| |
| |||||||
Log-Analyse und Auswertung: BOO/Whistler gefunden - wie entfernen? bitte kurz helfenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.02.2012, 20:46
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  BOO/Whistler gefunden - wie entfernen? bitte kurz helfen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.02.2012, 13:06
| #17 |
 | BOO/Whistler gefunden - wie entfernen? bitte kurz helfenCode:
ATTFilter ComboFix 12-02-29.01 - OWNER 29.02.2012 12:13:28.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3070.1870 [GMT 1:00]
Running from: c:\users\OWNER\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vShareBar.dll
c:\program files\StartSearch plugin\vshareplg.crx
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 11:19 . 2012-02-29 11:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-29 00:37 . 2012-02-29 00:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF16A7BF-1466-465E-952F-752A3BAEE7A1}\offreg.dll
2012-02-28 15:47 . 2012-02-28 15:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-28 12:09 . 2012-02-28 12:09 -------- d-----w- C:\_OTL
2012-02-28 08:11 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF16A7BF-1466-465E-952F-752A3BAEE7A1}\mpengine.dll
2012-02-27 12:14 . 2012-02-27 12:14 -------- d-----w- c:\program files\ESET
2012-02-27 09:08 . 2012-02-27 09:08 -------- d-----w- c:\users\OWNER\AppData\Roaming\Malwarebytes
2012-02-27 09:08 . 2012-02-27 09:08 -------- d-----w- c:\programdata\Malwarebytes
2012-02-27 09:08 . 2012-02-27 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 09:08 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 07:03 . 2012-02-27 07:03 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-02-27 07:03 . 2012-02-27 07:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-27 07:03 . 2012-02-27 07:03 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-27 07:03 . 2012-02-27 07:03 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-02-27 07:03 . 2012-02-27 07:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-20 16:58 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-20 08:43 . 2012-02-28 12:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-20 08:43 . 2012-02-20 09:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-20 08:42 . 2012-02-20 08:42 -------- d-----w- c:\users\OWNER\AppData\Roaming\Avira
2012-02-20 08:40 . 2012-02-20 08:47 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-20 08:40 . 2011-10-11 14:06 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-20 08:40 . 2012-02-20 08:40 -------- d-----w- c:\programdata\Avira
2012-02-20 08:40 . 2012-02-20 08:40 -------- d-----w- c:\program files\Avira
2012-02-20 08:07 . 2012-02-20 08:07 -------- d-----w- c:\program files\Windows Portable Devices
2012-02-19 23:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-02-19 23:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-02-19 23:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-02-19 20:08 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-19 20:08 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-19 20:08 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-02-19 20:08 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-02-19 20:05 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-02-19 20:03 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-02-19 20:03 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-19 19:58 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-19 19:58 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-19 19:54 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-19 19:54 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-02-19 19:54 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-02-19 19:49 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-19 19:49 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-02-19 19:49 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-19 19:49 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-19 19:49 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-19 19:49 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-02-19 19:49 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-19 19:49 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-19 19:48 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-02-19 19:48 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-19 19:48 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-02-19 19:48 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-02-19 19:48 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-19 19:41 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-02-19 14:00 . 2012-02-19 14:01 -------- d-----w- c:\windows\system32\ca-ES
2012-02-19 14:00 . 2012-02-19 14:01 -------- d-----w- c:\windows\system32\eu-ES
2012-02-19 14:00 . 2012-02-19 14:01 -------- d-----w- c:\windows\system32\vi-VN
2012-02-19 12:22 . 2012-02-19 12:22 -------- d-----w- c:\windows\system32\EventProviders
2012-02-19 12:15 . 2012-02-19 12:14 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-19 12:15 . 2012-02-19 12:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-19 12:14 . 2012-02-19 12:14 -------- d-----w- c:\program files\Java
2012-02-13 19:23 . 2012-02-18 15:34 -------- d-----w- c:\users\OWNER\AppData\Roaming\Izva
2012-02-13 19:23 . 2012-02-16 07:39 -------- d-----w- c:\users\OWNER\AppData\Roaming\Upsyc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 04:10 . 2009-10-03 09:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-09 09:36 . 2011-12-09 09:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-27 07:03 . 2012-02-27 07:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Matrox PowerDesk SE"="c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2005-09-23 163840]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-15 68592]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-01 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-08-04 36864]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 49122395
*Deregistered* - 49122395
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 16:39]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 16:39]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000Core.job
- c:\users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 06:10]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000UA.job
- c:\users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 06:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 213.132.63.25 80.227.2.4
TCP: Interfaces\{C095790D-7D25-4D96-A430-09ACA1D03712}: NameServer = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\users\OWNER\AppData\Roaming\Mozilla\Firefox\Profiles\wwnnjdtx.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml
AddRemove-vShare plugin - c:\program files\StartSearch plugin\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-29 12:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-29 12:23:28
ComboFix-quarantined-files.txt 2012-02-29 11:23
.
Pre-Run: 402.099.834.880 bytes free
Post-Run: 402.031.480.832 bytes free
.
- - End Of File - - B15C98F13CD1FF3B144E654F3C213739
|
|
29.02.2012, 15:18
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO/Whistler gefunden - wie entfernen? bitte kurz helfen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ |
|
01.03.2012, 11:01
| #19 |
| | BOO/Whistler gefunden - wie entfernen? bitte kurz helfenCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-01 10:55:06
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000058 Hitachi_ rev.GM4O
Running: qn01pe4n.exe; Driver: C:\Users\OWNER\AppData\Local\Temp\kxndruod.sys
---- System - GMER 1.0.15 ----
SSDT 8B028C3E ZwCreateSection
SSDT 8B028C16 ZwCreateSymbolicLinkObject
SSDT 8B028C1B ZwLoadDriver
SSDT 8B028C11 ZwOpenSection
SSDT 8B028C48 ZwRequestWaitReplyPort
SSDT 8B028C43 ZwSetContextThread
SSDT 8B028C4D ZwSetSecurityObject
SSDT 8B028C20 ZwSetSystemInformation
SSDT 8B028C52 ZwSystemDebugControl
SSDT 8B028BDF ZwTerminateProcess
SSDT 8B028BDA ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 820FB998 4 Bytes [3E, 8C, 02, 8B]
.text ntkrnlpa.exe!KeSetEvent + 21D 820FB9A0 4 Bytes [16, 8C, 02, 8B]
.text ntkrnlpa.exe!KeSetEvent + 37D 820FBB00 4 Bytes [1B, 8C, 02, 8B]
.text ntkrnlpa.exe!KeSetEvent + 3FD 820FBB80 4 Bytes [11, 8C, 02, 8B]
.text ntkrnlpa.exe!KeSetEvent + 539 820FBCBC 4 Bytes [48, 8C, 02, 8B]
.text ...
---- User code sections - GMER 1.0.15 ----
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!LdrLoadDll 77279378 5 Bytes JMP 00832D30
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!LdrShutdownThread 77291D42 5 Bytes JMP 008524F0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!LdrGetDllHandle 77295717 5 Bytes JMP 00850C20
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtAllocateVirtualMemory 772B3FA4 5 Bytes JMP 008268F0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtAreMappedFilesTheSame 772B4114 5 Bytes JMP 00827E60
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCancelIoFile 772B4154 5 Bytes JMP 00832C80
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtClose 772B4184 5 Bytes JMP 0082F940
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCompactKeys 772B41A4 5 Bytes JMP 0082DE20
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCompressKey 772B41D4 5 Bytes JMP 0082DD70
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateEvent 772B4224 5 Bytes JMP 0082ED10
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateFile 772B4244 5 Bytes JMP 00832B20
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateKey 772B4284 5 Bytes JMP 0082DC60
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateMailslotFile 772B42A4 5 Bytes JMP 00832A10
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateMutant 772B42B4 5 Bytes JMP 0082F160
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateNamedPipeFile 772B42C4 5 Bytes JMP 008328E0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreatePagingFile 772B42E4 5 Bytes JMP 00832820
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateProcess 772B4304 5 Bytes JMP 00850A50
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateProcessEx 772B4314 5 Bytes JMP 00850970
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateSection 772B4334 5 Bytes JMP 00828480
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateSemaphore 772B4344 5 Bytes JMP 0082EE80
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateThread 772B4364 5 Bytes JMP 008507C0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtDeleteFile 772B4624 5 Bytes JMP 00832750
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtDeleteKey 772B4634 5 Bytes JMP 0082DB90
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtDeleteValueKey 772B4664 5 Bytes JMP 0082DAD0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtDeviceIoControlFile 772B4674 5 Bytes JMP 00832670
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtDuplicateObject 772B4694 5 Bytes JMP 0082F870
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtEnumerateKey 772B46D4 5 Bytes JMP 0082DA00
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtEnumerateValueKey 772B4704 5 Bytes JMP 0082D930
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtExtendSection 772B4714 5 Bytes JMP 008283B0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtFlushBuffersFile 772B4744 5 Bytes JMP 008325C0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtFlushKey 772B4764 5 Bytes JMP 0082D880
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtFsControlFile 772B47E4 5 Bytes JMP 008324E0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtLoadKey 772B48E4 5 Bytes JMP 0082D7D0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtLoadKey2 772B48F4 5 Bytes JMP 0082D710
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtLoadKeyEx 772B4904 5 Bytes JMP 0082D650
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtLockFile 772B4914 5 Bytes JMP 008323D0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtLockRegistryKey 772B4934 5 Bytes JMP 0082D5A0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtMakeTemporaryObject 772B4964 5 Bytes JMP 0082F7C0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtMapViewOfSection 772B4994 5 Bytes JMP 008282A0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtNotifyChangeDirectoryFile 772B49C4 5 Bytes JMP 008322F0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtNotifyChangeKey 772B49D4 5 Bytes JMP 0082D4C0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtNotifyChangeMultipleKeys 772B49E4 5 Bytes JMP 0082D3E0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenEvent 772B4A04 5 Bytes JMP 0082EF80
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenFile 772B4A24 5 Bytes JMP 00832000
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenKey 772B4A54 5 Bytes JMP 0082D300
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenMutant 772B4A74 5 Bytes JMP 0082F070
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenProcess 772B4AA4 5 Bytes JMP 00850B30
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenSection 772B4AD4 5 Bytes JMP 008281B0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtOpenSemaphore 772B4AE4 5 Bytes JMP 0082ED90
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryAttributesFile 772B4BC4 5 Bytes JMP 00831F30
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryDirectoryFile 772B4C24 5 Bytes JMP 00831E40
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryEaFile 772B4C54 5 Bytes JMP 00831D60
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryFullAttributesFile 772B4C74 5 Bytes JMP 00831C90
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryInformationFile 772B4C94 5 Bytes JMP 00831BC0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryKey 772B4D24 5 Bytes JMP 0082D150
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryMultipleValueKey 772B4D34 5 Bytes JMP 0082D070
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryObject 772B4D54 5 Bytes JMP 0082F6E0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryOpenSubKeys 772B4D64 5 Bytes JMP 0082CFC0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryOpenSubKeysEx 772B4D74 5 Bytes JMP 0082CF00
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryQuotaInformationFile 772B4D94 5 Bytes JMP 008312E0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQuerySection 772B4DA4 5 Bytes JMP 008280D0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQuerySecurityObject 772B4DB4 5 Bytes JMP 0082F310
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryValueKey 772B4E44 5 Bytes JMP 0082CE30
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryVirtualMemory 772B4E54 5 Bytes JMP 00827F20
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtQueryVolumeInformationFile 772B4E64 5 Bytes JMP 00831AF0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtReadFile 772B4EA4 5 Bytes JMP 00831A00
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtReadFileScatter 772B4EB4 5 Bytes JMP 00831910
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtRenameKey 772B4F34 5 Bytes JMP 0082CD70
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtReplaceKey 772B4F44 5 Bytes JMP 0082CCB0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtRestoreKey 772B5004 5 Bytes JMP 0082CBF0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSaveKey 772B5034 5 Bytes JMP 0082CB40
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSaveKeyEx 772B5044 5 Bytes JMP 0082CA80
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSaveMergedKeys 772B5054 5 Bytes JMP 0082C9C0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetEaFile 772B50F4 5 Bytes JMP 00831850
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetInformationFile 772B5154 5 Bytes JMP 00831780
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetInformationKey 772B5174 5 Bytes JMP 0082C900
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetInformationObject 772B5184 5 Bytes JMP 0082F620
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetInformationProcess 772B5194 5 Bytes JMP 00850700
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetQuotaInformationFile 772B5214 5 Bytes JMP 00831220
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetSecurityObject 772B5224 5 Bytes JMP 0082F250
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetValueKey 772B52C4 5 Bytes JMP 0082C820
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSetVolumeInformationFile 772B52D4 5 Bytes JMP 008316B0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtSignalAndWaitForSingleObject 772B52F4 5 Bytes JMP 0082F530
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtTerminateProcess 772B5364 5 Bytes JMP 00852430
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtTranslateFilePath 772B53D4 5 Bytes JMP 00831160
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtUnloadKey 772B53F4 5 Bytes JMP 0082C770
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtUnloadKey2 772B5404 5 Bytes JMP 0082C6B0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtUnloadKeyEx 772B5414 5 Bytes JMP 0082C5F0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtUnlockFile 772B5424 5 Bytes JMP 008315C0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtUnmapViewOfSection 772B5444 5 Bytes JMP 00827FF0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtWaitForMultipleObjects 772B5474 5 Bytes JMP 0082F3E0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtWaitForSingleObject 772B5484 5 Bytes JMP 0082EAE0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtWriteFile 772B54B4 5 Bytes JMP 008314C0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtWriteFileGather 772B54C4 5 Bytes JMP 008313C0
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!NtCreateUserProcess 772B5674 5 Bytes JMP 00850890
.text c:\blp\API\office tools\bxlartd.exe[6132] ntdll.dll!KiUserCallbackDispatcher 772B5BE0 5 Bytes JMP 00827260
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!SetConsoleTitleW 75E0CC8A 5 Bytes JMP 00851D50
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!QueryActCtxW 75E0E185 5 Bytes JMP 00845B30
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!CreateActCtxW 75E1C7B9 5 Bytes JMP 008458C0
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!CreateProcessInternalW 75E25477 5 Bytes JMP 00852260
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!GetCommandLineW 75E29D20 5 Bytes JMP 00850680
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!GetConsoleTitleW 75E2E0E9 5 Bytes JMP 00851B70
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!GetCommandLineA 75E43E8B 5 Bytes JMP 008505E0
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!ExitProcess 75E443F4 5 Bytes JMP 00852400
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!CreateRemoteThread 75E4CB55 5 Bytes JMP 00852720
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!SetConsoleTitleA 75EA6CDD 5 Bytes JMP 00851E10
.text c:\blp\API\office tools\bxlartd.exe[6132] kernel32.dll!GetConsoleTitleA 75EA6E93 5 Bytes JMP 00851C50
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!StartServiceCtrlDispatcherA 759E2036 5 Bytes JMP 0084B560
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!RegisterServiceCtrlHandlerA 759E308C 5 Bytes JMP 0084BB10
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!RegisterServiceCtrlHandlerExA 759E6678 5 Bytes JMP 0084B970
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!StartServiceA 759EA24D 5 Bytes JMP 0084B380
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!StartServiceCtrlDispatcherW 759EE495 5 Bytes JMP 0084B450
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!RegisterServiceCtrlHandlerW 759EE988 5 Bytes JMP 0084BA40
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!SetServiceStatus 759EF20C 5 Bytes JMP 0084B670
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!RegisterServiceCtrlHandlerExW 759EFB59 5 Bytes JMP 0084B8A0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!OpenSCManagerA 75A02D93 5 Bytes JMP 0084C3F0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!OpenServiceA 75A02EBD 5 Bytes JMP 0084C270
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!StartServiceW 75A03E0B 5 Bytes JMP 0084B2B0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceStatusEx 75A04FFE 5 Bytes JMP 0084BBE0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceConfigW 75A050A4 5 Bytes JMP 0084BFF0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceConfigA 75A051AD 5 Bytes JMP 0084C0C0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!OpenSCManagerW 75A07137 5 Bytes JMP 0084C360
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!CloseServiceHandle 75A082A5 5 Bytes JMP 0084D100
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!OpenServiceW 75A08354 5 Bytes JMP 0084C190
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceStatus 75A0842C 5 Bytes JMP 0084BCC0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!CreateServiceW 75A29EB4 5 Bytes JMP 0084CCD0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!ControlService 75A29FB8 5 Bytes JMP 0084D030
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!DeleteService 75A2A07E 5 Bytes JMP 0084CC40
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!GetServiceDisplayNameW 75A2B0B3 5 Bytes JMP 0084C480
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!GetServiceKeyNameW 75A2B164 5 Bytes JMP 0084C620
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumServicesStatusExA 75A2B31B 5 Bytes JMP 0084C870
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumServicesStatusExW 75A66909 5 Bytes JMP 0084C7C0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!SetServiceBits 75A66B11 5 Bytes JMP 0084B7D0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumServicesStatusA 75A66B47 5 Bytes JMP 0084C9D0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceObjectSecurity 75A66C21 5 Bytes JMP 0084BD90
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!SetServiceObjectSecurity 75A66CD9 5 Bytes JMP 0084B740
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!ChangeServiceConfigA 75A66DD9 5 Bytes JMP 0084CF40
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!ChangeServiceConfigW 75A66F81 5 Bytes JMP 0084CE50
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!CreateServiceA 75A672A1 5 Bytes JMP 0084CD90
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumDependentServicesA 75A67505 5 Bytes JMP 0084CB60
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumDependentServicesW 75A675D9 5 Bytes JMP 0084CA80
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!GetServiceDisplayNameA 75A676B1 5 Bytes JMP 0084C550
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!GetServiceKeyNameA 75A67759 5 Bytes JMP 0084C6F0
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceConfig2A 75A67891 5 Bytes JMP 0084BF10
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!QueryServiceConfig2W 75A67A19 5 Bytes JMP 0084BE30
.text c:\blp\API\office tools\bxlartd.exe[6132] advapi32.dll!EnumServicesStatusW 75A67F61 5 Bytes JMP 0084C920
.text c:\blp\API\office tools\bxlartd.exe[6132] GDI32.dll!GdiAddFontResourceW 773DD4BF 5 Bytes JMP 00850F70
.text c:\blp\API\office tools\bxlartd.exe[6132] GDI32.dll!RemoveFontResourceExW 773FCCDC 5 Bytes JMP 00850D30
.text c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!SetWindowsHookExA 76186322 5 Bytes JMP 00853980
.text c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!SetWindowsHookExW 761887AD 5 Bytes JMP 00853850
.text c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!FindWindowA 76189D76 5 Bytes JMP 00854050
.text c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!GetWindowTextA 7618F63C 5 Bytes JMP 00853BC0
.text c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!FindWindowExA 7618F6C1 5 Bytes JMP 00853F30
.text c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!GetWindowTextW 76192069 5 Bytes JMP 00853AB0
.text c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!SetWindowTextW 76199815 5 Bytes JMP 00853CE0
.text c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!FindWindowW 7619A441 5 Bytes JMP 00853FC0
.text c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!SetWindowTextA 761AA4E6 5 Bytes JMP 00853DB0
.text c:\blp\API\office tools\bxlartd.exe[6132] USER32.dll!FindWindowExW 761B260C 5 Bytes JMP 00853EA0
.text c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoResumeClassObjects + 7 76342C12 5 Bytes JMP 00840DC0
.text c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoRegisterClassObject 76347DBE 5 Bytes JMP 00840EC0
.text c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoGetClassObject 7636FAE8 5 Bytes JMP 00841020
.text c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoRevokeClassObject 7637B109 5 Bytes JMP 00840E20
.text c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoCreateInstance 76389F3E 5 Bytes JMP 008411A0
.text c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoCreateInstanceEx 76389F81 5 Bytes JMP 008410E0
.text c:\blp\API\office tools\bxlartd.exe[6132] ole32.dll!CoGetInstanceFromFile 763DC595 5 Bytes JMP 008414D0
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73DC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73D9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73DBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\415f12bc5874cee471c12d31d41812bf\mscorlib.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132] 0x638D0000
Library C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ece12e1b68509d8489de783ace3d21b1\System.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132] 0x63140000
Library C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eecd056989bb157d03094acde93890e2\System.Configuration.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132] 0x64DD0000
Library C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b48bb64ff5b083c6afb5ecd439235077\System.Xml.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132] 0x62C00000
Library C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f728d300a977f19baf982b0e84df806\System.Drawing.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132] 0x64C40000
Library C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\0d1cc1d6b56d6c15bdc56cfb1d3a345b\System.Messaging.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132] 0x67250000
Library C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\c455910808f8d8165d4c9127c1ff8735\System.Data.SqlXml.ni.dll (*** hidden *** ) @ c:\blp\API\office tools\bxlartd.exe [6132] 0x64760000
---- EOF - GMER 1.0.15 ----
|
|
01.03.2012, 11:03
| #20 |
| | BOO/Whistler gefunden - wie entfernen? bitte kurz helfenCode:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:59:18 on 01.03.2012 OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 10.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000Core.job" - "Google Inc." - C:\Users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000UA.job" - "Google Inc." - C:\Users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ATCPanel.cpl" - "AuthenTec, Inc." - C:\Windows\system32\ATCPanel.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\OWNER\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "hoplfb" (hoplfb) - ? - C:\Windows\System32\drivers\jxle.sys (File not found) "HPFXBULK" (HPFXBULK) - "Hewlett Packard" - C:\Windows\System32\drivers\hpfxbulk.sys "HPFXFAX" (HPFXFAX) - "Hewlett Packard" - C:\Windows\System32\drivers\hpfxfax.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kxndruod" (kxndruod) - ? - C:\Users\OWNER\AppData\Local\Temp\kxndruod.sys (Hidden registry entry, rootkit activity | File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MTXPAR" (MTXPAR) - "Matrox Graphics Inc." - C:\Windows\System32\DRIVERS\MTXPARM.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? - (File not found | COM-object registry key not found) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Google Quick Search Box" - "Google Inc." - "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "HPUsageTracking" - ? - "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Matrox PowerDesk SE" - "Matrox Graphics Inc." - "C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" "ToolBoxFX" - "HP" - "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Fax Port" - "Hewlett-Packard Company" - C:\Windows\system32\hppfaxprintermon5.dll "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira Mail Protection" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe "Avira Realtime Protection" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Scheduler" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira Web Protection" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update Service (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MtxDrvService" (MtxDrvService) - ? - C:\Windows\system32\MtxDrvService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe "VNC Server Version 4" (WinVNC4) - "RealVNC Ltd." - C:\Program Files\RealVNC\VNC4\WinVNC4.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions. |
|
01.03.2012, 11:23
| #21 |
| | BOO/Whistler gefunden - wie entfernen? bitte kurz helfenCode:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-01 11:03:27
-----------------------------
11:03:27.257 OS Version: Windows 6.0.6002 Service Pack 2
11:03:27.257 Number of processors: 2 586 0x6B02
11:03:27.260 ComputerName: TOBIASROLLEHOME UserName: OWNER
11:03:29.544 Initialize success
11:04:14.501 AVAST engine defs: 12030100
11:04:18.240 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
11:04:18.244 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 8
11:04:18.776 Disk 0 MBR read successfully
11:04:18.780 Disk 0 MBR scan
11:04:18.787 Disk 0 Windows VISTA default MBR code
11:04:18.945 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 469203 MB offset 63
11:04:19.040 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7734 MB offset 960927975
11:04:19.438 Disk 0 scanning sectors +976768065
11:04:19.866 Disk 0 scanning C:\Windows\system32\drivers
11:06:09.480 Service scanning
11:06:37.194 Modules scanning
11:08:22.473 Disk 0 trace - called modules:
11:08:22.551 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys
11:08:22.885 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85911ac8]
11:08:22.897 3 CLASSPNP.SYS[8a3a08b3] -> nt!IofCallDriver -> [0x85359f08]
11:08:22.907 5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\00000058[0x85373b88]
11:08:23.961 AVAST engine scan C:\Windows
11:08:44.985 AVAST engine scan C:\Windows\system32
11:13:39.335 AVAST engine scan C:\Windows\system32\drivers
11:13:56.801 AVAST engine scan C:\Users\OWNER
11:21:34.161 Disk 0 MBR has been saved successfully to "C:\Users\OWNER\Documents\MBR.dat"
11:21:34.175 The log file has been saved successfully to "C:\Users\OWNER\Documents\aswMBR.txt"
|
|
01.03.2012, 13:55
| #22 |
| | BOO/Whistler gefunden - wie entfernen? bitte kurz helfen Gerade eben wurde eine Mail von meiner Email an meine Email gesendet mit Spam Inhalt (Viagra etc) Ich vermute da läuft irgendwas richtig falsch. Was denkst du dazu? Absender sitzt in Pakistan Code:
ATTFilter From meineemail@yahoo.de Thu Mar 1 12:15:01 2012
X-Apparently-To: meineemail@yahoo.de via 77.238.189.171; Thu, 01 Mar 2012 12:15:01 +0000
Return-Path: <meineemail@yahoo.de>
X-YahooFilteredBulk: 182.179.110.94
Received-SPF: none (domain of yahoo.de does not designate permitted sender hosts)
X-YMailISG: TeYHagIWLDvTqCQVCEatlIyEu0SGzD2K4Ux6mBNv0NOWq18d
e2trlcMzAOCWXTIwSmt5k529soM7ZsHEQ3JP44U7nBv1MC3EcVak7wYqwcxQ
mPvhN72e.97DT_JLcYb.6Ay22dBAfGML_nrJGAjtWt8X44hwS.ck9bz_o1Xl
gX2R_DS.mRK45Cv3eNupgRz.jQ64HMzOQdhUL6RrVZm3eIumnyUXhbJcrLmH
Oi_neSopER2EIzvDECpCYzjZywSYHJN4TYrN9So3auhh4QDWiOoi3e_cFoEN
LwUF2SeUAbY5og3U1.owecBdkq2DTVf8yo6RVLR6OFjZgIr.W4EitBU5ciPW
l6XVFPyhlNGCW7oWs7sXac6flm6kx0A3lj_zKxcQz5teNiDUSuJiSMchOyOF
cJl5bBjPw9pBw35c1yjkfg9RxQDxCInlu8XXrqZvszSTKV4HRzvUj0Mcm5Ub
aidD_PZsjR0PCoGEU4.9aEN6x1xE_nKMX7f1XiUcCsD2jWdf4f.IwBjR7fq4
p8NBkSGhEWljUwCPwFnGE_93xG_GG6vRyudLKiCO9P44cYEVMX1cvINI9rhf
VmZNfm9E.z0fzvmOZa2FtnMLepKl1dxlTw6XhdEkJxGJY12ki5wR6dJdUBb8
Qyia1HECt8Ucmn1r6M18eMYXIf0M9oG_ioI_p28FVuuYLL5AMsghm0NXvm66
55EiRzyManbuTc3pwodLN1r5L5Kixs3404l58KTjMKPXzV73piURUs8fmw7X
j3S_BSgiOrsvHEpAwKup8YI8fS9WndNjjY3t_f5WXYrwlBB0illJfa3ZZid7
Sj42hLkHq2LMzyARDps3648oUG6DEUkwaXo537E8XKYLWl4jeWffwYJzYDn2
0gCBiaY7bfxQGEzDMA_pGs039AiRuqQDESeRndRKyG.dUUiwEQ--
X-Originating-IP: [182.179.110.94]
Authentication-Results: mta1011.mail.ird.yahoo.com from=yahoo.de; domainkeys=neutral (no sig); from=yahoo.de; dkim=neutral (no sig)
Received: from 127.0.0.1 (HELO nj) (182.179.110.94)
by mta1011.mail.ird.yahoo.com with SMTP; Thu, 01 Mar 2012 12:15:01 +0000
To: <meineemail@yahoo.de>
Subject: meineemail@yahoo.de Pf|zer Discount ID162501
From: <meineemail@yahoo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Content-Length: 223
Geändert von loco-dubai (01.03.2012 um 14:37 Uhr) |
|
01.03.2012, 18:10
| #23 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO/Whistler gefunden - wie entfernen? bitte kurz helfen Spammer können problemlos die Absendeadressen fälchen. Nur weil deine Mail angeblich der Absender ist, heißt das noch lange nicht, dass das auch von deinem Konto oder gar deinem Rechner ausging Zitat:
 Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2012, 08:36
| #24 |
| | BOO/Whistler gefunden - wie entfernen? bitte kurz helfen Bloomberg war alt. Hab ich nun auch de-installed. Beim Osam Neustart war der Report leer "(Failed) Cannot find object " Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 08:33:06 on 02.03.2012 OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 10.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000Core.job" - "Google Inc." - C:\Users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3062086142-2646581309-1385036962-1000UA.job" - "Google Inc." - C:\Users\OWNER\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ATCPanel.cpl" - "AuthenTec, Inc." - C:\Windows\system32\ATCPanel.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\OWNER\AppData\Local\Temp\catchme.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "HPFXBULK" (HPFXBULK) - "Hewlett Packard" - C:\Windows\System32\drivers\hpfxbulk.sys "HPFXFAX" (HPFXFAX) - "Hewlett Packard" - C:\Windows\System32\drivers\hpfxfax.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MTXPAR" (MTXPAR) - "Matrox Graphics Inc." - C:\Windows\System32\DRIVERS\MTXPARM.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? - (File not found | COM-object registry key not found) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Google Quick Search Box" - "Google Inc." - "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "HPUsageTracking" - ? - "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Matrox PowerDesk SE" - "Matrox Graphics Inc." - "C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" "ToolBoxFX" - "HP" - "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on "VirtualCloneDrive" - "Elaborate Bytes AG" - "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Fax Port" - "Hewlett-Packard Company" - C:\Windows\system32\hppfaxprintermon5.dll "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Avira Mail Protection" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe "Avira Realtime Protection" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Scheduler" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira Web Protection" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update Service (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MtxDrvService" (MtxDrvService) - ? - C:\Windows\system32\MtxDrvService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe "VNC Server Version 4" (WinVNC4) - "RealVNC Ltd." - C:\Program Files\RealVNC\VNC4\WinVNC4.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
02.03.2012, 13:43
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO/Whistler gefunden - wie entfernen? bitte kurz helfen Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2012, 07:51
| #26 |
| | BOO/Whistler gefunden - wie entfernen? bitte kurz helfenCode:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.04.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19190 OWNER :: TOBIASROLLEHOME [administrator] Protection: Disabled 05.03.2012 21:52:38 mbam-log-2012-03-05 (21-52-38).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 381878 Time elapsed: 1 hour(s), 35 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
06.03.2012, 11:23
| #27 |
| | BOO/Whistler gefunden - wie entfernen? bitte kurz helfenCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/06/2012 at 10:11 AM
Application Version : 5.0.1144
Core Rules Database Version : 8306
Trace Rules Database Version: 6118
Scan type : Complete Scan
Total Scan Time : 02:16:28
Operating System Information
Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 759
Memory threats detected : 0
Registry items scanned : 33869
Registry threats detected : 0
File items scanned : 211972
File threats detected : 289
Adware.Tracking Cookie
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad.zanox[2].txt [ /ad.zanox ]
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad1.adfarm1.adition[1].txt [ /ad1.adfarm1.adition ]
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad2.adfarm1.adition[2].txt [ /ad2.adfarm1.adition ]
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@adfarm1.adition[2].txt [ /adfarm1.adition ]
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@adultfriendfinder[2].txt [ /adultfriendfinder ]
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@edates.traffective-tracking[1].txt [ /edates.traffective-tracking ]
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\owner@webmasterplan[2].txt [ /webmasterplan ]
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\GS0FPG9M.txt [ /atdmt.com ]
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\ZMMNZJR2.txt [ /c.atdmt.com ]
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\NNPDQG0A.txt [ /accounts.google.com ]
C:\Users\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Q77UYNYZ.txt [ /doubleclick.net ]
C:\USERS\OWNER\Cookies\owner@ad.zanox[2].txt [ Cookie:owner@ad.zanox.com/ ]
C:\USERS\OWNER\Cookies\owner@adfarm1.adition[2].txt [ Cookie:owner@adfarm1.adition.com/ ]
C:\USERS\OWNER\Cookies\owner@ad1.adfarm1.adition[1].txt [ Cookie:owner@ad1.adfarm1.adition.com/ ]
C:\USERS\OWNER\Cookies\ZMMNZJR2.txt [ Cookie:owner@c.atdmt.com/ ]
C:\USERS\OWNER\Cookies\NNPDQG0A.txt [ Cookie:owner@accounts.google.com/ ]
C:\USERS\OWNER\Cookies\Q77UYNYZ.txt [ Cookie:owner@doubleclick.net/ ]
C:\USERS\OWNER\Cookies\owner@ad2.adfarm1.adition[2].txt [ Cookie:owner@ad2.adfarm1.adition.com/ ]
C:\USERS\OWNER\Cookies\owner@adultfriendfinder[2].txt [ Cookie:owner@adultfriendfinder.com/ ]
C:\USERS\OWNER\Cookies\owner@webmasterplan[2].txt [ Cookie:owner@webmasterplan.com/ ]
.adtech.de [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
files.youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U4XMY67F ]
mediadb.kicker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U4XMY67F ]
s0.2mdn.net [ C:\USERS\OWNER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U4XMY67F ]
accounts.youtube.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.olympiaverlag.122.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
www.youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
www.youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.de.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.delivery.trafficjunky.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.sexad.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.exoclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.exoclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.syndication.traffichaus.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.syndication.traffichaus.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.syndication.traffichaus.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.hightraffic.hugoboss.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
media.gan-online.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.bizrate.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.emiratesintegratedtelecommunicationscompany.112.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WWNNJDTX.DEFAULT\COOKIES.SQLITE ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@ADSERVER.ADTECHUS[1].TXT [ /ADSERVER.ADTECHUS ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@REALMEDIA[2].TXT [ /REALMEDIA ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@C7.ZEDO[1].TXT [ /C7.ZEDO ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@FASTCLICK[2].TXT [ /FASTCLICK ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@REVSCI[1].TXT [ /REVSCI ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@ZEDO[1].TXT [ /ZEDO ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@BURSTNET[2].TXT [ /BURSTNET ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@ADVERTISING[2].TXT [ /ADVERTISING ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@ATDMT[1].TXT [ /ATDMT ]
C:\WINDOWS.OLD\USERS\OWNER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OWNER@MICROSOFTWINDOWS.112.2O7[1].TXT [ /MICROSOFTWINDOWS.112.2O7 ]
Trojan.Agent/Gen-FakeAV
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX
Trojan.Dropper/Win-NV
C:\WINDOWS.OLD\PROGRAM FILES\PC-DOCTOR 5 FOR WINDOWS\HTTP.DLL
|
|
06.03.2012, 13:44
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO/Whistler gefunden - wie entfernen? bitte kurz helfen Sieht ok aus, da wurden nur Cookies gefunden - und zwei Fehlalarme waren dabei Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2012, 17:29
| #29 |
| | BOO/Whistler gefunden - wie entfernen? bitte kurz helfen Sieht sehr sehr gut aus! Danke Arne - ohne dich wäre ich echt aufgeschmissen. TOP SERVICE !!!!  |
|
06.03.2012, 20:05
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BOO/Whistler gefunden - wie entfernen? bitte kurz helfen Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu BOO/Whistler gefunden - wie entfernen? bitte kurz helfen |
| anbei, antivirus, avira, datei, datein, entferne, entfernen, gefunde, kurze, laufwerke, leute, log, log datei, schonmal, tagen, verschiedene, verschiedenen, wie entfernen, wie entfernen? |
Linear-Darstellung
