /ADSRV.ADMEDIATE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ATWOLA[4].TXT [ /ATWOLA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ROTATOR.ADJUGGLER[3].TXT [ /ROTATOR.ADJUGGLER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@WWW.ACTIVE-TRACKING[1].TXT [ /WWW.ACTIVE-TRACKING ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ATDMT[1].TXT [ /ATDMT ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@TACODA.AT.ATWOLA[2].TXT [ /TACODA.AT.ATWOLA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ATWOLA[2].TXT [ /ATWOLA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ATDMT[2].TXT [ /ATDMT ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AD.ZANOX[2].TXT [ /AD.ZANOX ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ZANOX[1].TXT [ /ZANOX ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADSRV1.ADMEDIATE[3].TXT [ /ADSRV1.ADMEDIATE ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@AD.YIELDMANAGER[5].TXT [ /AD.YIELDMANAGER ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ATWOLA[1].TXT [ /ATWOLA ]
C:\USERS\XXXXXX\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\XXXXXX@ZANOX[2].TXT [ /ZANOX ]
ESET Code:
ATTFilter esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=56eab6204314974299c66a2aab2f92d5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-02 03:14:48
# local_time=2011-11-02 04:14:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 21503900 21503900 0 0
# compatibility_mode=5893 16776573 100 94 34735 71874992 0 0
# compatibility_mode=8192 67108863 100 0 177095 177095 0 0
# scanned=134771
# found=0
# cleaned=0
# scan_time=3087
|
|
02.11.2011, 16:29
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner durch Download eines Wurms infiziert oder nicht? Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Rechner durch Download eines Wurms infiziert oder nicht? |
| download, eingefangen, erhalte, gmer, hallo zusammen, infiziert, jpg, kaspersky, laufen, link, logfiles, malwarebytes, meldung, nervige, posting, rechner, sauber, scan, security, seite, suite, super, virenscan, warnmeldung, windows, zusammen |
Linear-Darstellung
