Malwarebytes findet Trojan.XBuild402

chrissie65 · 18.10.2012, 07:48

Hier einmal der Log von Osam.
Gmer hatte ich jetzt beinahe eine Woche durchlaufen lassen und heute Nacht hat mein PC dann neu gestartet und so war wahrscheinlich alles weg. Ich mach aber nochmal einen neuen Scan und poste es dann, denn gefunden hat er m.E. schon was, jedenfalls habe ich irgendeine Liste von Attached files gesehen...
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 08:37:00 on 18.10.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001Core.job" - "Google Inc." - C:\Users\DREAM\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001UA.job" - "Google Inc." - C:\Users\DREAM\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Norton Security Scan for DREAM.job" - "Symantec Corporation" - C:\PROGRA~1\NORTON~2\Engine\351~1.8\Nss.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
"catchme" (catchme) - ? - C:\Users\DREAM\AppData\Local\Temp\catchme.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"fwdoapow" (fwdoapow) - ? - C:\Users\DREAM\AppData\Local\Temp\fwdoapow.sys  (Hidden registry entry, rootkit activity | File not found)
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121017.001\IDSvix86.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121017.019\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121017.019\NAVEX15.SYS
"Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1308000.00E\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1308000.00E\SYMEFA.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS
"Symantec Network Security WFP Driver" (SymNetS) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
UltraCompare shell extension "{D3822C3D-45A0-44E9-91CA-019F9565D282}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{9A08E2D2-F749-401A-918D-D033C0BEB4F1} "ContextMenuHandler Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{82AA9188-44E0-40B9-B956-43A10C315B4F} "RootShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} "ShellDragDropHandler Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{7568C3F3-DF7E-436A-95C2-772819DF58B4} "ShellFolderExternal Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{119310E6-5FB7-4EEB-BEDB-9E229E76B9B4} "ShellFolderMultiUploadDestination Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{3B164627-7060-47BB-A1BE-DF5540B02821} "ShellFolderMultiUploadSource Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{6E0A0931-B89D-45B7-8BF0-F221A6D67257} "ShellFolderRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} "ShellFolderSearchRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} "SmartFTP ContextMenu Shell Extension" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{FD504287-1372-40d2-ACA6-216A8FCC243D} "SmartFTP FavoritesShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{0848278D-D88B-445b-BEDC-7DFBDB061F5F} "SmartFTP FavoritesShellFolderDesktop class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{40FDFA48-5F4E-4627-A78E-6A49A3D4492F} "SmartFTP ShellDropHandler Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} "SmartFTP ShellIconOverlayHandler" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_287.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
<binary data> "Contribute Toolbar" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{DA5BCE70-D057-4D63-943D-5F3927EC59F1} "SSOIEAddonBHO Class" - "Sensible Vision " - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Sensible Vision " - C:\Windows\system32\FAPassSync.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Mikogo" - ? - "C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp  (File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Acrobat Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Eraser" - "The Eraser Project" - "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
"FATrayAlert" - "Sensible Vision " - C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
"LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"1und1 Fax Monitor" - "1&1 Internet AG" - C:\Windows\system32\UI1&1MON.DLL
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll
"doPDF 7 Monitor" - "Softland" - C:\Windows\system32\dopdfmn7.dll
"GEngine Port Monitor" - ? - C:\Windows\system32\gengpmon.dll  (File found, but it contains no detailed information)
"VSP1:" - ? - C:\Windows\system32\vsmon1.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"DAZ Content Management Service" (DAZContentManagementService) - ? - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe  (File found, but it contains no detailed information)
"FAService" (FAService) - "Sensible Vision " - C:\Program Files\Sensible Vision\Fast Access\FAService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"M4-Service" (M4-Service) - ? - C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe  (File found, but it contains no detailed information)
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"mysql" (mysql) - ? - c:\xampp\mysql\bin\mysqld.exe
"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

Hier einmal der Log von Osam.
Gmer hatte ich jetzt beinahe eine Woche durchlaufen lassen und heute Nacht hat mein PC dann neu gestartet und so war wahrscheinlich alles weg. Ich mach aber nochmal einen neuen Scan und poste es dann, denn gefunden hat er m.E. schon was, jedenfalls habe ich irgendeine Liste von Attached files gesehen...
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 08:37:00 on 18.10.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001Core.job" - "Google Inc." - C:\Users\DREAM\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3313979477-441340846-3546100501-1001UA.job" - "Google Inc." - C:\Users\DREAM\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Norton Security Scan for DREAM.job" - "Symantec Corporation" - C:\PROGRA~1\NORTON~2\Engine\351~1.8\Nss.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
"catchme" (catchme) - ? - C:\Users\DREAM\AppData\Local\Temp\catchme.sys  (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"fwdoapow" (fwdoapow) - ? - C:\Users\DREAM\AppData\Local\Temp\fwdoapow.sys  (Hidden registry entry, rootkit activity | File not found)
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121017.001\IDSvix86.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121017.019\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121017.019\NAVEX15.SYS
"Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1308000.00E\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1308000.00E\SYMEFA.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS
"Symantec Network Security WFP Driver" (SymNetS) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1308000.00E\SYMNETS.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
UltraCompare shell extension "{D3822C3D-45A0-44E9-91CA-019F9565D282}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{9A08E2D2-F749-401A-918D-D033C0BEB4F1} "ContextMenuHandler Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{82AA9188-44E0-40B9-B956-43A10C315B4F} "RootShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} "ShellDragDropHandler Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{7568C3F3-DF7E-436A-95C2-772819DF58B4} "ShellFolderExternal Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{119310E6-5FB7-4EEB-BEDB-9E229E76B9B4} "ShellFolderMultiUploadDestination Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{3B164627-7060-47BB-A1BE-DF5540B02821} "ShellFolderMultiUploadSource Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{6E0A0931-B89D-45B7-8BF0-F221A6D67257} "ShellFolderRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} "ShellFolderSearchRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} "SmartFTP ContextMenu Shell Extension" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{FD504287-1372-40d2-ACA6-216A8FCC243D} "SmartFTP FavoritesShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{0848278D-D88B-445b-BEDC-7DFBDB061F5F} "SmartFTP FavoritesShellFolderDesktop class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{40FDFA48-5F4E-4627-A78E-6A49A3D4492F} "SmartFTP ShellDropHandler Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} "SmartFTP ShellIconOverlayHandler" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_287.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
<binary data> "Contribute Toolbar" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{DA5BCE70-D057-4D63-943D-5F3927EC59F1} "SSOIEAddonBHO Class" - "Sensible Vision " - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Sensible Vision " - C:\Windows\system32\FAPassSync.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\DREAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Mikogo" - ? - "C:\Users\DREAM\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp  (File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Acrobat Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Eraser" - "The Eraser Project" - "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
"FATrayAlert" - "Sensible Vision " - C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
"LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"1und1 Fax Monitor" - "1&1 Internet AG" - C:\Windows\system32\UI1&1MON.DLL
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll
"doPDF 7 Monitor" - "Softland" - C:\Windows\system32\dopdfmn7.dll
"GEngine Port Monitor" - ? - C:\Windows\system32\gengpmon.dll  (File found, but it contains no detailed information)
"VSP1:" - ? - C:\Windows\system32\vsmon1.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"DAZ Content Management Service" (DAZContentManagementService) - ? - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe  (File found, but it contains no detailed information)
"FAService" (FAService) - "Sensible Vision " - C:\Program Files\Sensible Vision\Fast Access\FAService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"M4-Service" (M4-Service) - ? - C:\Users\DREAM\AppData\Roaming\Mikogo 4\M4-Service.exe  (File found, but it contains no detailed information)
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"mysql" (mysql) - ? - c:\xampp\mysql\bin\mysqld.exe
"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

cosinus · 18.10.2012, 10:21

ok, was ist mit aswMBR?

chrissie65 · 19.10.2012, 07:55

Hallo Cosinus, ich habe hier erstmal den vorläufigen Log von GMER, er ist aber noch nicht fertig mit Scannen. Sollen wir ihn noch zuende durchlaufen lassen? Dauert bestimmt noch einen Tag oder länger...

Zitat:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-19 07:58:50
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST310005 rev.CC44
Running: 2hzs5qhe.exe; Driver: C:\Users\DREAM\AppData\Local\Temp\fwdoapow.sys

---- System - GMER 1.0.15 ----

SSDT 88F3E398 ZwAlertResumeThread
SSDT 88F3E478 ZwAlertThread
SSDT 88F3EDF0 ZwAllocateVirtualMemory
SSDT 88789688 ZwAlpcConnectPort
SSDT 88F3FAC0 ZwAssignProcessToJobObject
SSDT 88F3E0E8 ZwCreateMutant
SSDT 88F3F7E0 ZwCreateSymbolicLinkObject
SSDT 88F3D708 ZwCreateThread
SSDT 88F3F8D0 ZwCreateThreadEx
SSDT 88F3FBA0 ZwDebugActiveProcess
SSDT 88F3EFC0 ZwDuplicateObject
SSDT 88F3EBA8 ZwFreeVirtualMemory
SSDT 88F3E1D8 ZwImpersonateAnonymousToken
SSDT 88F3E2B8 ZwImpersonateThread
SSDT 88788C58 ZwLoadDriver
SSDT 88F3EAA8 ZwMapViewOfSection
SSDT 88F3E048 ZwOpenEvent
SSDT 88F3D5B0 ZwOpenProcess
SSDT 88F3EEE0 ZwOpenProcessToken
SSDT 88F3FE48 ZwOpenSection
SSDT 88F3D4C0 ZwOpenThread
SSDT 88F3F9D0 ZwProtectVirtualMemory
SSDT 88F3E558 ZwResumeThread
SSDT 88F3E7F8 ZwSetContextThread
SSDT 88F3E8D8 ZwSetInformationProcess
SSDT 88F3FD00 ZwSetSystemInformation
SSDT 88F3FF28 ZwSuspendProcess
SSDT 88F3E638 ZwSuspendThread
SSDT 88F3D808 ZwTerminateProcess
SSDT 88F3E718 ZwTerminateThread
SSDT 88F3E9C8 ZwUnmapViewOfSection
SSDT 88F3EC98 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C4EA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C884D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82C8F510 8 Bytes [98, E3, F3, 88, 78, E4, F3, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C8F528 4 Bytes [F0, ED, F3, 88]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C8F534 4 Bytes [88, 96, 78, 88]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C8F588 4 Bytes [C0, FA, F3, 88]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C8F604 4 Bytes CALL CC51E9E9
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x99838000, 0x2FBAB4, 0xE8000020]
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA058269D]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[6120] ntdll.dll!NtSetInformationProcess 77926678 5 Bytes JMP 008A04B2
.text C:\Program Files\Mozilla Firefox\firefox.exe[6120] ntdll.dll!LdrGetProcedureAddress + 26 77942239 7 Bytes JMP 577D0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6120] kernel32.dll!K32GetPerformanceInfo + 1CC 763E632B 7 Bytes JMP 008A012A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6120] kernel32.dll!TerminateProcess + B 763F2C10 7 Bytes JMP 008A02EE
.text C:\Program Files\Mozilla Firefox\firefox.exe[6120] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 763F941E 7 Bytes JMP 57A07B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6120] kernel32.dll!QueryPerformanceCounter + 13 763FC435 7 Bytes JMP 008A020C
.text C:\Program Files\Mozilla Firefox\firefox.exe[6120] kernel32.dll!FreeLibrary + 8 763FEF6F 7 Bytes JMP 008A03D0
.text C:\Program Files\Mozilla Firefox\firefox.exe[6120] kernel32.dll!LoadAppInitDlls + 355 763FF4F6 7 Bytes JMP 577D3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6120] kernel32.dll!CheckElevation + 2DB 7641959A 7 Bytes JMP 008A0048
.text C:\Program Files\Mozilla Firefox\firefox.exe[6120] GDI32.dll!GetViewportOrgEx + 26C 75F3884B 7 Bytes JMP 57A07AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743624CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7434562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743456EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74362546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743585AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74354D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74355105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743551DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74356707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74358301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74358850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743590B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7435E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1216] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74354C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\DREAM\Desktop\System\osam_autorun_manager_5_0_portable\osam.exe[3640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Users\DREAM\Desktop\System\osam_autorun_manager_5_0_portable\osam.exe[3640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Users\DREAM\Desktop\System\osam_autorun_manager_5_0_portable\osam.exe[3640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Users\DREAM\Desktop\System\osam_autorun_manager_5_0_portable\osam.exe[3640] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Users\DREAM\Desktop\System\osam_autorun_manager_5_0_portable\osam.exe[3640] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Users\DREAM\Desktop\System\osam_autorun_manager_5_0_portable\osam.exe[3640] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Users\DREAM\Desktop\System\osam_autorun_manager_5_0_portable\osam.exe[3640] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7597FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00D18.log 1048576 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00D19.log 0 bytes

cosinus · 19.10.2012, 10:43

Poste bitte das Log von aswmbr

chrissie65 · 21.10.2012, 11:01

Ist noch am scannen...

chrissie65 · 23.10.2012, 06:26

Unglaublich, aber wahr: Er ist fertig!

Zitat:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-21 11:43:45
-----------------------------
11:43:45.840 OS Version: Windows 6.1.7601 Service Pack 1
11:43:45.841 Number of processors: 4 586 0x2505
11:43:45.843 ComputerName: DREAM-PC UserName: DREAM
11:44:03.903 Initialize success
11:45:03.718 AVAST engine defs: 12102001
11:47:01.746 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:47:01.749 Disk 0 Vendor: ST310005 CC44 Size: 953869MB BusType: 3
11:47:02.715 Disk 0 MBR read successfully
11:47:02.716 Disk 0 MBR scan
11:47:02.825 Disk 0 unknown MBR code
11:47:03.045 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:47:03.422 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 922022 MB offset 206848
11:47:03.733 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 1888507904
11:47:04.034 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
11:47:05.154 Disk 0 scanning sectors +1953521664
11:47:08.248 Disk 0 scanning C:\Windows\system32\drivers
11:55:21.025 Service scanning
11:55:47.715 Modules scanning
12:06:56.029 Disk 0 trace - called modules:
12:06:56.369 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
12:06:56.373 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e198c0]
12:06:56.378 3 CLASSPNP.SYS[8bae159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862d8028]
12:06:59.536 AVAST engine scan C:\Windows
12:43:00.346 AVAST engine scan C:\Windows\system32
15:13:08.753 AVAST engine scan C:\Windows\system32\drivers
15:51:11.381 AVAST engine scan C:\Users\DREAM
00:58:04.969 AVAST engine scan C:\ProgramData
02:49:11.721 Scan finished successfully
07:23:21.893 Disk 0 MBR has been saved successfully to "C:\Users\DREAM\Desktop\MBR.dat"
07:23:21.948 The log file has been saved successfully to "C:\Users\DREAM\Desktop\aswMBR.txt"

Und? Ist mein Rechner clean?

cosinus · 23.10.2012, 19:39

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

chrissie65 · 24.10.2012, 07:57

Also hier nochmal der neue Log, aber ich glaube, da steht nix Neues drin, oder?

Zitat:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-21 11:43:45
-----------------------------
11:43:45.840 OS Version: Windows 6.1.7601 Service Pack 1
11:43:45.841 Number of processors: 4 586 0x2505
11:43:45.843 ComputerName: DREAM-PC UserName: DREAM
11:44:03.903 Initialize success
11:45:03.718 AVAST engine defs: 12102001
11:47:01.746 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:47:01.749 Disk 0 Vendor: ST310005 CC44 Size: 953869MB BusType: 3
11:47:02.715 Disk 0 MBR read successfully
11:47:02.716 Disk 0 MBR scan
11:47:02.825 Disk 0 unknown MBR code
11:47:03.045 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:47:03.422 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 922022 MB offset 206848
11:47:03.733 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 1888507904
11:47:04.034 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
11:47:05.154 Disk 0 scanning sectors +1953521664
11:47:08.248 Disk 0 scanning C:\Windows\system32\drivers
11:55:21.025 Service scanning
11:55:47.715 Modules scanning
12:06:56.029 Disk 0 trace - called modules:
12:06:56.369 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
12:06:56.373 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e198c0]
12:06:56.378 3 CLASSPNP.SYS[8bae159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862d8028]
12:06:59.536 AVAST engine scan C:\Windows
12:43:00.346 AVAST engine scan C:\Windows\system32
15:13:08.753 AVAST engine scan C:\Windows\system32\drivers
15:51:11.381 AVAST engine scan C:\Users\DREAM
00:58:04.969 AVAST engine scan C:\ProgramData
02:49:11.721 Scan finished successfully
07:23:21.893 Disk 0 MBR has been saved successfully to "C:\Users\DREAM\Desktop\MBR.dat"
07:23:21.948 The log file has been saved successfully to "C:\Users\DREAM\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 08:51:56
-----------------------------
08:51:56.149 OS Version: Windows 6.1.7601 Service Pack 1
08:51:56.149 Number of processors: 4 586 0x2505
08:51:56.149 ComputerName: DREAM-PC UserName: DREAM
08:52:20.641 Initialize success
08:52:28.847 AVAST engine defs: 12102302
08:52:48.309 The log file has been saved successfully to "C:\Users\DREAM\Desktop\aswMBR.txt"

cosinus · 24.10.2012, 15:41

Log ist entweder unvollständig oder du hast die Anleitung nicht richtig ausgeführt
Da ist weder ein MBR-Fix noch ein neuer Scan nach dem Fix (wenn er denn stattgefunden haben soll) ersichtlich

chrissie65 · 24.10.2012, 18:44

Ich bin mir auch nicht sicher, ob ich das richtig verstanden habe!

Also ich habe neu gestartet, dann aswmbr neu gestartet und anschliessend den mbrfix gemacht. Danach habe ich nochmal gescannt, aber weil es mir wieder zu lange dauerte, irgendwann abgebrochen und das log file erstellt. War das jetzt nicht richtig? Leider brauche ich ka meinen Computer zum Arbeiten und durch das Scannen bin ich schon eine fast eine Woche im Verzug. Denn der Computer wird dadurch wahnsinnig lahm und ich kann fast nichts mehr machen! Das kann ich mir leider nicht erlauben. Muss ja auch von irgendwas leben.

Besteht denn irgendein Verdacht, dass da noch was auf meiner Festplatte drauf ist? und was kannst Du eigentlich aus den Log-Dateien lesen???

Danke im Voraus.

cosinus · 24.10.2012, 20:12

Also das war jetzt reine Zeitverschwendung...
Wenn ziehst du die Scans bitte auch durch, durch den Abbruch um vermeintlich Zeit zu sparen hast du Zeit vergeudet weil die Logs nichts weiterhelfen

Zitat:

und durch das Scannen bin ich schon eine fast eine Woche im Verzug.

Das ist doch jetzt ein Witz, das Scannen und die Analyse kann ja wohl allein schlecht schuld daran sein, dass sich hier so sehr alles in die Länge zieht
Wenn du keine Zeit hast für eine Bereinigung dann lass sie sein

chrissie65 · 27.10.2012, 06:16

Ok, neuer Scan, neuer Log

Zitat:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 22:25:54
-----------------------------
22:25:54.992 OS Version: Windows 6.1.7601 Service Pack 1
22:25:54.992 Number of processors: 4 586 0x2505
22:25:54.994 ComputerName: DREAM-PC UserName: DREAM
22:26:02.169 Initialize success
22:27:22.835 AVAST engine defs: 12102601
22:29:22.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:29:22.487 Disk 0 Vendor: ST310005 CC44 Size: 953869MB BusType: 3
22:29:22.499 Disk 0 MBR read successfully
22:29:22.504 Disk 0 MBR scan
22:29:22.549 Disk 0 Windows 7 default MBR code
22:29:22.646 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:29:22.714 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 922022 MB offset 206848
22:29:22.767 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 1888507904
22:29:22.819 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
22:29:22.831 Disk 0 scanning sectors +1953521664
22:29:22.918 Disk 0 scanning C:\Windows\system32\drivers
22:29:45.713 Service scanning
22:30:19.428 Modules scanning
22:30:29.135 Disk 0 trace - called modules:
22:30:29.148 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
22:30:29.153 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x880177c8]
22:30:29.158 3 CLASSPNP.SYS[8bcfb59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x864d8028]
22:30:30.450 AVAST engine scan C:\Windows
22:30:33.833 AVAST engine scan C:\Windows\system32
22:33:52.658 AVAST engine scan C:\Windows\system32\drivers
22:34:16.183 AVAST engine scan C:\Users\DREAM
02:11:43.393 AVAST engine scan C:\ProgramData
02:46:12.428 Scan finished successfully
07:14:14.848 Disk 0 MBR has been saved successfully to "C:\Users\DREAM\Desktop\MBR.dat"
07:14:14.929 The log file has been saved successfully to "C:\Users\DREAM\Desktop\aswMBR.txt"

Gut so?

cosinus · 27.10.2012, 19:21

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

chrissie65 · 29.10.2012, 07:21

Na, ich weiss nicht, ob das wirklich gut aussieht?

Zitat:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/29/2012 at 03:35 AM

Application Version : 5.6.1012

Core Rules Database Version : 9485
Trace Rules Database Version: 7297

Scan type : Complete Scan
Total Scan Time : 15:34:50

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 896
Memory threats detected : 0
Registry items scanned : 39895
Registry threats detected : 0
File items scanned : 1165815
File threats detected : 329

Trojan.Agent/Gen-MediaGet
D:\FESTPLATTE_F\KUNDEN\GROWI-KANU\TEMPLATEMONSTERJOOMLA29880.EXE
I:\KUNDEN\GROWI-KANU\TEMPLATEMONSTERJOOMLA29880.EXE

Trojan.Agent/Gen-FakeAlert
C:\JFIRMSITE-120312\JOOMLAS2GO.EXE
C:\USERS\DREAM\DOWNLOADS\JS2GOFIRMSITE-4.51.120312\JFIRMSITE-120312\JOOMLAS2GO.EXE

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.crsend.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.crsend.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.crsend.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas4.emediate.eu [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ec-track.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.de.at.atwola.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dk-adserver.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dk-adserver.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
eas.apm.emediate.eu [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserv.chirurgie-portal.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.urbia.wwe-media.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.yopi.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.dyntracker.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.klick-banner-tausch.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
klick-banner-tausch.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
klick-banner-tausch.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
klick-banner-tausch.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revenuemax.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a.revenuemax.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.zanox-affiliate.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traffictrack.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.mindshare.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracker.vinsight.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.adform.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox-affiliate.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.guj.122.2o7.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.counter.web10.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tracking.quisma.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ww251.smartadserver.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www4.smartadserver.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad4.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad1.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.adnet.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.nbpromedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.nbpromedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.nbpromedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
tracking.mlsat02.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.unitymedia.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
terrashop.traffective-tracking.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.unrulymedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
tracking.tchibo.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.zanox-affiliate.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.blogads.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.blogads.de [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
www.counter.gd [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\DREAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T125X6PA.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Downloader
C:\USERS\DREAM\APPDATA\LOCAL\ZYLOM GAMES\RANCH RUSH 2 DELUXE\WRAPPER.EXE
C:\USERS\DREAM\APPDATA\LOCAL\MICROSOFT\WINDOWS\GAMEEXPLORER\{52616E63-6820-5275-7368-20322044656C}\PLAYTASKS\0\SPIEL RANCH RUSH 2 DELUXE.LNK
C:\USERS\DREAM\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ZYLOM GAMES\RANCH RUSH 2 DELUXE\RANCH RUSH 2 DELUXE.LNK
C:\USERS\DREAM\DESKTOP\SPIELE\RANCH RUSH 2 DELUXE.LNK

PotentiallyUnwanted.Softonic
C:\USERS\DREAM\DOWNLOADS\SOFTONICDOWNLOADER_FUER_FREE-AUDIO-EDITOR.EXE

cosinus · 29.10.2012, 13:05

Code:

ATTFilter

Trojan.Agent/Gen-MediaGet
D:\FESTPLATTE_F\KUNDEN\GROWI-KANU\TEMPLATEMONSTERJOOMLA29880.EXE
I:\KUNDEN\GROWI-KANU\TEMPLATEMONSTERJOOMLA29880.EXE

Trojan.Agent/Gen-FakeAlert
C:\JFIRMSITE-120312\JOOMLAS2GO.EXE
C:\USERS\DREAM\DOWNLOADS\JS2GOFIRMSITE-4.51.120312\JFIRMSITE-120312\JOOMLAS2GO.EXE

Was bitte soll das alles sein? Alles Joomla?

Code:

ATTFilter

Trojan.Agent/Gen-Downloader
C:\USERS\DREAM\APPDATA\LOCAL\ZYLOM GAMES\RANCH RUSH 2 DELUXE\WRAPPER.EXE
C:\USERS\DREAM\APPDATA\LOCAL\MICROSOFT\WINDOWS\GAMEEXPLORER\{52616E63-6820-5275-7368-20322044656C}\PLAYTASKS\0\SPIEL RANCH RUSH 2 DELUXE.LNK
C:\USERS\DREAM\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ZYLOM GAMES\RANCH RUSH 2 DELUXE\RANCH RUSH 2 DELUXE.LNK
C:\USERS\DREAM\DESKTOP\SPIELE\RANCH RUSH 2 DELUXE.LNK

Braucht man diesen Unsinn wirklich?

Code:

ATTFilter

PotentiallyUnwanted.Softonic
C:\USERS\DREAM\DOWNLOADS\SOFTONICDOWNLOADER_FUER_FREE-AUDIO-EDITOR.EXE

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Lade Software vom Hersteller direkt oder von FilePony.de

18.10.2012, 10:21	#32
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malwarebytes findet Trojan.XBuild402 ok, was ist mit aswMBR? __________________ __________________

19.10.2012, 10:43	#34
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malwarebytes findet Trojan.XBuild402 Poste bitte das Log von aswmbr __________________ Logfiles bitte immer in CODE-Tags posten

21.10.2012, 11:01	#35
chrissie65 Gesperrt	Malwarebytes findet Trojan.XBuild402 Ist noch am scannen...

24.10.2012, 15:41	#39
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malwarebytes findet Trojan.XBuild402 Log ist entweder unvollständig oder du hast die Anleitung nicht richtig ausgeführt Da ist weder ein MBR-Fix noch ein neuer Scan nach dem Fix (wenn er denn stattgefunden haben soll) ersichtlich __________________ Logfiles bitte immer in CODE-Tags posten

27.10.2012, 19:21	#43
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malwarebytes findet Trojan.XBuild402 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Malwarebytes findet Trojan.XBuild402

Log-Analyse und Auswertung: Malwarebytes findet Trojan.XBuild402