| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Neue Funde von Avira Antivir! Was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.03.2012, 23:00
| #16 | |
 |  Neue Funde von Avira Antivir! Was nun? Hallo Arne! Mein letzter OTL-Fix (anderer Thread) war erst erfolgreich, nachdem wir folgende Kommandos weggelassen hatten. Zitat:
Kannst Du mir trotzdem kurz mitteilen, ob nach ca. 9 Stunden Laufzeit ein Weiterwarten Sinn machen würde? Werde Deine Antwort auf einem anderen Computer lesen. Dank Dir im Voraus für Deine Rückmeldung. Grüße Petain |
|
08.03.2012, 23:02
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Neue Funde von Avira Antivir! Was nun? Mach den Fix im abgsicherten Modus mal
__________________
__________________ |
|
08.03.2012, 23:13
| #18 |
| | Neue Funde von Avira Antivir! Was nun? Vielen Dank für die schnelle Rückmeldung.
__________________Habe den Rechner jetzt direkt im abgesicherten Modus gestartet und versuche es auf diesem Weg. Hier der Link zum Post von damals: http://www.trojaner-board.de/109661-...tml#post777825 Aber vielleicht habe ich ja dieses Mal Glück und alles läuft durch. |
|
09.03.2012, 00:34
| #19 |
| | Neue Funde von Avira Antivir! Was nun? Hallo Arne! Dieses Mal hat es im abgesicherten Modus beim zweiten Versuch proplemlos geklappt. *freu* Beim ersten Versuch hatten sich beim Kopieren leider unbeabsichtigt Zeilenumbrüche eingeschlichen (war mein Fehler, da ich die Anweisungen bzw. den Code erst in den Editor zum Bearbeiten (wegen Zurückänderung der ****-Usernamen) eingefügt hatte - SORRY - wieder was gelernt). Da hatte sich OTL dann aufgehangen und ich musste abbrechen und nochmals beginnen. Ich hoffe, dass hatte keine zu großen negativen Einflüsse auf die Brauchbarkeit des Protokolls. Gib mir bitte Bescheid, wenn wir den CustomerScan deswegen wiederholen müssen. Hier nun das komplette Logfile vom Fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value
set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776
-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\
not found.
HKU\S-1-5-21-2889648171-373102870-1120645299-1001\SOFTWARE\Microsoft\Internet
Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2889648171-373102870-1120645299-1001\SOFTWARE\Microsoft\Internet
Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2889648171-373102870-1120645299-1001\SOFTWARE\Microsoft\Internet
Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-2889648171-373102870-1120645299-1001\SOFTWARE\Microsoft\Internet
Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_USERS\S-1-5-21-2889648171-373102870-1120645299-1001\Software\Microsoft\Internet
Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2889648171-373102870-1120645299-1001\Software\Microsoft\Internet
Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\
not found.
C:\Users\A****\AppData\Roaming\mozilla\Firefox\Profiles\gl6jq6a3.default\extensions\{20a82645-
c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\A****\AppData\Roaming\mozilla\Firefox\Profiles\gl6jq6a3.default\extensions\{20a82645-
c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\A****\AppData\Roaming\mozilla\Firefox\Profiles\gl6jq6a3.default\extensions\{20a82645-
c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Ad****\AppData\Roaming\mozilla\Firefox\Profiles\gl6jq6a3.default\extensions\{20a82645-
c095-46ed-80e3-08825760534b} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CCUTRAYICON
deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent
deleted successfully.
C:\Programme\Winamp\winampa.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\
deleted successfully.
Registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted
successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not
found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not
found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not
found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not
found.
Registry key HKEY_USERS\S-1-5-21-2889648171-373102870-1120645299-1001
\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2889648171-373102870-1120645299-1001
\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted
successfully.
Registry value HKEY_USERS\S-1-5-21-2889648171-373102870-1120645299-1001
\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2889648171-373102870-1120645299-1005
\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set
successfully!
L:\Automatische_Wiedergabe.doc moved successfully.
C:\32788R22FWJFW folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: A****
->Temp folder emptied: 53136644 bytes
->Temporary Internet Files folder emptied: 83913838 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48170989 bytes
->Opera cache emptied: 775500 bytes
->Flash cache emptied: 57621 bytes
User: All Users
User: B******
->Temp folder emptied: 976997 bytes
->Temporary Internet Files folder emptied: 1099811421 bytes
->Java cache emptied: 35933997 bytes
->FireFox cache emptied: 26498324 bytes
->Opera cache emptied: 100614 bytes
->Flash cache emptied: 59733 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: G***
->Temp folder emptied: 3833163 bytes
->Temporary Internet Files folder emptied: 58622010 bytes
->Java cache emptied: 4530091 bytes
->FireFox cache emptied: 98345510 bytes
->Opera cache emptied: 29437 bytes
->Flash cache emptied: 59021 bytes
User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: M******
->Temp folder emptied: 1771832 bytes
->Temporary Internet Files folder emptied: 99153652 bytes
->Java cache emptied: 21922761 bytes
->FireFox cache emptied: 245277777 bytes
->Google Chrome cache emptied: 6332102 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 72267 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7538816 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.809,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.36.1 log created on 03082012_232854
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Viele Grüße Petain |
|
09.03.2012, 09:09
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neue Funde von Avira Antivir! Was nun? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.03.2012, 18:26
| #21 |
| | Neue Funde von Avira Antivir! Was nun? Hallo Arne! Hier das Log zu TDSS-Killer: Code:
ATTFilter 18:18:27.0871 4072 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
18:18:28.0606 4072 ============================================================
18:18:28.0606 4072 Current date / time: 2012/03/09 18:18:28.0606
18:18:28.0606 4072 SystemInfo:
18:18:28.0606 4072
18:18:28.0606 4072 OS Version: 6.0.6002 ServicePack: 2.0
18:18:28.0606 4072 Product type: Workstation
18:18:28.0606 4072 ComputerName: G*****
18:18:28.0606 4072 UserName: A****
18:18:28.0606 4072 Windows directory: C:\Windows
18:18:28.0606 4072 System windows directory: C:\Windows
18:18:28.0606 4072 Processor architecture: Intel x86
18:18:28.0606 4072 Number of processors: 2
18:18:28.0606 4072 Page size: 0x1000
18:18:28.0606 4072 Boot type: Normal boot
18:18:28.0606 4072 ============================================================
18:18:29.0309 4072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:18:29.0309 4072 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:18:29.0324 4072 \Device\Harddisk0\DR0:
18:18:29.0340 4072 MBR used
18:18:29.0340 4072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x12C00000
18:18:29.0356 4072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14371000, BlocksNum 0x764C800
18:18:29.0356 4072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B9BE000, BlocksNum 0x2425000
18:18:29.0356 4072 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DDE3000, BlocksNum 0x764B000
18:18:29.0356 4072 \Device\Harddisk1\DR1:
18:18:29.0356 4072 MBR used
18:18:29.0356 4072 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C0681
18:18:29.0621 4072 Initialize success
18:18:29.0621 4072 ============================================================
18:19:14.0809 1696 ============================================================
18:19:14.0809 1696 Scan started
18:19:14.0809 1696 Mode: Manual; SigCheck; TDLFS;
18:19:14.0809 1696 ============================================================
18:19:16.0746 1696 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:19:16.0903 1696 ACPI - ok
18:19:17.0168 1696 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:19:17.0231 1696 adp94xx - ok
18:19:17.0340 1696 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:19:17.0371 1696 adpahci - ok
18:19:17.0387 1696 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:19:17.0403 1696 adpu160m - ok
18:19:17.0434 1696 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:19:17.0449 1696 adpu320 - ok
18:19:17.0574 1696 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:19:17.0653 1696 AFD - ok
18:19:17.0840 1696 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:19:17.0871 1696 agp440 - ok
18:19:17.0949 1696 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:19:17.0981 1696 aic78xx - ok
18:19:18.0074 1696 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:19:18.0090 1696 aliide - ok
18:19:18.0168 1696 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:19:18.0199 1696 amdagp - ok
18:19:18.0246 1696 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:19:18.0262 1696 amdide - ok
18:19:18.0309 1696 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:19:18.0465 1696 AmdK7 - ok
18:19:18.0715 1696 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:19:18.0809 1696 AmdK8 - ok
18:19:19.0012 1696 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:19:19.0028 1696 arc - ok
18:19:19.0121 1696 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:19:19.0137 1696 arcsas - ok
18:19:19.0199 1696 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:19.0449 1696 AsyncMac - ok
18:19:19.0621 1696 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
18:19:19.0621 1696 atapi - ok
18:19:19.0778 1696 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:19:19.0793 1696 avgntflt - ok
18:19:19.0856 1696 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
18:19:19.0887 1696 avipbb - ok
18:19:19.0918 1696 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:19:19.0934 1696 avkmgr - ok
18:19:19.0981 1696 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:19:20.0043 1696 Beep - ok
18:19:20.0137 1696 blbdrive - ok
18:19:20.0231 1696 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:19:20.0278 1696 bowser - ok
18:19:20.0559 1696 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:19:20.0653 1696 BrFiltLo - ok
18:19:20.0887 1696 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:19:20.0934 1696 BrFiltUp - ok
18:19:21.0168 1696 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:19:21.0262 1696 Brserid - ok
18:19:21.0574 1696 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:19:21.0668 1696 BrSerWdm - ok
18:19:21.0949 1696 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:19:22.0012 1696 BrUsbMdm - ok
18:19:22.0246 1696 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:19:22.0324 1696 BrUsbSer - ok
18:19:22.0371 1696 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:19:22.0449 1696 BTHMODEM - ok
18:19:22.0559 1696 catchme - ok
18:19:22.0653 1696 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:19:22.0715 1696 cdfs - ok
18:19:22.0840 1696 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:19:22.0934 1696 cdrom - ok
18:19:23.0074 1696 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:19:23.0184 1696 circlass - ok
18:19:23.0356 1696 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:19:23.0387 1696 CLFS - ok
18:19:23.0637 1696 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:19:23.0653 1696 cmdide - ok
18:19:23.0778 1696 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
18:19:23.0809 1696 Compbatt - ok
18:19:23.0840 1696 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:19:23.0840 1696 crcdisk - ok
18:19:23.0871 1696 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:19:23.0918 1696 Crusoe - ok
18:19:24.0153 1696 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:19:24.0184 1696 DfsC - ok
18:19:24.0481 1696 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:19:24.0512 1696 disk - ok
18:19:24.0965 1696 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:19:25.0028 1696 drmkaud - ok
18:19:25.0387 1696 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:19:25.0606 1696 DXGKrnl - ok
18:19:25.0918 1696 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
18:19:26.0028 1696 e1express - ok
18:19:26.0309 1696 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:19:26.0387 1696 E1G60 - ok
18:19:26.0778 1696 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:19:26.0824 1696 Ecache - ok
18:19:27.0121 1696 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:19:27.0184 1696 elxstor - ok
18:19:27.0481 1696 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:19:27.0590 1696 exfat - ok
18:19:27.0856 1696 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:19:28.0012 1696 fastfat - ok
18:19:28.0324 1696 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:19:28.0403 1696 fdc - ok
18:19:28.0699 1696 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:19:28.0715 1696 FileInfo - ok
18:19:28.0949 1696 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:19:29.0012 1696 Filetrace - ok
18:19:29.0309 1696 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:19:29.0371 1696 flpydisk - ok
18:19:29.0637 1696 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:19:29.0668 1696 FltMgr - ok
18:19:29.0918 1696 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:19:29.0965 1696 Fs_Rec - ok
18:19:30.0153 1696 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:19:30.0184 1696 gagp30kx - ok
18:19:30.0246 1696 HCW88AUD (ce79da76673df8a01e93b2668e3dbbef) C:\Windows\system32\drivers\hcw88aud.sys
18:19:30.0309 1696 HCW88AUD - ok
18:19:30.0418 1696 HCW88BDA (be6f852fb3a7143bdecc83cac0023920) C:\Windows\system32\drivers\hcw88bda.sys
18:19:30.0496 1696 HCW88BDA - ok
18:19:30.0684 1696 HCW88TSE (9e461f4dba9f1343c4c49a12c035c481) C:\Windows\system32\drivers\hcw88tse.sys
18:19:30.0887 1696 HCW88TSE - ok
18:19:31.0215 1696 HCW88TUNE (d837bfe5f2c70a83ce66530816f96d95) C:\Windows\system32\drivers\hcw88tun.sys
18:19:31.0340 1696 HCW88TUNE - ok
18:19:31.0715 1696 hcw88vid (74aa23064b0bb15eac52a3f7bca8f50c) C:\Windows\system32\drivers\hcw88vid.sys
18:19:31.0793 1696 hcw88vid - ok
18:19:32.0074 1696 HCW88XBAR (b58e76d3113ff7ac102709597bc123c7) C:\Windows\system32\drivers\HCW88BAR.sys
18:19:32.0278 1696 HCW88XBAR - ok
18:19:32.0559 1696 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:19:32.0684 1696 HdAudAddService - ok
18:19:33.0043 1696 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:19:33.0262 1696 HDAudBus - ok
18:19:33.0559 1696 HECI (d0fc694df051bc65946db616f20d1168) C:\Windows\system32\DRIVERS\HECI.sys
18:19:33.0621 1696 HECI - ok
18:19:34.0418 1696 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:19:34.0496 1696 HidBth - ok
18:19:34.0699 1696 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:19:34.0778 1696 HidIr - ok
18:19:35.0028 1696 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:19:35.0106 1696 HidUsb - ok
18:19:35.0324 1696 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:19:35.0340 1696 HpCISSs - ok
18:19:35.0762 1696 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:19:35.0856 1696 HTTP - ok
18:19:36.0184 1696 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:19:36.0215 1696 i2omp - ok
18:19:36.0543 1696 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:19:36.0574 1696 i8042prt - ok
18:19:36.0824 1696 iaStor (de01bf14ffb150c779fd561bd0e3c5c5) C:\Windows\system32\drivers\iastor.sys
18:19:36.0887 1696 iaStor - ok
18:19:37.0184 1696 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:19:37.0215 1696 iaStorV - ok
18:19:37.0465 1696 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:19:37.0481 1696 iirsp - ok
18:19:38.0074 1696 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
18:19:38.0559 1696 IntcAzAudAddService - ok
18:19:38.0840 1696 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
18:19:38.0887 1696 IntelDH - ok
18:19:39.0293 1696 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
18:19:39.0309 1696 intelide - ok
18:19:39.0559 1696 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:19:39.0590 1696 intelppm - ok
18:19:39.0856 1696 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:19:39.0903 1696 IpFilterDriver - ok
18:19:40.0137 1696 IpInIp - ok
18:19:40.0496 1696 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:19:40.0559 1696 IPMIDRV - ok
18:19:40.0809 1696 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:19:40.0871 1696 IPNAT - ok
18:19:41.0121 1696 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:19:41.0199 1696 IRENUM - ok
18:19:41.0434 1696 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:19:41.0449 1696 isapnp - ok
18:19:41.0668 1696 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:19:41.0699 1696 iScsiPrt - ok
18:19:41.0949 1696 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:19:41.0965 1696 iteatapi - ok
18:19:42.0074 1696 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:19:42.0090 1696 iteraid - ok
18:19:42.0231 1696 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:19:42.0246 1696 kbdclass - ok
18:19:42.0387 1696 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:19:42.0434 1696 kbdhid - ok
18:19:42.0809 1696 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:19:42.0887 1696 KSecDD - ok
18:19:43.0199 1696 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:19:43.0262 1696 lltdio - ok
18:19:43.0496 1696 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:19:43.0528 1696 LSI_FC - ok
18:19:43.0824 1696 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:19:43.0871 1696 LSI_SAS - ok
18:19:44.0231 1696 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:19:44.0246 1696 LSI_SCSI - ok
18:19:44.0496 1696 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:19:44.0559 1696 luafv - ok
18:19:44.0934 1696 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:19:44.0949 1696 megasas - ok
18:19:45.0324 1696 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:19:45.0387 1696 Modem - ok
18:19:45.0668 1696 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:19:45.0715 1696 monitor - ok
18:19:45.0981 1696 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:19:45.0996 1696 mouclass - ok
18:19:46.0559 1696 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:19:46.0621 1696 mouhid - ok
18:19:46.0887 1696 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:19:46.0918 1696 MountMgr - ok
18:19:47.0215 1696 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:19:47.0231 1696 mpio - ok
18:19:47.0496 1696 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:19:47.0559 1696 mpsdrv - ok
18:19:47.0871 1696 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:19:47.0887 1696 Mraid35x - ok
18:19:48.0168 1696 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:19:48.0262 1696 MRxDAV - ok
18:19:48.0559 1696 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:19:48.0621 1696 mrxsmb - ok
18:19:48.0809 1696 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:19:48.0856 1696 mrxsmb10 - ok
18:19:49.0168 1696 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:19:49.0199 1696 mrxsmb20 - ok
18:19:49.0496 1696 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:19:49.0512 1696 msahci - ok
18:19:49.0715 1696 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:19:49.0746 1696 msdsm - ok
18:19:50.0043 1696 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:19:50.0121 1696 Msfs - ok
18:19:50.0418 1696 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:19:50.0449 1696 msisadrv - ok
18:19:50.0699 1696 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:19:50.0762 1696 MSKSSRV - ok
18:19:51.0028 1696 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:19:51.0059 1696 MSPCLOCK - ok
18:19:51.0278 1696 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:19:51.0340 1696 MSPQM - ok
18:19:51.0637 1696 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:19:51.0699 1696 MsRPC - ok
18:19:51.0903 1696 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:19:51.0934 1696 mssmbios - ok
18:19:52.0168 1696 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:19:52.0246 1696 MSTEE - ok
18:19:52.0543 1696 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:19:52.0574 1696 Mup - ok
18:19:52.0762 1696 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:19:52.0809 1696 NativeWifiP - ok
18:19:52.0965 1696 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:19:53.0059 1696 NDIS - ok
18:19:53.0403 1696 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:19:53.0449 1696 NdisTapi - ok
18:19:53.0731 1696 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:19:53.0778 1696 Ndisuio - ok
18:19:54.0074 1696 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:19:54.0106 1696 NdisWan - ok
18:19:54.0324 1696 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:19:54.0371 1696 NDProxy - ok
18:19:54.0606 1696 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:19:54.0653 1696 NetBIOS - ok
18:19:54.0965 1696 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:19:55.0012 1696 netbt - ok
18:19:55.0293 1696 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:19:55.0324 1696 nfrd960 - ok
18:19:55.0637 1696 nmsgopro (acc8d7fc0da793450f5f257d9ce4ff75) C:\Windows\system32\DRIVERS\nmsgopro.sys
18:19:55.0699 1696 nmsgopro - ok
18:19:55.0918 1696 nmsunidr (64fa28c15dd71a80bef3527e1ef07df6) C:\Windows\system32\DRIVERS\nmsunidr.sys
18:19:55.0981 1696 nmsunidr - ok
18:19:56.0231 1696 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:19:56.0278 1696 Npfs - ok
18:19:56.0528 1696 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:19:56.0606 1696 nsiproxy - ok
18:19:56.0871 1696 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:19:58.0121 1696 Ntfs - ok
18:19:58.0356 1696 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:19:58.0465 1696 ntrigdigi - ok
18:19:58.0699 1696 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:19:58.0762 1696 Null - ok
18:19:59.0043 1696 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys
18:19:59.0137 1696 nvatabus - ok
18:20:00.0528 1696 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:20:10.0074 1696 nvlddmkm - ok
18:20:10.0340 1696 nvraid (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys
18:20:10.0434 1696 nvraid - ok
18:20:10.0731 1696 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:20:10.0746 1696 nvstor - ok
18:20:11.0121 1696 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:20:11.0153 1696 nv_agp - ok
18:20:11.0403 1696 NwlnkFlt - ok
18:20:11.0574 1696 NwlnkFwd - ok
18:20:11.0887 1696 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:20:11.0903 1696 ohci1394 - ok
18:20:12.0199 1696 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:20:12.0278 1696 Parport - ok
18:20:12.0574 1696 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:20:12.0606 1696 partmgr - ok
18:20:12.0840 1696 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:20:12.0918 1696 Parvdm - ok
18:20:13.0262 1696 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:20:13.0309 1696 pci - ok
18:20:13.0590 1696 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:20:13.0606 1696 pciide - ok
18:20:13.0840 1696 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:20:13.0887 1696 pcmcia - ok
18:20:14.0356 1696 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:20:14.0746 1696 PEAUTH - ok
18:20:15.0012 1696 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:20:15.0090 1696 PptpMiniport - ok
18:20:15.0356 1696 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:20:15.0496 1696 Processor - ok
18:20:15.0731 1696 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:20:15.0778 1696 PSched - ok
18:20:16.0199 1696 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:20:16.0653 1696 ql2300 - ok
18:20:16.0934 1696 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:20:16.0965 1696 ql40xx - ok
18:20:17.0324 1696 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:20:17.0496 1696 QWAVEdrv - ok
18:20:17.0684 1696 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:20:17.0746 1696 RasAcd - ok
18:20:17.0949 1696 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:20:18.0028 1696 Rasl2tp - ok
18:20:18.0418 1696 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:20:18.0481 1696 RasPppoe - ok
18:20:18.0684 1696 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:20:18.0731 1696 RasSstp - ok
18:20:18.0981 1696 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:20:19.0090 1696 rdbss - ok
18:20:19.0371 1696 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:20:19.0418 1696 RDPCDD - ok
18:20:19.0684 1696 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:20:19.0793 1696 rdpdr - ok
18:20:19.0996 1696 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:20:20.0074 1696 RDPENCDD - ok
18:20:20.0418 1696 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:20:20.0512 1696 RDPWD - ok
18:20:20.0793 1696 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:20:20.0856 1696 rspndr - ok
18:20:21.0121 1696 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:20:21.0137 1696 sbp2port - ok
18:20:21.0293 1696 SDDMI2 - ok
18:20:21.0496 1696 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:20:21.0543 1696 secdrv - ok
18:20:21.0778 1696 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:20:21.0840 1696 Serenum - ok
18:20:21.0981 1696 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:20:22.0074 1696 Serial - ok
18:20:22.0324 1696 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:20:22.0387 1696 sermouse - ok
18:20:22.0684 1696 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:20:22.0762 1696 sffdisk - ok
18:20:23.0059 1696 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:20:23.0121 1696 sffp_mmc - ok
18:20:23.0465 1696 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:20:23.0543 1696 sffp_sd - ok
18:20:23.0934 1696 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:20:24.0028 1696 sfloppy - ok
18:20:24.0387 1696 SIS163u (15e6a5a0650b500f63f33c5c0fd021ed) C:\Windows\system32\DRIVERS\sis163u.sys
18:20:24.0543 1696 SIS163u - ok
18:20:24.0871 1696 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:20:24.0871 1696 sisagp - ok
18:20:25.0074 1696 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys
18:20:25.0168 1696 SiSRaid2 - ok
18:20:25.0418 1696 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:20:25.0434 1696 SiSRaid4 - ok
18:20:25.0668 1696 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:20:25.0731 1696 Smb - ok
18:20:25.0996 1696 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:20:26.0028 1696 spldr - ok
18:20:26.0278 1696 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:20:26.0449 1696 srv - ok
18:20:26.0699 1696 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:20:26.0793 1696 srv2 - ok
18:20:27.0059 1696 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:20:27.0121 1696 srvnet - ok
18:20:27.0371 1696 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:20:27.0403 1696 ssmdrv - ok
18:20:27.0668 1696 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:20:27.0684 1696 swenum - ok
18:20:27.0934 1696 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:20:27.0965 1696 Symc8xx - ok
18:20:28.0246 1696 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:20:28.0278 1696 Sym_hi - ok
18:20:28.0653 1696 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:20:28.0668 1696 Sym_u3 - ok
18:20:29.0090 1696 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:20:29.0449 1696 Tcpip - ok
18:20:29.0824 1696 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:20:30.0059 1696 Tcpip6 - ok
18:20:30.0262 1696 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:20:30.0340 1696 tcpipreg - ok
18:20:30.0715 1696 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:20:30.0762 1696 TDPIPE - ok
18:20:31.0059 1696 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:20:31.0106 1696 TDTCP - ok
18:20:31.0324 1696 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:20:31.0371 1696 tdx - ok
18:20:31.0590 1696 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:20:31.0606 1696 TermDD - ok
18:20:31.0809 1696 TSHWMDTCP (3f6dc449398b21c213dcdd18f460df72) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
18:20:31.0840 1696 TSHWMDTCP - ok
18:20:32.0074 1696 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:20:32.0121 1696 tssecsrv - ok
18:20:32.0371 1696 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:20:32.0434 1696 tunmp - ok
18:20:32.0637 1696 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:20:32.0653 1696 tunnel - ok
18:20:32.0918 1696 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:20:32.0949 1696 uagp35 - ok
18:20:33.0184 1696 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:20:33.0215 1696 udfs - ok
18:20:33.0496 1696 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:20:33.0528 1696 uliagpkx - ok
18:20:33.0778 1696 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:20:33.0887 1696 uliahci - ok
18:20:34.0137 1696 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:20:34.0168 1696 UlSata - ok
18:20:34.0324 1696 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:20:34.0356 1696 ulsata2 - ok
18:20:34.0559 1696 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:20:34.0590 1696 umbus - ok
18:20:34.0856 1696 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:20:34.0934 1696 usbccgp - ok
18:20:35.0153 1696 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:20:35.0231 1696 usbcir - ok
18:20:35.0512 1696 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:20:35.0559 1696 usbehci - ok
18:20:35.0887 1696 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:20:35.0949 1696 usbhub - ok
18:20:36.0278 1696 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:20:36.0340 1696 usbohci - ok
18:20:36.0543 1696 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:20:36.0606 1696 usbprint - ok
18:20:36.0809 1696 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:20:36.0856 1696 usbscan - ok
18:20:37.0090 1696 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:20:37.0137 1696 USBSTOR - ok
18:20:37.0387 1696 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:20:37.0434 1696 usbuhci - ok
18:20:37.0699 1696 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:20:37.0746 1696 vga - ok
18:20:37.0949 1696 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:20:38.0012 1696 VgaSave - ok
18:20:38.0246 1696 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:20:38.0278 1696 viaagp - ok
18:20:38.0606 1696 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:20:38.0668 1696 ViaC7 - ok
18:20:38.0856 1696 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:20:38.0887 1696 viaide - ok
18:20:39.0168 1696 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
18:20:39.0231 1696 viamraid - ok
18:20:39.0403 1696 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:20:39.0418 1696 volmgr - ok
18:20:39.0559 1696 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:20:39.0637 1696 volmgrx - ok
18:20:39.0934 1696 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:20:40.0012 1696 volsnap - ok
18:20:40.0246 1696 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:20:40.0278 1696 vsmraid - ok
18:20:40.0574 1696 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:20:40.0653 1696 WacomPen - ok
18:20:40.0840 1696 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:20:40.0903 1696 Wanarp - ok
18:20:40.0934 1696 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:20:40.0965 1696 Wanarpv6 - ok
18:20:41.0199 1696 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:20:41.0231 1696 Wd - ok
18:20:41.0434 1696 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:20:41.0481 1696 Wdf01000 - ok
18:20:41.0653 1696 WINUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
18:20:41.0699 1696 WINUSB - ok
18:20:41.0824 1696 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:20:41.0887 1696 WmiAcpi - ok
18:20:42.0028 1696 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:20:42.0090 1696 ws2ifsl - ok
18:20:42.0168 1696 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:20:42.0231 1696 WUDFRd - ok
18:20:42.0278 1696 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:20:42.0621 1696 \Device\Harddisk0\DR0 - ok
18:20:42.0621 1696 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:20:42.0715 1696 \Device\Harddisk1\DR1 - ok
18:20:42.0731 1696 Boot (0x1200) (7fbfb6e7b42af3e93e11b557a6146ae1) \Device\Harddisk0\DR0\Partition0
18:20:42.0746 1696 \Device\Harddisk0\DR0\Partition0 - ok
18:20:42.0778 1696 Boot (0x1200) (86111b3cb728f0ff3896f642ba1e435f) \Device\Harddisk0\DR0\Partition1
18:20:42.0778 1696 \Device\Harddisk0\DR0\Partition1 - ok
18:20:42.0824 1696 Boot (0x1200) (47331210fef75a57da1c73c2f704773d) \Device\Harddisk0\DR0\Partition2
18:20:42.0856 1696 \Device\Harddisk0\DR0\Partition2 - ok
18:20:42.0887 1696 Boot (0x1200) (fdfda4625916bb679df55670f02f5531) \Device\Harddisk0\DR0\Partition3
18:20:42.0934 1696 \Device\Harddisk0\DR0\Partition3 - ok
18:20:42.0949 1696 Boot (0x1200) (9f9a4b8362752f2821404c963f3da6f9) \Device\Harddisk1\DR1\Partition0
18:20:42.0949 1696 \Device\Harddisk1\DR1\Partition0 - ok
18:20:42.0949 1696 ============================================================
18:20:42.0949 1696 Scan finished
18:20:42.0949 1696 ============================================================
18:20:42.0965 2012 Detected object count: 0
18:20:42.0965 2012 Actual detected object count: 0
Bin bereit für weitere Anweisungen. Grüße Petain |
|
10.03.2012, 16:13
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neue Funde von Avira Antivir! Was nun? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.03.2012, 22:07
| #23 |
| | Neue Funde von Avira Antivir! Was nun? Hallo Arne, hier das Logfile: Code:
ATTFilter ComboFix 12-03-10.02 - A**** 10.03.2012 20:48:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2030.1333 [GMT 1:00]
ausgeführt von:: c:\users\A****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-10 bis 2012-03-10 ))))))))))))))))))))))))))))))
.
.
2012-03-10 19:56 . 2012-03-10 19:56 -------- d-----w- c:\users\A****\AppData\Local\temp
2012-03-10 19:56 . 2012-03-10 19:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-10 19:56 . 2012-03-10 19:56 -------- d-----w- c:\users\M******\AppData\Local\temp
2012-03-09 17:27 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12334398-DF59-4CC9-92BC-7C99261F7572}\mpengine.dll
2012-03-07 13:22 . 2012-03-07 13:22 -------- d-----w- c:\program files\ESET
2012-02-24 20:24 . 2012-02-24 20:24 -------- d-----w- c:\users\A****\AppData\Roaming\SUPERAntiSpyware.com
2012-02-24 20:23 . 2012-02-24 20:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-24 17:51 . 2012-02-24 17:51 -------- d-----w- c:\users\G***\AppData\Roaming\Malwarebytes
2012-02-19 17:58 . 2012-02-19 17:58 -------- d-----w- C:\_OTL
2012-02-15 13:46 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 13:46 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 13:46 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-12 15:10 . 2012-02-12 15:10 -------- d-----w- c:\users\M******\AppData\Roaming\Malwarebytes
2012-02-12 15:08 . 2012-02-12 15:08 -------- d-----w- c:\users\A****\AppData\Roaming\Malwarebytes
2012-02-12 15:07 . 2012-02-12 15:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-12 15:07 . 2012-02-12 15:07 -------- d-----w- c:\programdata\Malwarebytes
2012-02-12 15:07 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 18:37 . 2011-05-30 19:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2009-10-04 17:49 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 18:12 . 2011-12-10 12:41 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-24 08:00 . 2011-08-20 20:03 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-08-20 273528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-22 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\G***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DOGS DIARY.lnk - c:\program files\DOGS DIARY\DOGS DIARY.exe [2010-9-14 142336]
.
c:\users\M******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DOGS DIARY.lnk - c:\program files\DOGS DIARY\DOGS DIARY.exe [2010-9-14 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2889648171-373102870-1120645299-1001.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\A****\AppData\Roaming\Mozilla\Firefox\Profiles\gl6jq6a3.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-10 20:56
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-10 20:59:12
ComboFix-quarantined-files.txt 2012-03-10 19:59
ComboFix2.txt 2012-02-23 15:22
.
Vor Suchlauf: 21 Verzeichnis(se), 91.357.532.160 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 91.339.673.600 Bytes frei
.
- - End Of File - - 6DA05FFBB83E9967484D811F44285288
Bin bereit für weitere Anweisungen. Viele Grüße Petain |
|
12.03.2012, 14:27
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neue Funde von Avira Antivir! Was nun? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2012, 22:27
| #25 | |
| | Neue Funde von Avira Antivir! Was nun? Hallo Arne! Was ich mich schon lange Frage: Ist es eigentlich bei den Scans entscheidend, von welchem Account aus ich die ganzen Prüfungen anstarte? Ich führe alle Scans vom Administrator-Account aus durch. Es gibt aber noch 3 weitere Accounts auf meinem Rechner. Hier nun die Logs: 1. GMER Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-12 21:38:48
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST332082 rev.3.AA
Running: z62jjrh8.exe; Driver: C:\Users\A****\AppData\Local\Temp\uxldqpow.sys
---- System - GMER 1.0.15 ----
SSDT 8A9F8B16 ZwCreateSection
SSDT 8A9F8B20 ZwRequestWaitReplyPort
SSDT 8A9F8B1B ZwSetContextThread
SSDT 8A9F8B25 ZwSetSecurityObject
SSDT 8A9F8B2A ZwSystemDebugControl
SSDT 8A9F8AB7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 822B4998 4 Bytes [16, 8B, 9F, 8A]
.text ntkrnlpa.exe!KeSetEvent + 539 822B4CBC 4 Bytes [20, 8B, 9F, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 822B4CF0 4 Bytes [1B, 8B, 9F, 8A]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822B4D54 4 Bytes [25, 8B, 9F, 8A]
.text ntkrnlpa.exe!KeSetEvent + 619 822B4D9C 4 Bytes [2A, 8B, 9F, 8A]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3244] kernel32.dll!SetUnhandledExceptionFilter 75DDA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7463A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74618395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [745EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7466CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7460C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
2. OSAM Code:
ATTFilter eport of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:53:38 on 12.03.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Opera Software Opera Internet Browser 11.61 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "RealUpgradeScheduledTaskS-1-5-21-2889648171-373102870-1120645299-1001.job" - "RealNetworks, Inc." - C:\Program Files\Real\RealUpgrade\realupgrade.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "odbccp32.cpl" - "Microsoft Corporation" - C:\Windows\system32\odbccp32.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\A****\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "SDDMI2" (SDDMI2) - ? - C:\Windows\system32\DDMI2.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TSHWMDTCP" (TSHWMDTCP) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys (File found, but it contains no detailed information) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {4EB37360-49E8-11D3-95B5-004033382980} "ALZip 5.0 Context Menu Shell Extension" - "ESTsoft" - C:\PROGRA~1\ESTsoft\ALZip\AZCTM.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Binder Unbind" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\1031\UNBIND.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {32A9D769-5B55-4a25-9A62-86B5683FE50A} "NikonView Drop Extension" - "Nikon Corporation" - C:\Program Files\Nikon\NkView6\NkvDropExt.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\A****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "NMSSupport" - "Intel Corporation" - "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot "Windows Mobile-based device management" - "Microsoft Corporation" - %windir%\WindowsMobile\wmdc.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PDF995 Monitor" - ? - C:\Windows\system32\pdf995mon.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "Intel DH Service" (IntelDHSvcConf) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe "Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe "Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe "Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe "Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe "Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Zitat:
3. aswMBR Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-12 22:08:42
-----------------------------
22:08:42.995 OS Version: Windows 6.0.6002 Service Pack 2
22:08:42.995 Number of processors: 2 586 0xF02
22:08:42.995 ComputerName: G***** UserName: A****
22:08:43.651 Initialize success
22:11:36.668 AVAST engine defs: 12031200
22:12:08.699 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:12:08.699 Disk 0 Vendor: ST332082 3.AA Size: 305244MB BusType: 3
22:12:08.730 Disk 0 MBR read successfully
22:12:08.730 Disk 0 MBR scan
22:12:08.761 Disk 0 Windows VISTA default MBR code
22:12:08.777 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
22:12:08.793 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 153600 MB offset 24578048
22:12:08.793 Disk 0 Partition - 00 0F Extended LBA 79077 MB offset 339150848
22:12:08.824 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60566 MB offset 501100544
22:12:08.839 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 60569 MB offset 339152896
22:12:08.855 Disk 0 Partition - 00 05 Extended 18507 MB offset 463198208
22:12:08.886 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 18506 MB offset 463200256
22:12:08.918 Disk 0 scanning sectors +625139712
22:12:08.980 Disk 0 scanning C:\Windows\system32\drivers
22:12:17.433 Service scanning
22:12:37.793 Modules scanning
22:12:42.589 Disk 0 trace - called modules:
22:12:42.621 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:12:42.621 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c88a70]
22:12:42.636 3 CLASSPNP.SYS[8839d8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x851cc030]
22:12:43.183 AVAST engine scan C:\Windows
22:12:47.152 AVAST engine scan C:\Windows\system32
22:15:49.543 AVAST engine scan C:\Windows\system32\drivers
22:16:01.464 AVAST engine scan C:\Users\A****
22:16:41.136 AVAST engine scan C:\ProgramData
22:18:30.543 Scan finished successfully
22:18:52.261 Disk 0 MBR has been saved successfully to "C:\Users\A****\Desktop\TB-Files\MBR.dat"
22:18:52.277 The log file has been saved successfully to "C:\Users\A****\Desktop\TB-Files\aswMBR.txt"
Petain |
|
12.03.2012, 22:36
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neue Funde von Avira Antivir! Was nun? Solange du Adminrechte hast ist das egal von welchem Konto aus. catchme ist ein rootkitscanner, der von CF benutzt wird => catchme Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2012, 07:31
| #27 | |
| | Neue Funde von Avira Antivir! Was nun? Hallo Arne! Nachfolgend die beiden Logs: 1. Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.12.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 A**** :: G***** [Administrator] 12.03.2012 22:50:14 mbam-log-2012-03-12 (22-50-14).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 800072 Laufzeit: 2 Stunde(n), 12 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/14/2012 at 07:51 AM
Application Version : 5.0.1146
Core Rules Database Version : 8333
Trace Rules Database Version: 6145
Scan type : Complete Scan
Total Scan Time : 03:52:03
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 633
Memory threats detected : 0
Registry items scanned : 37006
Registry threats detected : 0
File items scanned : 388390
File threats detected : 446
Adware.Tracking Cookie
C:\Users\A****\AppData\Roaming\Microsoft\Windows\Cookies\PK3DR3QO.txt [ /atdmt.com ]
C:\Users\A****\AppData\Roaming\Microsoft\Windows\Cookies\RS5AAI3J.txt [ /doubleclick.net ]
C:\Users\A****\AppData\Roaming\Microsoft\Windows\Cookies\VSCQBZHW.txt [ /serving-sys.com ]
C:\Users\A****\AppData\Roaming\Microsoft\Windows\Cookies\2RC3WDOT.txt [ /smartadserver.com ]
C:\Users\A****\AppData\Roaming\Microsoft\Windows\Cookies\7WJI6NUM.txt [ /mediaplex.com ]
C:\Users\A****\AppData\Roaming\Microsoft\Windows\Cookies\V0LMOJRO.txt [ /bs.serving-sys.com ]
C:\Users\A****\AppData\Roaming\Microsoft\Windows\Cookies\1IH9YKA8.txt [ /apmebf.com ]
C:\Users\A****\AppData\Roaming\Microsoft\Windows\Cookies\SVR2U3O7.txt [ /c.atdmt.com ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\65VP6M94.txt [ Cookie:A****@adfarm1.adition.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\DRM49NRR.txt [ Cookie:A****@adform.net/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\HN8MNJ5H.txt [ Cookie:A****@ad.zanox.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\RM29MBJ2.txt [ Cookie:A****@zanox.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\NNVRPJBO.txt [ Cookie:A****@tracking.quisma.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\1RYF00WD.txt [ Cookie:A****@doubleclick.net/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\RT4B6USP.txt [ Cookie:A****@fr.sitestat.com/eurosport/yahoode/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\O11TFP63.txt [ Cookie:A****@invitemedia.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z5WF1AOD.txt [ Cookie:A****@serving-sys.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\LU5PNBWE.txt [ Cookie:A****@mediaplex.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\F7RM4ZIY.txt [ Cookie:A****@track.adform.net/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\4S050V7J.txt [ Cookie:A****@ad2.adfarm1.adition.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\KXEEMU68.txt [ Cookie:A****@bs.serving-sys.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\AH5KDB11.txt [ Cookie:A****@c.atdmt.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\49CDWEDH.txt [ Cookie:A****@ad.yieldmanager.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\VLY0FS6L.txt [ Cookie:A****@apmebf.com/ ]
C:\USERS\A****\AppData\Roaming\Microsoft\Windows\Cookies\Low\31ZZWDEV.txt [ Cookie:A****@fr.sitestat.com/eurosport/ ]
C:\USERS\A****\Cookies\RS5AAI3J.txt [ Cookie:A****@doubleclick.net/ ]
C:\USERS\A****\Cookies\VSCQBZHW.txt [ Cookie:A****@serving-sys.com/ ]
C:\USERS\A****\Cookies\2RC3WDOT.txt [ Cookie:A****@smartadserver.com/ ]
C:\USERS\A****\Cookies\7WJI6NUM.txt [ Cookie:A****@mediaplex.com/ ]
C:\USERS\A****\Cookies\V0LMOJRO.txt [ Cookie:A****@bs.serving-sys.com/ ]
C:\USERS\A****\Cookies\1IH9YKA8.txt [ Cookie:A****@apmebf.com/ ]
C:\USERS\A****\Cookies\SVR2U3O7.txt [ Cookie:A****@c.atdmt.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\C7640UX6.txt [ Cookie:B******@mediaplex.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\DCMZQ1N2.txt [ Cookie:B******@tracking.quisma.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\11P5SURN.txt [ Cookie:B******@imrworldwide.com/cgi-bin ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\AT3BJYDE.txt [ Cookie:B******@im.banner.t-online.de/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\MD7I2Z3I.txt [ Cookie:B******@ad1.adfarm1.adition.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\1H5CFNWH.txt [ Cookie:B******@xiti.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\EA4MHYPT.txt [ Cookie:B******@atdmt.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\M1FMCV1G.txt [ Cookie:B******@stat.aldi.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\MKXQDXW2.txt [ Cookie:B******@revsci.net/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\WW3EP2XN.txt [ Cookie:B******@zanox.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\0IZ9YFZF.txt [ Cookie:B******@tracking.tchibo.de/683553670525906/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\CXMA2XBI.txt [ Cookie:B******@www.googleadservices.com/pagead/conversion/1071562228/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\949C3Z2P.txt [ Cookie:B******@dyntracker.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\3LQ9HXC0.txt [ Cookie:B******@webmasterplan.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\GO69H05R.txt [ Cookie:B******@doubleclick.net/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\MX66F6D8.txt [ Cookie:B******@ad4.adfarm1.adition.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\OECM1II3.txt [ Cookie:B******@richmedia.yahoo.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\6CGN7O17.txt [ Cookie:B******@ad2.adfarm1.adition.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\L1I5D2D4.txt [ Cookie:B******@fastclick.net/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\PURYOPKL.txt [ Cookie:B******@www.googleadservices.com/pagead/conversion/1055529609/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\YH1EEGJL.txt [ Cookie:B******@manpower.122.2o7.net/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZMEFO148.txt [ Cookie:B******@stat.aldi.com/dcsfq2jxwixy5f1mioa8p9lnl_5x1d ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\FTBGDNKV.txt [ Cookie:B******@de.sitestat.com/otto-de/ogr/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\EE2W4JE4.txt [ Cookie:B******@apmebf.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\68B1TO2I.txt [ Cookie:B******@adfarm1.adition.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\XZV8HFYP.txt [ Cookie:B******@ad3.adfarm1.adition.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\S6180CFC.txt [ Cookie:B******@serving-sys.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\GSHMB7RW.txt [ Cookie:B******@adserver.mvg-werbung.de/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\109A0PX7.txt [ Cookie:B******@www.googleadservices.com/pagead/conversion/1069798863/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\4N7T2H3A.txt [ Cookie:B******@www.googleadservices.com/pagead/conversion/1036174608/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\3DIDOCJS.txt [ Cookie:B******@amazon-adsystem.com/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\5B0Y7GD4.txt [ Cookie:B******@yieldmanager.net/ ]
C:\USERS\B******\AppData\Roaming\Microsoft\Windows\Cookies\Low\NZQRQY8U.txt [ Cookie:B******@www.zanox-affiliate.de/ ]
C:\USERS\G***\AppData\Roaming\Microsoft\Windows\Cookies\17L1Z2CV.txt [ Cookie:G***@ad.dyntracker.de/ ]
C:\USERS\G***\AppData\Roaming\Microsoft\Windows\Cookies\2PTW9ADB.txt [ Cookie:G***@dyntracker.com/ ]
C:\USERS\G***\AppData\Roaming\Microsoft\Windows\Cookies\432JIDPX.txt [ Cookie:G***@smartadserver.com/ ]
C:\USERS\G***\AppData\Roaming\Microsoft\Windows\Cookies\Y7K780GS.txt [ Cookie:G***@apmebf.com/ ]
C:\USERS\G***\AppData\Roaming\Microsoft\Windows\Cookies\JFFJHISV.txt [ Cookie:G***@mediaplex.com/ ]
C:\USERS\G***\AppData\Roaming\Microsoft\Windows\Cookies\DW54P2F5.txt [ Cookie:G***@zanox-affiliate.de/ ]
C:\USERS\G***\AppData\Roaming\Microsoft\Windows\Cookies\Low\1CWIJAHT.txt [ Cookie:G***@c.atdmt.com/ ]
C:\USERS\G***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z3UT5K90.txt [ Cookie:G***@msnportal.112.2o7.net/ ]
C:\USERS\G***\Cookies\17L1Z2CV.txt [ Cookie:G***@ad.dyntracker.de/ ]
C:\USERS\G***\Cookies\2PTW9ADB.txt [ Cookie:G***@dyntracker.com/ ]
C:\USERS\G***\Cookies\432JIDPX.txt [ Cookie:G***@smartadserver.com/ ]
C:\USERS\G***\Cookies\Y7K780GS.txt [ Cookie:G***@apmebf.com/ ]
C:\USERS\G***\Cookies\JFFJHISV.txt [ Cookie:G***@mediaplex.com/ ]
C:\USERS\G***\Cookies\DW54P2F5.txt [ Cookie:G***@zanox-affiliate.de/ ]
C:\USERS\M******\AppData\Roaming\Microsoft\Windows\Cookies\3DODGBR8.txt [ Cookie:M******@statse.webtrendslive.com/ ]
C:\USERS\M******\AppData\Roaming\Microsoft\Windows\Cookies\YSZZN6HU.txt [ Cookie:M******@mediaplex.com/ ]
C:\USERS\M******\AppData\Roaming\Microsoft\Windows\Cookies\GM4QHZT3.txt [ Cookie:M******@ad.zanox.com/ ]
C:\USERS\M******\AppData\Roaming\Microsoft\Windows\Cookies\AA2C3OJH.txt [ Cookie:M******@tracking.mlsat02.de/tmobile/rechnung_online/ ]
C:\USERS\M******\AppData\Roaming\Microsoft\Windows\Cookies\X76TX1O0.txt [ Cookie:M******@zanox.com/ ]
C:\USERS\M******\AppData\Roaming\Microsoft\Windows\Cookies\LJED2DXH.txt [ Cookie:M******@smartadserver.com/ ]
C:\USERS\M******\AppData\Roaming\Microsoft\Windows\Cookies\QFX0UFM1.txt [ Cookie:M******@apmebf.com/ ]
C:\USERS\M******\Cookies\3DODGBR8.txt [ Cookie:M******@statse.webtrendslive.com/ ]
C:\USERS\M******\Cookies\YSZZN6HU.txt [ Cookie:M******@mediaplex.com/ ]
C:\USERS\M******\Cookies\GM4QHZT3.txt [ Cookie:M******@ad.zanox.com/ ]
C:\USERS\M******\Cookies\AA2C3OJH.txt [ Cookie:M******@tracking.mlsat02.de/tmobile/rechnung_online/ ]
C:\USERS\M******\Cookies\X76TX1O0.txt [ Cookie:M******@zanox.com/ ]
C:\USERS\M******\Cookies\LJED2DXH.txt [ Cookie:M******@smartadserver.com/ ]
C:\USERS\M******\Cookies\QFX0UFM1.txt [ Cookie:M******@apmebf.com/ ]
.doubleclick.net [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\A****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GL6JQ6A3.DEFAULT\COOKIES.SQLITE ]
media.filb.de [ C:\USERS\G***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JTHUW4AD ]
.doubleclick.net [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\G***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G3OW5HJS.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
www.active-tracking.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
media.jobware.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.iframe.mediaplazza.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.iframe.mediaplazza.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.iframe.mediaplazza.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
adserver2.clipkit.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tvtv.122.2o7.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.olympiaverlag.122.2o7.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
adverts.creativemark.co.uk [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.tweetminster.co.uk [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.tweetminster.co.uk [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.tweetminster.co.uk [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.e-2dj6wgkikoczkko.stats.esomniture.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.e-2dj6wjlokic5ebp.stats.esomniture.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
adx2.chip.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.w3counter.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adlegend.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.e-2dj6wjlyqhcjwlo.stats.esomniture.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.estat.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.estat.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.dyntracker.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adform.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\M******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2Z7L2TQO.MG\COOKIES.SQLITE ]
Heur.Agent/Gen-WhiteBox
ZIP ARCHIVE( F:\DATENSICHERUNG_20111006\K_20111006\SHARED\NIKON\FFUNLOCK.ZIP )/FFUNLOCK.EXE
F:\DATENSICHERUNG_20111006\K_20111006\SHARED\NIKON\FFUNLOCK.ZIP
Zitat:
Weitere Schritte? 1. Die Cookies würde ich wieder löschen? 2. Von 6 FFUNLOCK-Dateien (jeweils in einer Zip-Datei und außerhalb der Zip-Datei - jeweils auf meiner normalen Festplatte und in 2 Datensicherungen) hat SUPERAntiSpyware nur zwei gefunden. Interessanterweise unterscheiden sich die gefundenen Dateien von den anderen in der Änderungs-Uhrzeit im WindowsExplorer. Eigentlich sollten es alles exakte Kopien (weil 1:1 Datensicherungen) sein. Kann hier ein Virus etwas verändert haben? Ich würde die bemängelten Dateien auch löschen. Bist Du damit einverstanden??? Hast Du einen alternativen Programmvorschlag zum Beenden von laufenden Prozessen (aus einer sicheren bzw. sauberen Quelle)? Dann würde ich dieses FFUNLOCK komplett löschen. Viele Grüße Petain |
|
15.03.2012, 22:11
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neue Funde von Avira Antivir! Was nun? Sieht ok aus, da wurden nur Cookies gefunden. Das andere sind eher Fehlalarme. Aber wenn du es eh nicht mehr brauchst kannst es ja löschen. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2012, 23:50
| #29 |
| | Neue Funde von Avira Antivir! Was nun? Hallo Arne! Ich hatte meinen Rechner zwischendurch ausgeschaltet. Daher lasse ich SUPERAntiSpyware jetzt mal nochmals laufen und werde dann die Cookies und die besagten FFUNLOCK-Dateien löschen lassen. Weitere Probleme und Funde habe ich eigentlich nicht. Aber kann es sein, dass die Diagnoseprogramme einige Ordner sichtbar gemacht haben, welche ich bisher nicht wahrgenommen hatte? Beispiel: C:/Boot Auf meiner externen Festplatte sind jetzt auch zwei leere Verzeichnisse mit Erstellungsdatum 19.05.2005 und 20.10.2005 sichtbar: "_Restore" und "Recycled". Kann sein, dass ich die Festplatte 2005 gekauft habe. Werden diese Ordner nach der Deinstallation der Diagnoseprogramme wieder unsichtbar? Kann ich "_Restore" und "Recycled" bedenkenlos löschen oder werden diese für irgendwas benötigt? In den Eigenschaften stand "Schreibgeschützt". Grüße Petain |
|
16.03.2012, 17:20
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neue Funde von Avira Antivir! Was nun? Die Objekte werden einfach nur nich angezeigt in der Standardansicht. Einfach andersrum vorgehen wie hier beschrieben http://www.trojaner-board.de/59624-a...-sichtbar.html Zitat:
Ich weiß auch nicht warum solche Objekte nerven Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Neue Funde von Avira Antivir! Was nun? |
| .dll, administrator, antivir, autostart, avg, avira, csrss.exe, dateisystem, desktop, explorer.exe, free, heuristiks/extra, heuristiks/shuriken, lsass.exe, malwarebytes, mdm.exe, modul, namen, neue, nt.dll, programm, prozesse, registry, service.exe, services.exe, spoolsv.exe, svchost.exe, verweise, windows, winlogon.exe |
Linear-Darstellung
