| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf virusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.03.2010, 15:38
| #16 |
 |  Verdacht auf virus Also combofix kenn ich hab schon bei XP gemacht. Dann soll wieder alles ok sein? |
|
08.03.2010, 19:23
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verdacht auf virus Wie das hast Du schon gemacht? Warum postest Du davon das Log nicht, wenn das schon gemacht wurde?
__________________Und ob danach alles ok ist, kann ich jetzt doch noch nicht wissen 
__________________ |
|
08.03.2010, 19:33
| #18 |
| | Verdacht auf virus Nein vor einem jahr hab ich gemacht mein IE ist abgestürzt.
__________________ |
|
09.03.2010, 13:00
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf virus Machst Du das mit CF jetzt noch oder nicht?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.03.2010, 12:47
| #20 |
| | Verdacht auf virus Im mom läuft alles ok da will ich noch lassen oder soll ich trotzdem machen?? |
|
10.03.2010, 13:15
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf virus Ja! ausführen!
__________________ --> Verdacht auf virus |
|
10.03.2010, 17:26
| #22 |
| | Verdacht auf virus ComboFix 10-03-09.08 - Birgit-Achim 10.03.2010 17:07:28.9.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1023.278 [GMT 1:00] ausgeführt von:: c:\users\Birgit-Achim\Desktop\ComboFix.exe SP: AVG Anti-Spyware *enabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604} SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\LOG.TXT c:\windows\system32\SHELLLNK.TLB . ((((((((((((((((((((((( Dateien erstellt von 2010-02-10 bis 2010-03-10 )))))))))))))))))))))))))))))) . 2010-03-10 16:16 . 2010-03-10 16:16 -------- d-----w- c:\users\Birgit-Achim\AppData\Local\temp 2010-03-10 16:16 . 2010-03-10 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-10 15:56 . 2010-03-10 15:56 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2010-03-10 15:56 . 2009-11-16 11:25 17224 ----a-w- c:\windows\system32\authuitu.dll 2010-03-10 15:56 . 2009-11-16 11:25 29000 ----a-w- c:\windows\system32\uxtuneup.dll 2010-03-10 15:56 . 2010-03-10 15:56 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2010-03-10 07:58 . 2010-03-10 07:58 5896 ----a-w- c:\programdata\AAV\SSE\15\UpdateFiles\SSEStandard_Patch_15.08.bat 2010-03-10 07:58 . 2010-03-10 07:58 20776 ----a-w- c:\programdata\AAV\SSE\15\UpdateFiles\ApplyMsp.exe 2010-03-03 15:43 . 2010-03-03 15:43 -------- d-----w- c:\users\Birgit-Achim\AppData\Roaming\Avira 2010-03-03 15:00 . 2010-03-03 15:03 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-03-03 15:00 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-03-03 15:00 . 2010-03-03 15:00 -------- d-----w- c:\programdata\Avira 2010-03-03 15:00 . 2010-03-03 15:00 -------- d-----w- c:\program files\Avira 2010-02-28 18:22 . 2010-03-01 17:14 -------- d-----w- C:\rsit 2010-02-24 22:00 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-24 22:00 . 2010-02-24 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-24 22:00 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-21 18:44 . 2010-02-21 18:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-18 12:06 . 2010-02-18 12:06 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-02-17 18:03 . 2010-02-17 18:03 -------- d-----w- c:\programdata\RTL Winter Sports 2009 2010-02-17 18:03 . 2010-02-17 18:03 3112408 ----a-w- c:\users\Birgit-Achim\AppData\Roaming\ProtectDisc\pe17af2e81.dll 2010-02-17 18:02 . 2010-02-17 18:02 -------- d-----w- c:\program files\RTL Winter Sports 2009 (Demo) 2010-02-14 09:09 . 2010-03-07 09:50 -------- d-----w- c:\program files\Opera 10.50 Beta 2010-02-13 22:22 . 2010-02-13 22:22 -------- d-----w- c:\program files\ProtectDisc Driver Installer 2010-02-13 22:21 . 2010-02-17 18:03 -------- d-----w- c:\users\Birgit-Achim\AppData\Roaming\ProtectDisc 2010-02-13 22:21 . 2010-02-13 22:21 3098072 ----a-w- c:\users\Birgit-Achim\AppData\Roaming\ProtectDisc\pe17abee71.dll 2010-02-13 22:15 . 2010-02-13 22:16 -------- d-----w- c:\program files\Biathlon 2009 (Demo) . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-10 15:56 . 2010-01-30 13:36 -------- d-----w- c:\program files\TuneUp Utilities 2009 2010-03-10 15:54 . 2009-11-10 17:01 117288 ----a-w- c:\programdata\nvModes.dat 2010-03-10 07:58 . 2010-02-03 18:46 18728 ----a-w- c:\programdata\AAV\SSE\15\UpdateFiles\RepairVLH2010.exe 2010-03-07 10:22 . 2008-11-18 18:58 101296 ----a-w- c:\users\Birgit-Achim\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-28 18:22 . 2008-04-06 09:55 -------- d-----w- c:\program files\Trend Micro 2010-02-24 08:16 . 2009-10-03 12:59 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-21 19:21 . 2008-02-22 19:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-21 08:54 . 2009-09-08 14:02 -------- d-----w- c:\program files\Opera 2010-02-17 10:24 . 2007-11-14 19:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-14 20:43 . 2006-11-02 15:33 618204 ----a-w- c:\windows\system32\perfh007.dat 2010-02-14 20:43 . 2006-11-02 15:33 122442 ----a-w- c:\windows\system32\perfc007.dat 2010-02-12 15:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-05 21:08 . 2010-02-05 21:08 -------- d-----w- c:\users\Birgit-Achim\AppData\Roaming\Avant Profiles 2010-02-05 21:08 . 2010-02-05 21:08 -------- d-----w- c:\program files\Avant Browser 2010-02-05 17:57 . 2010-02-05 17:57 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys 2010-02-05 17:57 . 2010-02-05 17:57 570016 ----a-w- c:\windows\system32\drivers\timntr.sys 2010-02-05 16:10 . 2007-10-05 13:19 -------- d-----w- c:\program files\NetCologne 2010-02-03 18:46 . 2010-02-03 18:46 5396 ----a-w- c:\programdata\AAV\SSE\15\UpdateFiles\SSEStandard_Patch_15.06.bat 2010-02-03 18:46 . 2010-02-03 18:46 53248 ----a-r- c:\users\Birgit-Achim\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe 2010-02-03 18:41 . 2009-01-24 17:01 -------- d-----w- c:\program files\Akademische Arbeitsgemeinschaft 2010-02-03 17:03 . 2010-01-13 18:28 -------- d-----w- c:\program files\Safari 2010-02-03 17:03 . 2007-08-20 13:32 -------- d-----w- c:\programdata\Apple Computer 2010-02-03 17:01 . 2010-02-03 17:01 -------- d-----w- c:\program files\Common Files\Apple 2010-02-03 17:01 . 2010-02-03 17:01 -------- d-----w- c:\program files\Apple Software Update 2010-02-02 19:25 . 2010-02-02 15:49 -------- d-----w- c:\program files\QuickTime 2010-02-02 18:53 . 2010-01-13 18:29 -------- d-----w- c:\users\Birgit-Achim\AppData\Roaming\Apple Computer 2010-02-02 15:49 . 2010-02-02 15:49 -------- d-----w- c:\program files\Bonjour 2010-01-30 22:41 . 2010-01-30 22:25 -------- d-----w- c:\program files\Unlocker 2010-01-30 14:07 . 2010-01-30 14:07 -------- d-----w- c:\users\Birgit-Achim\AppData\Roaming\AntiBrowserSpy 2009 2010-01-30 13:04 . 2007-08-20 14:29 -------- d-----w- c:\program files\Common Files\Buhl Data Service 2010-01-30 12:59 . 2007-08-20 14:11 -------- d-----w- c:\programdata\Ulead Systems 2010-01-30 12:54 . 2007-08-20 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-25 12:00 . 2010-02-24 09:54 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-24 09:54 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-24 09:54 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-24 09:54 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-24 09:54 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-24 09:54 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-24 09:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-24 09:54 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21 . 2010-02-24 09:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 20:28 . 2007-12-15 22:37 -------- d-----w- c:\users\Birgit-Achim\AppData\Roaming\phonostar-Player 2010-01-23 17:16 . 2010-01-23 17:16 -------- d-----w- c:\programdata\F-Secure 2010-01-23 11:05 . 2009-05-19 14:24 6568 ----a-w- c:\users\Birgit-Achim\AppData\Local\d3d9caps.dat 2010-01-23 09:26 . 2010-02-24 09:54 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-22 08:20 . 2008-03-06 14:45 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-21 18:33 . 2007-10-19 22:00 -------- d-----w- c:\users\Birgit-Achim\AppData\Roaming\CyberLink 2010-01-21 18:33 . 2009-05-16 20:56 -------- d-----w- c:\users\Birgit-Achim\AppData\Roaming\PowerCinema 2010-01-21 18:31 . 2007-08-21 07:26 -------- d-----w- c:\program files\CyberLink 2010-01-21 18:30 . 2007-08-21 07:29 -------- d-----w- c:\programdata\CyberLink 2010-01-21 18:27 . 2009-05-16 20:54 36864 ----a-w- c:\programdata\TEMP\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe 2010-01-21 18:26 . 2009-05-16 20:53 53319 ----a-w- c:\programdata\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe 2010-01-13 18:27 . 2010-01-13 18:27 -------- d-----w- c:\programdata\Apple 2010-01-13 18:21 . 2007-08-21 12:33 -------- d-----w- c:\program files\Google 2010-01-06 15:39 . 2010-02-24 09:54 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-01-06 15:38 . 2010-02-24 09:54 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-06 15:38 . 2010-02-24 09:54 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-01-06 15:38 . 2010-02-24 09:54 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-01-06 15:38 . 2010-02-24 09:54 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-01-06 15:38 . 2010-02-24 09:54 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-01-06 13:30 . 2010-02-24 09:54 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-01-02 06:38 . 2010-01-22 08:29 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 08:29 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-22 08:29 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-22 08:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-25 11:02 . 2009-12-25 11:02 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe 2009-12-25 11:02 . 2009-12-25 11:02 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe 2009-12-25 11:02 . 2009-12-25 11:02 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe 2009-12-25 11:00 . 2009-12-25 11:02 24437624 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_de.exe 2009-12-24 22:06 . 2009-11-06 14:24 324472 ----a-w- c:\programdata\RapidSolution\GUIcommon.dll 2009-12-11 11:43 . 2010-02-10 13:12 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 11:43 . 2010-02-10 13:12 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-10 16:24 . 2009-12-10 16:24 476512 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\RadioRip.dll 2009-12-10 16:24 . 2009-12-10 16:24 169312 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\PlgSoundclick.dll 2009-12-10 16:24 . 2009-12-10 16:24 128352 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\PlgMyspace.dll 2009-12-10 16:24 . 2009-12-10 16:24 111968 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\PlgPandora.dll 2009-12-10 16:24 . 2009-12-10 16:24 111968 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\PlgLastfm.dll 2009-12-10 16:24 . 2009-12-10 16:24 99680 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\PlgIJigg.dll 2009-12-10 16:24 . 2009-12-10 16:24 87392 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\PlgDefault.dll 2009-12-10 16:24 . 2009-12-10 16:24 230752 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\PlgHypemachine.dll 2009-12-10 16:24 . 2009-12-10 16:24 140640 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\PlgDeezer.dll 2009-12-10 16:24 . 2009-12-10 16:24 132448 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\PlgImeem.dll 2009-12-10 16:24 . 2009-12-10 16:24 120160 ----a-w- c:\programdata\RapidSolution\AudialsOne_2009\RadioRip\PlgGeneral.dll 2007-04-17 08:30 . 2007-04-17 08:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Birgit-Achim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup path=c:\users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-18 22:33 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2007-08-21 12:33 220160 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-02-11 18:13 166424 ----a-w- c:\windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-11 18:13 133656 ----a-w- c:\windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-08-09 17:26 4702208 ----a-w- c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-08-03 11:22 1826816 ----a-w- c:\windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-24 23:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-09 13:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-18 22:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ehTray.exe"=c:\windows\ehome\ehTray.exe "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" "TVEService"="c:\program files\CyberLink\TV Enhance\TVEService.exe" "WinampAgent"="c:\program files\Winamp\winampa.exe" "NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):ec,32,28,20,21,44,ca,01 R2 AutoInstallEJCD;Auto Install Eject CD Service;c:\users\BIRGIT~1\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe [x] R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600] R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632] R3 fsssvc;Windows Live Family Safety-Dienst;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [x] R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [x] R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2008-11-28 372831] S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2008-11-28 184413] S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\L260x86.sys [2008-10-16 29184] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - pavboot [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}] 2009-03-04 15:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Inhalt des "geplante Tasks" Ordners 2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{A92DF834-6653-416F-A8D6-33FEEE3281B2}.job - c:\windows\system32\msfeedssync.exe [2010-01-22 04:56] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://goggle.de/ mStart Page = hxxp://www.netcologne.de mWindow Title = Internet Explorer bereitgestellt von NetCologne IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll Trusted Zone: microsoft.com Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com FF - ProfilePath - c:\users\Birgit-Achim\AppData\Roaming\Mozilla\Firefox\Profiles\t28npznd.default\ FF - prefs.js: browser.startup.homepage - Google FF - plugin: c:\program files\Opera 10.50 Beta\program\plugins\NPSWF32.dll ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-03-10 17:16 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . Zeit der Fertigstellung: 2010-03-10 17:19:33 ComboFix-quarantined-files.txt 2010-03-10 16:19 ComboFix2.txt 2009-10-15 14:08 Vor Suchlauf: 18 Verzeichnis(se), 237.071.400.960 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 237.122.277.376 Bytes frei - - End Of File - - E4C821FC4B4BFD181D58E598096433C2 |
|
10.03.2010, 19:43
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf virus Bitte nochmal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:  3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete:
c:\users\BIRGIT~1\AppData\Local\Temp\RarSFX0\AutoInstallEJCDSVC.exe
c:\windows\system32\drivers\PDNMp50.sys
c:\windows\system32\drivers\PDNSp50.sys
drivers to delete:
AutoInstallEJCDSVC
PDNMp50
PDNSp50
5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.03.2010, 20:01
| #24 |
| | Verdacht auf virus L o g f i l e o f T h e A v e n g e r V e r s i o n 2 . 0 , ( c ) b y S w a n d o g 4 6 h t t p : / / s w a n d o g 4 6 . g e e k s t o g o . c o m P l a t f o r m : W i n d o w s V i s t a * * * * * * * * * * * * * * * * * * * S c r i p t f i l e o p e n e d s u c c e s s f u l l y . S c r i p t f i l e r e a d s u c c e s s f u l l y . B a c k u p s d i r e c t o r y o p e n e d s u c c e s s f u l l y a t C : \ A v e n g e r * * * * * * * * * * * * * * * * * * * B e g i n n i n g t o p r o c e s s s c r i p t f i l e : R o o t k i t s c a n a c t i v e . N o r o o t k i t s f o u n d ! E r r o r : c o u l d n o t o p e n f i l e " c : \ u s e r s \ B I R G I T ~ 1 \ A p p D a t a \ L o c a l \ T e m p \ R a r S F X 0 \ A u t o I n s t a l l E J C D S V C . e x e " D e l e t i o n o f f i l e " c : \ u s e r s \ B I R G I T ~ 1 \ A p p D a t a \ L o c a l \ T e m p \ R a r S F X 0 \ A u t o I n s t a l l E J C D S V C . e x e " f a i l e d ! S t a t u s : 0 x c 0 0 0 0 0 3 a ( S T A T U S _ O B J E C T _ P A T H _ N O T _ F O U N D ) - - > b a d p a t h / t h e p a r e n t d i r e c t o r y d o e s n o t e x i s t E r r o r : f i l e " c : \ w i n d o w s \ s y s t e m 3 2 \ d r i v e r s \ P D N M p 5 0 . s y s " n o t f o u n d ! D e l e t i o n o f f i l e " c : \ w i n d o w s \ s y s t e m 3 2 \ d r i v e r s \ P D N M p 5 0 . s y s " f a i l e d ! S t a t u s : 0 x c 0 0 0 0 0 3 4 ( S T A T U S _ O B J E C T _ N A M E _ N O T _ F O U N D ) - - > t h e o b j e c t d o e s n o t e x i s t E r r o r : f i l e " c : \ w i n d o w s \ s y s t e m 3 2 \ d r i v e r s \ P D N S p 5 0 . s y s " n o t f o u n d ! D e l e t i o n o f f i l e " c : \ w i n d o w s \ s y s t e m 3 2 \ d r i v e r s \ P D N S p 5 0 . s y s " f a i l e d ! S t a t u s : 0 x c 0 0 0 0 0 3 4 ( S T A T U S _ O B J E C T _ N A M E _ N O T _ F O U N D ) - - > t h e o b j e c t d o e s n o t e x i s t E r r o r : r e g i s t r y k e y " \ R e g i s t r y \ M a c h i n e \ S y s t e m \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ A u t o I n s t a l l E J C D S V C " n o t f o u n d ! D e l e t i o n o f d r i v e r " A u t o I n s t a l l E J C D S V C " f a i l e d ! S t a t u s : 0 x c 0 0 0 0 0 3 4 ( S T A T U S _ O B J E C T _ N A M E _ N O T _ F O U N D ) - - > t h e o b j e c t d o e s n o t e x i s t D r i v e r " P D N M p 5 0 " d e l e t e d s u c c e s s f u l l y . D r i v e r " P D N S p 5 0 " d e l e t e d s u c c e s s f u l l y . C o m p l e t e d s c r i p t p r o c e s s i n g . * * * * * * * * * * * * * * * * * * * F i n i s h e d ! T e r m i n a t e . |
|
10.03.2010, 20:03
| #25 |
| | Verdacht auf virus |
|
10.03.2010, 21:27
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf virus Mach bitte noch einen Kontrollscan, öffne Malwarebytes, aktualisiere das Programm, starte einen Vollscan und lass alle etwaigen Funde entfernen. Anschließend wieder das Logfile posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2010, 19:03
| #27 |
| | Verdacht auf virus Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3852 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 11.03.2010 19:02:32 mbam-log-2010-03-11 (19-02-32).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 335070 Laufzeit: 1 hour(s), 21 minute(s), 10 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully. |
|
11.03.2010, 20:23
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf virus Hm, da war immer noch was? Hartnäckige Dinger. Mach einen weiteren Durchgang mit SUPERAntiSpyware und poste das Log. Wie verhält sich der Rechner mittlerweile denn?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2010, 20:35
| #29 |
| | Verdacht auf virus Gut mom eine prob. |
|
11.03.2010, 21:37
| #30 |
| | Verdacht auf virus SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 03/11/2010 at 09:28 PM Application Version : 4.34.1000 Core Rules Database Version : 4662 Trace Rules Database Version: 2474 Scan type : Complete Scan Total Scan Time : 00:45:38 Memory items scanned : 697 Memory threats detected : 0 Registry items scanned : 8875 Registry threats detected : 0 File items scanned : 40834 File threats detected : 317 Adware.Tracking Cookie C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.marcporn[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@yadro[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@zanox-affiliate[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@discount24[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.maturelikesex[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@teeniepornotube[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@eas.apm.emediate[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@trafficholder[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@weborama[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.onpornstar[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@ad.zanox[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@xxxcounter[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@mediaplex[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@tracking.mindshare[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@ad2.doublepimp[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@questionmarket[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@adtech[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@content.yieldmanager[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.etracker[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.teeniepornotube[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@microsoftsto.112.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.googleadservices[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@freepornsubmits[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@apmebf[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.zanox-affiliate[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.maxsteen[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@downloadxpornmovies[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@galleries.adult-empire[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@zanox[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@revsci[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.amateurxxxhub[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@advertising[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.idealsexy[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@rambler[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@adultadworld[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@xm.xtendmedia[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@galleries.teensexmania[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@serving-sys[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@video.adult-blog[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@teensexmania[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@adprotraffic[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@unitymedia[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@content.yieldmanager[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@onpornstar[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@abyssteens[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@doubleclick[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@tracking.quisma[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@ad.adnet[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@sexgigant[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@galleries.teensexmovs[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@adbrite[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@de.adserver.yahoo[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@traffictrack[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.xxxautomat[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.onpornstar[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@webmasterplan[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@ad.adc-serv[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@abysspornstars[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@brightpornstars[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@adfarm1.adition[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@marcporn[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@teensexmovs[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.pornfilmed[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@ero-advertising[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www7.addfreestats[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@atdmt[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@tube1sex[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.greatteengirl[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@ads1.adultadvertising[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.active-tracking[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@partypoker[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@video.adult-blog[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.fuckablegfs[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@smartadserver[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@porndad[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@nakedvirgin[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@tsprotraffic[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@www.fuckablegfs[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@toplist[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@toplist[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@teenxxxmovie[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@tradedoubler[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@adcloudmedia[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@atdmt[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@doubleclick[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\birgit-achim@weborama[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@edge.download.newmedia.nacamar[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.ebook30[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@e-2dj6wjlocldpwaq.stats.esomniture[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@revsci[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adserver.sevenload[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.yieldmanager[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@lfstmedia[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@hitbox[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@trackmatics[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@4stats[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.ad-srv[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.zanox[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@eas4.emediate[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@thomascookag.122.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@tracking.quisma[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@generaltracking[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.etracker[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@nacamar.adbureau[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@webmasterplan[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@unlimited-warez-factory[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@clickbank[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@himedia.individuad[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@divx.112.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@casalemedia[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@statistik.ahomedia[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@e-2dj6wjkywgajsgo.stats.esomniture[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@bwincom.122.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adx.chip[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@partypoker[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.hospitalscout[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@stats.m24[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads2.itratos[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.clubportal[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@dealstreet.discount24[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@im.banner.t-online[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@cracks.me[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.usenext[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad-hoc-news[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@secure.partyaccount[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@content.yieldmanager[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@eas.apm.emediate[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@discount24[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@xiti[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@findinternettv[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.bachblueten-discount[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@content.yieldmanager[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@zbox.zanox[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@media6degrees[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adfarm1.adition[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.adshopping[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@media.ohost[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@unitymedia[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.findinternettv[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.googleadservices[5].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.adition[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.googleadservices[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.cpxcenter[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.googleadservices[6].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.googleadservices[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@crack[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.digital-digest[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@a2.adserver01[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.googleadservices[7].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.googleadservices[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@banner.rpr1[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adsrv.admediate[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.allvoices[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@fl01.ct2.comclick[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.googleadservices[8].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.googleadservices[4].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@tribalfusion[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@atdmt[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.radio[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.googleadservices[11].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.zanox-affiliate[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@cmpmedica.112.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.crackserialcodes[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.mediacix[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@server.iad.liveperson[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@server.iad.liveperson[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ww251.smartadserver[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@collective-media[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adserver.zylom[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adserver.adreactor[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@zanox-affiliate[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@postclicktracking[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@cdn5.specificclick[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@de.at.atwola[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@track.webtrekk[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.discount24[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@count.xhit[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@myroitracking[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad1.chefkoch[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@apodiscounter[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@keygenguru[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.partypoker[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.gforgaming[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@warezlobby[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@e-2dj6wbkogndzicp.stats.esomniture[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@guj.122.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.dkb[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@track.webtrekk[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@serving-sys[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.edelight[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@a7.adserver01[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.burstnet[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.styloweb-counter[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@bs.serving-sys[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@track.webtrekk[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@loyaltypartner.122.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.heias[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@track.adform[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@euros4click[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.active-tracking[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@data.coremetrics[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.4shared[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@kaspersky.122.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad-mngt[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adtech[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.magicminds[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.sportwerk[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@apmebf[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@xm.xtendmedia[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@sonymediasoftware.112.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.trafficrank[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@track.effiliation[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@track.effiliation[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@autoscout24.112.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@traffictrack[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@e-2dj6wjlioldpmbo.stats.esomniture[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@videoegg.adbureau[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.werder[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adviva[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adserving.favorit-network[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@statse.webtrendslive[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.us.e-planning[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@acronis.122.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@tradedoubler[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adserver.nordprovider[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@unitymedia.122.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@e-2dj6wjkooncjocq.stats.esomniture[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adserver1.mokono[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adservern[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@stats.searchtrack[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@axelspringer.122.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.porta.eol[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@e-2dj6wmlygjdzebo.stats.esomniture[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.adnet[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@de.adserver.yahoo[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adserver.yopi[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@clicks.pangora[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.quartermedia[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.adnet[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@advertising[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@imrworldwide[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@questionmarket[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@tracking.onmarketing[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@s3.trafficmaxx[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@specificclick[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@warnerbros.112.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adserver.adtechus[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@philips.112.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ehg-ctseventimag.hitbox[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@tele2de.112.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.traffictrack[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ehg-twi.hitbox[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@server.cpmstar[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.beepworld[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@overture[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@staubbeutel-discount[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad1.emediate[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.regioactive[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@doubleclick[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@creatives.commindo-media[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.ambiweb[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@tracking.3gnet[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@clicksor[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@oxygen-warez[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@kontera[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@tracking.crealytics[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@s4.trafficmaxx[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@media.photobucket[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@keygens[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@stat.aldi[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@banner.slashcam[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@bluestreak[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@mediaplex[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adv.adtotal[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@toplist[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@tracking.dc-storm[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@safewarez[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@partyaccount[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@gostats[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.netdebit-counter[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@statcounter[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@statcounter[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@banner.testberichte[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@wlw.122.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@e-2dj6wjkyqgajgep.stats.esomniture[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.downloadserialcrack[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.adserver01[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www.oxygen-warez[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@tracking.mindshare[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@advertiser.contextmatters[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@yadro[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.adc-serv[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@rotator.adjuggler[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@www9.discount24[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@e-2dj6wamiskc5kep.stats.esomniture[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@komtrack[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ad.gesundheit[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@vipwarez[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@kqv.112.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@burstnet[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@komtrack[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@media.funpic[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@zanox[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.slashcam[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@komtrack[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@blau.122.2o7[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@smartadserver[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@chitika[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@fastclick[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@nextag[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@nextag[3].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads1.heimtierheim[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.evendi[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@adbrite[1].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@shop.zanox[2].txt C:\Users\Birgit-Achim\AppData\Roaming\Microsoft\Windows\Cookies\Low\birgit-achim@ads.web2.live-sport[1].txt |
|
| Themen zu Verdacht auf virus |
| antivir, combofix, laufe, laufen, online, pferd, rechner, rogue.ascentive, spiele, spielen, spybot, tagen, troja, trojanisches, trojanisches pferd, verdacht, verdacht auf virus, versuche, virus |
Linear-Darstellung
