Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   mehrere Trojaner gefunden: Spy.Agent.OGS, Spy.Banker.Gen2, Graftor.9201.6, Agent.237568.6 (https://www.trojaner-board.de/106547-mehrere-trojaner-gefunden-spy-agent-ogs-spy-banker-gen2-graftor-9201-6-agent-237568-6-a.html)

habata 19.12.2011 15:20
mehrere Trojaner gefunden: Spy.Agent.OGS, Spy.Banker.Gen2, Graftor.9201.6, Agent.237568.6
 
Hallo,

ich habe seit einigen Tagen Probleme mit Malware bzw. Trojanern auf meinem Laptop. Ich habe mir den Rechner erst vor gut 3 Wochen zugelegt und habe so gut wie keine Progamme und keine wichtigen Daten drauf. Ein neu aufsetzen des Systems ist also unproblematisch wenn es die schnellste Lösung darstellt.

Ich nutze Avira Free Antivirus in der Version 12.0.0.870 sowie die Firewall von Windows (Windows 7 Home Premium 64 Bit, Service Pack 1).

In Abständen meldet der Echtzeit-Scanner von Avira, dass Malware gefunden wurde. Die Ereignisse zu den Funden der letzten Tage sind im Anhang enthalten.

Den Log-file zum letzten System-Scan mit Avira von heute habe ich ebenfalls beigefügt.

Im Anschluss an den Avira-Scan habe ich die Autorun-Funktion deaktiviert und Schritte für alle Hilfesuchenden im Unterforum "Anleitungen, FAQs & Links" durchgeführt.

Beim defogger wurde ich im Anschluss nicht zu einem Neustart aufgefordert und habe diesen dann auch nicht manuell ausgeführt.

Ich wäre sehr dankbar über eine Hilfestellung wie ich am besten mit dem beschriebenen Problem umgehe.
Vielen Dank im Voraus.

MFG
habata

cosinus 19.12.2011 15:44
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


habata 19.12.2011 18:10
Vielen Dank Cosinus.
Ich habe alle Scans wie beschrieben durchgeführt und in den enstandenen log-files den Nutzernamen in den Pfadangaben in *** geändert.

cosinus 19.12.2011 19:35
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [Userinit] C:\Users\***\AppData\Roaming\appconf32.exe ()
O32 - HKLM CDRom: AutoRun - 1
[2011/12/07 22:26:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5053
[2011/12/09 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5054
[2011/12/11 11:52:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5055
[2011/12/12 12:01:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5056
[2011/12/13 15:17:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5058
[2011/12/14 16:06:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5059
[2011/12/16 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5060
[2011/12/07 22:26:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011/12/19 12:16:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2011/12/19 12:17:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
:Files
C:\Users\***\AppData\Roaming\50*
C:\Users\***\AppData\Roaming\xmldm
C:\Users\***\AppData\Roaming\UAs
C:\Users\***\AppData\Roaming\kock
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

habata 19.12.2011 20:00
Vielen Dank! Hat soweit fehlerfrei geklappt. Anbei das logfile als txt-Datei.
Der Nutzername wurde wieder ausgesternt.

cosinus 19.12.2011 20:19
Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

habata 19.12.2011 20:25
Kein Problem.

Code:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit not found.
File C:\Users\***\AppData\Roaming\appconf32.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Users\***\AppData\Roaming\5053\components folder moved successfully.
C:\Users\***\AppData\Roaming\5053 folder moved successfully.
C:\Users\***\AppData\Roaming\5054\components folder moved successfully.
C:\Users\***\AppData\Roaming\5054 folder moved successfully.
C:\Users\***\AppData\Roaming\5055\components folder moved successfully.
C:\Users\***\AppData\Roaming\5055 folder moved successfully.
C:\Users\***\AppData\Roaming\5056\components folder moved successfully.
C:\Users\***\AppData\Roaming\5056 folder moved successfully.
C:\Users\***\AppData\Roaming\5058\components folder moved successfully.
C:\Users\***\AppData\Roaming\5058 folder moved successfully.
C:\Users\***\AppData\Roaming\5059\components folder moved successfully.
C:\Users\***\AppData\Roaming\5059 folder moved successfully.
C:\Users\***\AppData\Roaming\5060\components folder moved successfully.
C:\Users\***\AppData\Roaming\5060 folder moved successfully.
C:\Users\***\AppData\Roaming\kock folder moved successfully.
C:\Users\***\AppData\Roaming\UAs folder moved successfully.
C:\Users\***\AppData\Roaming\xmldm folder moved successfully.
========== FILES ==========
C:\Users\***\AppData\Roaming\5061\components folder moved successfully.
C:\Users\***\AppData\Roaming\5061 folder moved successfully.
File\Folder C:\Users\***\AppData\Roaming\xmldm not found.
File\Folder C:\Users\***\AppData\Roaming\UAs not found.
File\Folder C:\Users\***\AppData\Roaming\kock not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 58227819 bytes
->Temporary Internet Files folder emptied: 303132336 bytes
->FireFox cache emptied: 1145846605 bytes
->Flash cache emptied: 11693 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70726350 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,505.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12192011_194841

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 19.12.2011 20:34
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

habata 19.12.2011 21:02
Das geht ja mehr als zügig hier, vielen Dank dafür.
Der Zugriff auf Eigene Dateien ist kein Problem.

Hier das logfile von Kaspersky:
Code:
20:53:18.0069 4236        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
20:53:18.0163 4236        ============================================================
20:53:18.0163 4236        Current date / time: 2011/12/19 20:53:18.0163
20:53:18.0163 4236        SystemInfo:
20:53:18.0163 4236       
20:53:18.0163 4236        OS Version: 6.1.7601 ServicePack: 1.0
20:53:18.0163 4236        Product type: Workstation
20:53:18.0163 4236        ComputerName: ***-PC
20:53:18.0163 4236        UserName: ***
20:53:18.0163 4236        Windows directory: C:\Windows
20:53:18.0163 4236        System windows directory: C:\Windows
20:53:18.0163 4236        Running under WOW64
20:53:18.0163 4236        Processor architecture: Intel x64
20:53:18.0163 4236        Number of processors: 4
20:53:18.0163 4236        Page size: 0x1000
20:53:18.0163 4236        Boot type: Normal boot
20:53:18.0163 4236        ============================================================
20:53:18.0522 4236        Initialize success
20:53:59.0254 1076        ============================================================
20:53:59.0254 1076        Scan started
20:53:59.0254 1076        Mode: Manual; SigCheck; TDLFS;
20:53:59.0254 1076        ============================================================
20:53:59.0628 1076        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:53:59.0706 1076        1394ohci - ok
20:53:59.0862 1076        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:53:59.0878 1076        ACPI - ok
20:53:59.0971 1076        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:54:00.0065 1076        AcpiPmi - ok
20:54:00.0221 1076        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:54:00.0268 1076        adp94xx - ok
20:54:00.0299 1076        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:54:00.0314 1076        adpahci - ok
20:54:00.0377 1076        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:54:00.0408 1076        adpu320 - ok
20:54:00.0455 1076        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:54:00.0564 1076        AFD - ok
20:54:00.0595 1076        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:54:00.0611 1076        agp440 - ok
20:54:00.0673 1076        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:54:00.0689 1076        aliide - ok
20:54:00.0704 1076        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:54:00.0704 1076        amdide - ok
20:54:00.0736 1076        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:54:00.0798 1076        AmdK8 - ok
20:54:00.0814 1076        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:54:00.0845 1076        AmdPPM - ok
20:54:00.0892 1076        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
20:54:00.0907 1076        amdsata - ok
20:54:00.0938 1076        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:54:00.0954 1076        amdsbs - ok
20:54:00.0970 1076        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
20:54:00.0970 1076        amdxata - ok
20:54:01.0094 1076        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:54:01.0282 1076        AppID - ok
20:54:01.0406 1076        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:54:01.0438 1076        arc - ok
20:54:01.0453 1076        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:54:01.0453 1076        arcsas - ok
20:54:01.0484 1076        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:54:01.0656 1076        AsyncMac - ok
20:54:01.0765 1076        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:54:01.0781 1076        atapi - ok
20:54:01.0859 1076        athr            (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
20:54:01.0968 1076        athr - ok
20:54:02.0108 1076        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:54:02.0155 1076        avgntflt - ok
20:54:02.0186 1076        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
20:54:02.0202 1076        avipbb - ok
20:54:02.0218 1076        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:54:02.0218 1076        avkmgr - ok
20:54:02.0280 1076        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:54:02.0358 1076        b06bdrv - ok
20:54:02.0405 1076        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:54:02.0452 1076        b57nd60a - ok
20:54:02.0530 1076        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:54:02.0623 1076        Beep - ok
20:54:02.0654 1076        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:54:02.0701 1076        blbdrive - ok
20:54:02.0764 1076        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:54:02.0826 1076        bowser - ok
20:54:02.0888 1076        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:54:02.0966 1076        BrFiltLo - ok
20:54:02.0982 1076        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:54:03.0013 1076        BrFiltUp - ok
20:54:03.0044 1076        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:54:03.0138 1076        Brserid - ok
20:54:03.0154 1076        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:54:03.0200 1076        BrSerWdm - ok
20:54:03.0216 1076        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:54:03.0263 1076        BrUsbMdm - ok
20:54:03.0278 1076        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:54:03.0294 1076        BrUsbSer - ok
20:54:03.0341 1076        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:54:03.0434 1076        BthEnum - ok
20:54:03.0466 1076        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:54:03.0559 1076        BTHMODEM - ok
20:54:03.0590 1076        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:54:03.0668 1076        BthPan - ok
20:54:03.0731 1076        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:54:03.0793 1076        BTHPORT - ok
20:54:03.0824 1076        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:54:03.0887 1076        BTHUSB - ok
20:54:03.0918 1076        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:54:03.0980 1076        cdfs - ok
20:54:04.0043 1076        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:54:04.0136 1076        cdrom - ok
20:54:04.0183 1076        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:54:04.0261 1076        circlass - ok
20:54:04.0308 1076        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:54:04.0324 1076        CLFS - ok
20:54:04.0370 1076        clwvd          (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
20:54:04.0402 1076        clwvd - ok
20:54:04.0464 1076        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:54:04.0495 1076        CmBatt - ok
20:54:04.0542 1076        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:54:04.0558 1076        cmdide - ok
20:54:04.0636 1076        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:54:04.0682 1076        CNG - ok
20:54:04.0760 1076        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:54:04.0792 1076        Compbatt - ok
20:54:04.0854 1076        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:54:04.0916 1076        CompositeBus - ok
20:54:04.0948 1076        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:54:04.0979 1076        crcdisk - ok
20:54:05.0057 1076        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:54:05.0135 1076        DfsC - ok
20:54:05.0150 1076        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:54:05.0197 1076        discache - ok
20:54:05.0260 1076        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:54:05.0275 1076        Disk - ok
20:54:05.0322 1076        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:54:05.0338 1076        drmkaud - ok
20:54:05.0416 1076        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:54:05.0447 1076        DXGKrnl - ok
20:54:05.0572 1076        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:54:05.0618 1076        ebdrv - ok
20:54:05.0774 1076        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:54:05.0806 1076        elxstor - ok
20:54:05.0837 1076        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:54:05.0884 1076        ErrDev - ok
20:54:05.0930 1076        ETD            (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys
20:54:05.0946 1076        ETD - ok
20:54:06.0008 1076        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:54:06.0055 1076        exfat - ok
20:54:06.0086 1076        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:54:06.0118 1076        fastfat - ok
20:54:06.0227 1076        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:54:06.0274 1076        fdc - ok
20:54:06.0320 1076        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:54:06.0336 1076        FileInfo - ok
20:54:06.0352 1076        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:54:06.0414 1076        Filetrace - ok
20:54:06.0430 1076        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:54:06.0445 1076        flpydisk - ok
20:54:06.0476 1076        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:54:06.0508 1076        FltMgr - ok
20:54:06.0523 1076        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:54:06.0539 1076        FsDepends - ok
20:54:06.0554 1076        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:54:06.0554 1076        Fs_Rec - ok
20:54:06.0617 1076        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:54:06.0648 1076        fvevol - ok
20:54:06.0679 1076        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:54:06.0695 1076        gagp30kx - ok
20:54:06.0726 1076        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:54:06.0788 1076        hcw85cir - ok
20:54:06.0851 1076        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:54:06.0882 1076        HdAudAddService - ok
20:54:06.0944 1076        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:54:06.0991 1076        HDAudBus - ok
20:54:07.0007 1076        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:54:07.0054 1076        HidBatt - ok
20:54:07.0054 1076        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:54:07.0085 1076        HidBth - ok
20:54:07.0116 1076        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:54:07.0163 1076        HidIr - ok
20:54:07.0272 1076        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:54:07.0303 1076        HidUsb - ok
20:54:07.0366 1076        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:54:07.0381 1076        HpSAMD - ok
20:54:07.0459 1076        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:54:07.0522 1076        HTTP - ok
20:54:07.0553 1076        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:54:07.0553 1076        hwpolicy - ok
20:54:07.0584 1076        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:54:07.0600 1076        i8042prt - ok
20:54:07.0646 1076        iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
20:54:07.0678 1076        iaStor - ok
20:54:07.0709 1076        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
20:54:07.0724 1076        iaStorV - ok
20:54:07.0896 1076        igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:54:08.0083 1076        igfx - ok
20:54:08.0177 1076        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:54:08.0208 1076        iirsp - ok
20:54:08.0333 1076        IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\Windows\system32\drivers\RTKVHD64.sys
20:54:08.0364 1076        IntcAzAudAddService - ok
20:54:08.0473 1076        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:54:08.0489 1076        intelide - ok
20:54:08.0536 1076        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:54:08.0567 1076        intelppm - ok
20:54:08.0629 1076        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:54:08.0692 1076        IpFilterDriver - ok
20:54:08.0754 1076        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:54:08.0801 1076        IPMIDRV - ok
20:54:08.0848 1076        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:54:08.0894 1076        IPNAT - ok
20:54:08.0910 1076        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:54:08.0941 1076        IRENUM - ok
20:54:08.0988 1076        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:54:09.0019 1076        isapnp - ok
20:54:09.0050 1076        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:54:09.0066 1076        iScsiPrt - ok
20:54:09.0113 1076        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:54:09.0128 1076        kbdclass - ok
20:54:09.0175 1076        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:54:09.0222 1076        kbdhid - ok
20:54:09.0284 1076        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:54:09.0300 1076        KSecDD - ok
20:54:09.0347 1076        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:54:09.0362 1076        KSecPkg - ok
20:54:09.0394 1076        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:54:09.0440 1076        ksthunk - ok
20:54:09.0487 1076        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:54:09.0550 1076        lltdio - ok
20:54:09.0612 1076        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:54:09.0612 1076        LSI_FC - ok
20:54:09.0643 1076        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:54:09.0659 1076        LSI_SAS - ok
20:54:09.0690 1076        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:54:09.0706 1076        LSI_SAS2 - ok
20:54:09.0721 1076        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:54:09.0737 1076        LSI_SCSI - ok
20:54:09.0768 1076        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:54:09.0799 1076        luafv - ok
20:54:09.0846 1076        MBAMProtector  (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
20:54:09.0862 1076        MBAMProtector - ok
20:54:09.0893 1076        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:54:09.0908 1076        megasas - ok
20:54:09.0924 1076        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:54:09.0940 1076        MegaSR - ok
20:54:09.0986 1076        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:54:10.0002 1076        MEIx64 - ok
20:54:10.0033 1076        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:54:10.0096 1076        Modem - ok
20:54:10.0142 1076        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:54:10.0189 1076        monitor - ok
20:54:10.0252 1076        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:54:10.0252 1076        mouclass - ok
20:54:10.0283 1076        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:54:10.0314 1076        mouhid - ok
20:54:10.0345 1076        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:54:10.0361 1076        mountmgr - ok
20:54:10.0392 1076        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:54:10.0408 1076        mpio - ok
20:54:10.0423 1076        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:54:10.0501 1076        mpsdrv - ok
20:54:10.0517 1076        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:54:10.0595 1076        MRxDAV - ok
20:54:10.0642 1076        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:54:10.0688 1076        mrxsmb - ok
20:54:10.0704 1076        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:54:10.0751 1076        mrxsmb10 - ok
20:54:10.0766 1076        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:54:10.0798 1076        mrxsmb20 - ok
20:54:10.0844 1076        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:54:10.0860 1076        msahci - ok
20:54:10.0891 1076        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:54:10.0922 1076        msdsm - ok
20:54:10.0969 1076        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:54:11.0016 1076        Msfs - ok
20:54:11.0032 1076        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:54:11.0063 1076        mshidkmdf - ok
20:54:11.0078 1076        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:54:11.0094 1076        msisadrv - ok
20:54:11.0125 1076        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:54:11.0156 1076        MSKSSRV - ok
20:54:11.0172 1076        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:54:11.0203 1076        MSPCLOCK - ok
20:54:11.0219 1076        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:54:11.0266 1076        MSPQM - ok
20:54:11.0297 1076        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:54:11.0328 1076        MsRPC - ok
20:54:11.0359 1076        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:54:11.0375 1076        mssmbios - ok
20:54:11.0390 1076        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:54:11.0437 1076        MSTEE - ok
20:54:11.0453 1076        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:54:11.0484 1076        MTConfig - ok
20:54:11.0500 1076        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:54:11.0531 1076        Mup - ok
20:54:11.0593 1076        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:54:11.0640 1076        NativeWifiP - ok
20:54:11.0702 1076        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
20:54:11.0734 1076        NDIS - ok
20:54:11.0874 1076        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:54:11.0936 1076        NdisCap - ok
20:54:11.0968 1076        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:54:12.0046 1076        NdisTapi - ok
20:54:12.0077 1076        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:54:12.0108 1076        Ndisuio - ok
20:54:12.0155 1076        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:54:12.0217 1076        NdisWan - ok
20:54:12.0264 1076        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:54:12.0342 1076        NDProxy - ok
20:54:12.0389 1076        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:54:12.0467 1076        NetBIOS - ok
20:54:12.0498 1076        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:54:12.0545 1076        NetBT - ok
20:54:12.0576 1076        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:54:12.0592 1076        nfrd960 - ok
20:54:12.0654 1076        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:54:12.0716 1076        Npfs - ok
20:54:12.0748 1076        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:54:12.0810 1076        nsiproxy - ok
20:54:12.0888 1076        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
20:54:12.0950 1076        Ntfs - ok
20:54:12.0966 1076        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:54:13.0060 1076        Null - ok
20:54:13.0138 1076        NVHDA          (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
20:54:13.0153 1076        NVHDA - ok
20:54:13.0418 1076        nvlddmkm        (7328528daf9b8a486e16595a35043db0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:54:13.0574 1076        nvlddmkm - ok
20:54:13.0668 1076        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
20:54:13.0699 1076        nvraid - ok
20:54:13.0730 1076        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
20:54:13.0746 1076        nvstor - ok
20:54:13.0824 1076        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:54:13.0840 1076        nv_agp - ok
20:54:13.0871 1076        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:54:13.0918 1076        ohci1394 - ok
20:54:13.0964 1076        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:54:13.0996 1076        Parport - ok
20:54:14.0027 1076        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:54:14.0042 1076        partmgr - ok
20:54:14.0089 1076        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:54:14.0120 1076        pci - ok
20:54:14.0136 1076        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:54:14.0152 1076        pciide - ok
20:54:14.0183 1076        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:54:14.0198 1076        pcmcia - ok
20:54:14.0214 1076        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:54:14.0230 1076        pcw - ok
20:54:14.0261 1076        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:54:14.0323 1076        PEAUTH - ok
20:54:14.0401 1076        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:54:14.0448 1076        PptpMiniport - ok
20:54:14.0495 1076        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:54:14.0526 1076        Processor - ok
20:54:14.0588 1076        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:54:14.0666 1076        Psched - ok
20:54:14.0713 1076        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:54:14.0744 1076        ql2300 - ok
20:54:14.0760 1076        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:54:14.0776 1076        ql40xx - ok
20:54:14.0791 1076        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:54:14.0822 1076        QWAVEdrv - ok
20:54:14.0854 1076        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:54:14.0885 1076        RasAcd - ok
20:54:14.0916 1076        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:54:14.0994 1076        RasAgileVpn - ok
20:54:15.0041 1076        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:54:15.0103 1076        Rasl2tp - ok
20:54:15.0134 1076        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:54:15.0228 1076        RasPppoe - ok
20:54:15.0290 1076        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:54:15.0368 1076        RasSstp - ok
20:54:15.0400 1076        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:54:15.0446 1076        rdbss - ok
20:54:15.0478 1076        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:54:15.0493 1076        rdpbus - ok
20:54:15.0524 1076        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:54:15.0556 1076        RDPCDD - ok
20:54:15.0571 1076        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:54:15.0602 1076        RDPENCDD - ok
20:54:15.0618 1076        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:54:15.0634 1076        RDPREFMP - ok
20:54:15.0680 1076        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:54:15.0743 1076        RDPWD - ok
20:54:15.0790 1076        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:54:15.0821 1076        rdyboost - ok
20:54:15.0883 1076        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:54:15.0914 1076        RFCOMM - ok
20:54:15.0961 1076        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:54:16.0008 1076        rspndr - ok
20:54:16.0070 1076        RTL8167        (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:54:16.0102 1076        RTL8167 - ok
20:54:16.0180 1076        rtport          (4ca0dba9e224473d664c25e411f5a3bd) C:\Windows\SysWOW64\drivers\rtport.sys
20:54:16.0195 1076        rtport - ok
20:54:16.0289 1076        SABI            (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
20:54:16.0320 1076        SABI - ok
20:54:16.0367 1076        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:54:16.0382 1076        sbp2port - ok
20:54:16.0429 1076        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:54:16.0507 1076        scfilter - ok
20:54:16.0554 1076        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:54:16.0601 1076        secdrv - ok
20:54:16.0663 1076        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:54:16.0694 1076        Serenum - ok
20:54:16.0726 1076        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:54:16.0788 1076        Serial - ok
20:54:16.0819 1076        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:54:16.0882 1076        sermouse - ok
20:54:16.0913 1076        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:54:16.0944 1076        sffdisk - ok
20:54:16.0975 1076        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:54:17.0006 1076        sffp_mmc - ok
20:54:17.0022 1076        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:54:17.0053 1076        sffp_sd - ok
20:54:17.0084 1076        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:54:17.0116 1076        sfloppy - ok
20:54:17.0162 1076        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:54:17.0194 1076        SiSRaid2 - ok
20:54:17.0209 1076        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:54:17.0225 1076        SiSRaid4 - ok
20:54:17.0240 1076        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:54:17.0303 1076        Smb - ok
20:54:17.0334 1076        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:54:17.0350 1076        spldr - ok
20:54:17.0381 1076        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:54:17.0443 1076        srv - ok
20:54:17.0474 1076        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:54:17.0521 1076        srv2 - ok
20:54:17.0568 1076        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:54:17.0599 1076        srvnet - ok
20:54:17.0662 1076        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:54:17.0677 1076        stexstor - ok
20:54:17.0740 1076        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:54:17.0786 1076        StillCam - ok
20:54:17.0833 1076        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:54:17.0849 1076        swenum - ok
20:54:17.0958 1076        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:54:17.0989 1076        Tcpip - ok
20:54:18.0145 1076        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:54:18.0176 1076        TCPIP6 - ok
20:54:18.0286 1076        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:54:18.0379 1076        tcpipreg - ok
20:54:18.0410 1076        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:54:18.0457 1076        TDPIPE - ok
20:54:18.0457 1076        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:54:18.0488 1076        TDTCP - ok
20:54:18.0520 1076        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:54:18.0582 1076        tdx - ok
20:54:18.0613 1076        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:54:18.0629 1076        TermDD - ok
20:54:18.0660 1076        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:54:18.0722 1076        tssecsrv - ok
20:54:18.0754 1076        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:54:18.0785 1076        TsUsbFlt - ok
20:54:18.0832 1076        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:54:18.0894 1076        tunnel - ok
20:54:18.0956 1076        TurboB          (48743b69ea47c020a792d8649f753f44) C:\Windows\system32\DRIVERS\TurboB.sys
20:54:18.0972 1076        TurboB - ok
20:54:19.0019 1076        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:54:19.0034 1076        uagp35 - ok
20:54:19.0066 1076        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:54:19.0128 1076        udfs - ok
20:54:19.0175 1076        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:54:19.0206 1076        uliagpkx - ok
20:54:19.0237 1076        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:54:19.0284 1076        umbus - ok
20:54:19.0300 1076        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:54:19.0331 1076        UmPass - ok
20:54:19.0378 1076        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
20:54:19.0409 1076        usbccgp - ok
20:54:19.0440 1076        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:54:19.0471 1076        usbcir - ok
20:54:19.0502 1076        usbehci        (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
20:54:19.0534 1076        usbehci - ok
20:54:19.0596 1076        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
20:54:19.0643 1076        usbhub - ok
20:54:19.0658 1076        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
20:54:19.0690 1076        usbohci - ok
20:54:19.0721 1076        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:54:19.0752 1076        usbprint - ok
20:54:19.0799 1076        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:54:19.0846 1076        USBSTOR - ok
20:54:19.0877 1076        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
20:54:19.0924 1076        usbuhci - ok
20:54:19.0970 1076        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:54:20.0033 1076        usbvideo - ok
20:54:20.0064 1076        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:54:20.0080 1076        vdrvroot - ok
20:54:20.0142 1076        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:54:20.0173 1076        vga - ok
20:54:20.0189 1076        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:54:20.0220 1076        VgaSave - ok
20:54:20.0267 1076        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:54:20.0282 1076        vhdmp - ok
20:54:20.0314 1076        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:54:20.0345 1076        viaide - ok
20:54:20.0392 1076        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:54:20.0407 1076        volmgr - ok
20:54:20.0454 1076        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:54:20.0470 1076        volmgrx - ok
20:54:20.0516 1076        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:54:20.0548 1076        volsnap - ok
20:54:20.0594 1076        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:54:20.0626 1076        vsmraid - ok
20:54:20.0641 1076        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:54:20.0672 1076        vwifibus - ok
20:54:20.0719 1076        vwififlt        (13a0decd1794de60a8427862c8669d27) C:\Windows\system32\DRIVERS\vwififlt.sys
20:54:20.0766 1076        vwififlt - ok
20:54:20.0797 1076        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:54:20.0828 1076        WacomPen - ok
20:54:20.0875 1076        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:54:20.0953 1076        WANARP - ok
20:54:20.0953 1076        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:54:20.0969 1076        Wanarpv6 - ok
20:54:21.0000 1076        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:54:21.0000 1076        Wd - ok
20:54:21.0031 1076        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:54:21.0047 1076        Wdf01000 - ok
20:54:21.0094 1076        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:54:21.0156 1076        WfpLwf - ok
20:54:21.0172 1076        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:54:21.0172 1076        WIMMount - ok
20:54:21.0250 1076        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:54:21.0281 1076        WmiAcpi - ok
20:54:21.0296 1076        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:54:21.0343 1076        ws2ifsl - ok
20:54:21.0374 1076        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:54:21.0421 1076        WudfPf - ok
20:54:21.0437 1076        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:54:21.0515 1076        WUDFRd - ok
20:54:21.0546 1076        MBR (0x1B8)    (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
20:54:21.0780 1076        \Device\Harddisk0\DR0 - ok
20:54:21.0796 1076        Boot (0x1200)  (a71f9d4598d239d26ca108ec7b2813b3) \Device\Harddisk0\DR0\Partition0
20:54:21.0796 1076        \Device\Harddisk0\DR0\Partition0 - ok
20:54:21.0827 1076        Boot (0x1200)  (91d1f98eb7ad2d47b9092638b4221da1) \Device\Harddisk0\DR0\Partition1
20:54:21.0827 1076        \Device\Harddisk0\DR0\Partition1 - ok
20:54:21.0858 1076        Boot (0x1200)  (9ca2888cbb029f66486ca030d1b40989) \Device\Harddisk0\DR0\Partition2
20:54:21.0858 1076        \Device\Harddisk0\DR0\Partition2 - ok
20:54:21.0858 1076        ============================================================
20:54:21.0858 1076        Scan finished
20:54:21.0858 1076        ============================================================
20:54:21.0889 4044        Detected object count: 0
20:54:21.0889 4044        Actual detected object count: 0

cosinus 19.12.2011 21:04
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

habata 19.12.2011 21:54
Hier das Ergebnis von ComboFix:


Code:
ComboFix 11-12-19.01 - *** 19.12.2011  21:36:33.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6124.4716 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\AcroIEHelpe.txt
c:\users\***\AppData\Roaming\srvblck2.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-19 bis 2011-12-19  ))))))))))))))))))))))))))))))
.
.
2011-12-19 20:40 . 2011-12-19 20:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-19 18:53 . 2011-12-19 18:53        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C955098-79BF-425A-A543-5D230B4ABB27}\offreg.dll
2011-12-19 18:48 . 2011-12-19 18:48        --------        d-----w-        C:\_OTL
2011-12-19 15:52 . 2011-12-19 15:52        --------        d-----w-        c:\program files (x86)\ESET
2011-12-19 14:50 . 2011-12-19 14:50        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-19 14:50 . 2011-12-19 14:50        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-19 14:50 . 2011-08-31 16:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-16 17:06 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C955098-79BF-425A-A543-5D230B4ABB27}\mpengine.dll
2011-12-14 17:33 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-14 17:27 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-12-14 17:27 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-14 17:27 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-12-14 17:27 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-14 17:27 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-12-13 11:28 . 2011-12-13 11:28        --------        d-----w-        c:\programdata\NVIDIA
2011-12-13 11:27 . 2011-12-13 11:27        --------        d-----w-        c:\programdata\NVIDIA Corporation
2011-12-12 19:41 . 2011-12-12 19:41        --------        d-----w-        c:\program files\Tracker Software
2011-12-09 18:47 . 2011-12-09 18:47        --------        d-----w-        c:\windows\system32\SPReview
2011-12-09 18:46 . 2011-12-09 18:46        --------        d-----w-        c:\windows\system32\EventProviders
2011-12-06 20:07 . 2011-12-06 20:07        --------        d-----w-        c:\programdata\TVU Networks
2011-12-05 16:30 . 2011-12-08 20:02        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-12-05 16:30 . 2011-12-05 16:30        --------        d-----w-        c:\programdata\Avira
2011-12-05 16:30 . 2011-12-05 16:30        --------        d-----w-        c:\program files (x86)\Avira
2011-12-05 16:30 . 2011-10-19 15:56        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-12-05 16:30 . 2011-10-19 15:56        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2011-11-30 19:04 . 2010-11-20 13:27        754176        ----a-w-        c:\windows\system32\wbem\WmiPrvSD.dll
2011-11-30 19:03 . 2010-11-20 13:26        399872        ----a-w-        c:\windows\system32\dpx.dll
2011-11-30 19:03 . 2010-11-20 12:21        189952        ----a-w-        c:\windows\SysWow64\wdscore.dll
2011-11-30 19:03 . 2010-11-20 12:21        189952        ----a-w-        c:\windows\SysWow64\sqmapi.dll
2011-11-30 19:03 . 2010-11-20 12:21        363008        ----a-w-        c:\windows\SysWow64\wbemcomn.dll
2011-11-30 19:03 . 2010-11-20 12:21        189952        ----a-w-        c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2011-11-30 19:03 . 2010-11-20 12:19        606208        ----a-w-        c:\windows\SysWow64\wbem\fastprox.dll
2011-11-30 19:02 . 2010-11-20 13:27        529408        ----a-w-        c:\windows\system32\wbemcomn.dll
2011-11-30 19:02 . 2010-11-20 13:27        244736        ----a-w-        c:\program files\Windows Portable Devices\sqmapi.dll
2011-11-30 19:02 . 2010-11-20 13:27        244736        ----a-w-        c:\windows\system32\sqmapi.dll
2011-11-30 18:36 . 2011-04-28 03:55        552960        ----a-w-        c:\windows\system32\drivers\bthport.sys
2011-11-30 18:36 . 2011-04-28 03:54        80384        ----a-w-        c:\windows\system32\drivers\BTHUSB.SYS
2011-11-30 18:36 . 2010-11-20 13:24        229376        ----a-w-        c:\windows\system32\fsquirt.exe
2011-11-29 19:02 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe
2011-11-28 19:47 . 2010-12-17 11:40        715776        ----a-w-        c:\windows\system32\kerberos.dll
2011-11-28 19:47 . 2010-12-17 07:07        542208        ----a-w-        c:\windows\SysWow64\kerberos.dll
2011-11-28 19:45 . 2011-02-19 12:03        46080        ----a-w-        c:\windows\system32\atmlib.dll
2011-11-28 19:45 . 2011-02-19 09:00        367616        ----a-w-        c:\windows\system32\atmfd.dll
2011-11-28 19:45 . 2011-02-19 06:30        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-11-28 19:45 . 2011-02-19 04:34        294912        ----a-w-        c:\windows\SysWow64\atmfd.dll
2011-11-28 19:45 . 2010-09-30 10:41        100864        ----a-w-        c:\windows\system32\fontsub.dll
2011-11-28 19:45 . 2010-09-30 06:47        70656        ----a-w-        c:\windows\SysWow64\fontsub.dll
2011-11-28 19:45 . 2011-03-03 06:24        183296        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-11-28 19:45 . 2011-03-03 06:21        30208        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-11-28 19:45 . 2011-03-03 05:36        28672        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe
2011-11-28 19:43 . 2011-06-23 04:33        3912576        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2011-11-28 19:43 . 2011-06-23 04:33        3967872        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2011-11-27 21:22 . 2011-12-19 11:33        --------        d-----w-        c:\users\***
2011-11-27 21:20 . 2011-11-27 21:20        --------        d-----w-        C:\Recovery
2011-11-27 19:40 . 2011-12-05 16:22        --------        d-----w-        c:\program files (x86)\Common Files\Symantec Shared
2011-11-27 19:03 . 2011-11-27 19:03        --------        d-----w-        c:\program files\7-Zip
2011-11-27 17:56 . 2011-11-27 17:56        --------        d-----r-        c:\program files (x86)\Skype
2011-11-27 14:41 . 2011-11-27 14:41        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-27 14:41 . 2011-11-27 14:41        --------        d-----w-        c:\windows\system32\Macromed
2011-11-27 14:39 . 2011-05-24 17:14        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-27 14:28 . 2011-11-27 17:56        --------        d-----w-        c:\programdata\Skype
2011-11-27 14:28 . 2011-11-27 14:28        --------        d-----w-        c:\program files (x86)\Deskperience
2011-11-27 14:27 . 2011-11-27 14:27        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2011-11-27 14:26 . 2011-11-27 14:26        --------        d-----w-        c:\program files\Elantech
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 18:56 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-12-09 18:56 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-11-27 21:22 . 2010-06-24 02:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 79339320
*Deregistered* - 79339320
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2u0a5l79.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-19  21:42:50
ComboFix-quarantined-files.txt  2011-12-19 20:42
.
Vor Suchlauf: 8 Verzeichnis(se), 194.290.761.728 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 194.176.606.208 Bytes frei
.
- - End Of File - - E1A210942B7A5EFAB8120234FCD36E93

cosinus 19.12.2011 22:09
Zitat:
2011-11-27 21:22 . 2011-12-19 11:33 -------- d-----w- c:\users\***
Bitte wirklich nur den NAMEN zensieren nicht was danach kommt weglöschen oder war danach nicht mehr da?

habata 19.12.2011 22:18
So wie es hier rein kopiert ist, ist es korrekt. Ich habe die Suchen/Ersetzen-Funktion zum Editieren des Benutznamens verwendet, also nichts händisch gelöscht.

Bin es eben anhand der Originaldatei nochmal Schritt für Schritt durchgegangen. Das Ergebnis ist das Gleiche wie oben bereits gepostet.


Ist das jetzt gut oder schlecht? ;)

cosinus 19.12.2011 23:07
Naja, ich hatte die Befürchtung da wäre mehr gelöscht. :eek:

:D

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

habata 19.12.2011 23:39
Hier der Inhalt der aswMBR:

Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-19 23:22:24
-----------------------------
23:22:24.412    OS Version: Windows x64 6.1.7601 Service Pack 1
23:22:24.412    Number of processors: 4 586 0x2A07
23:22:24.412    ComputerName: ***-PC  UserName: ***
23:22:24.864    Initialize success
23:23:56.489    AVAST engine defs: 11121901
23:28:35.043    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:28:35.043    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
23:28:35.059    Disk 0 MBR read successfully
23:28:35.074    Disk 0 MBR scan
23:28:35.074    Disk 0 unknown MBR code
23:28:35.090    Service scanning
23:28:36.166    Modules scanning
23:28:36.166    Disk 0 trace - called modules:
23:28:36.213    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:28:36.213    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007843060]
23:28:36.229    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800599a050]
23:28:36.603    AVAST engine scan C:\Windows
23:28:40.581    AVAST engine scan C:\Windows\system32
23:30:07.333    AVAST engine scan C:\Windows\system32\drivers
23:30:17.005    AVAST engine scan C:\Users\***
23:30:39.531    AVAST engine scan C:\ProgramData
23:31:19.655    Scan finished successfully
23:34:15.904    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
23:34:15.904    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Ich danke nochmals für die Mühe!

cosinus 20.12.2011 00:06
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

habata 20.12.2011 00:31
Hat alles Problemlos und ohne Datenverlust funktioniert.
Ein zweites Betriebssystem ist nicht installiert.

Hier das logfile im Anschluss an den Neustart und erneuten Scan:

Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-20 00:17:07
-----------------------------
00:17:07.170    OS Version: Windows x64 6.1.7601 Service Pack 1
00:17:07.170    Number of processors: 4 586 0x2A07
00:17:07.170    ComputerName: ***-PC  UserName: ***
00:17:07.638    Initialize success
00:17:13.332    AVAST engine defs: 11121901
00:17:21.272    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:17:21.272    Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
00:17:21.303    Disk 0 MBR read successfully
00:17:21.303    Disk 0 MBR scan
00:17:21.319    Disk 0 Windows 7 default MBR code
00:17:21.319    Service scanning
00:17:23.737    Modules scanning
00:17:23.737    Disk 0 trace - called modules:
00:17:23.768    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:17:23.768    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007826060]
00:17:23.784    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80059b1050]
00:17:24.236    AVAST engine scan C:\Windows
00:17:29.369    AVAST engine scan C:\Windows\system32
00:19:34.590    AVAST engine scan C:\Windows\system32\drivers
00:19:46.228    AVAST engine scan C:\Users\***
00:20:12.217    AVAST engine scan C:\ProgramData
00:20:57.130    Scan finished successfully
00:21:10.125    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
00:21:10.125    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR2.txt"

cosinus 20.12.2011 00:43
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


habata 20.12.2011 14:06
Liste der Anhänge anzeigen (Anzahl: 1)
Die beiden Scans mir Malewarebytes und SuperAntiSpyware sind erledigt.

Für SuperAntiSpyware habe ich einen Screenshot mit angehängt, da ich mir nicht sicher bin wie weiter zu verfahren ist. Vorerst nichts löschen oder alle Objekte entfernen und später wiederherstellen? Bitte hierzu um Hilfe.

Der Scan mit dem ESET Online Scanner folgt dann im Anschluss.


Logfile Malewarebytes:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8401

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20.12.2011 12:07:37
mbam-log-2011-12-20 (12-07-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 335240
Laufzeit: 30 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Logfile SuperAntiSpyware:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/20/2011 at 01:39 PM

Application Version : 5.0.1142

Core Rules Database Version : 8070
Trace Rules Database Version: 5882

Scan type      : Complete Scan
Total Scan Time : 01:18:19

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 546
Memory threats detected  : 0
Registry items scanned    : 69846
Registry threats detected : 0
File items scanned        : 166346
File threats detected    : 480

Adware.Tracking Cookie
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[1].txt [ /apmebf ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt [ /doubleclick ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@insightexpressai[1].txt [ /insightexpressai ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mediaplex[1].txt [ /mediaplex ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\ZT7XAOGI.txt [ /c.atdmt.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\LKUAW01K.txt [ /atdmt.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WWSXHKUZ.txt [ /serving-sys.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SOI22GI2.txt [ /adbrite.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\3RLUVK4R.txt [ /ads.adk2.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\D1LMR743.txt [ /specificclick.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\M8DAX6WN.txt [ /ad.adition.net ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WSEQUZOE.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\ZNLXCIEK.txt [ /bs.serving-sys.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\0NL7B4F3.txt [ /invitemedia.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\OIOG7RDP.txt [ /ads.creative-serving.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\J9EAPG8T.txt [ /adserver.adtechus.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\N6FRCJFR.txt [ /ad.yieldmanager.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WC2DY8LJ.txt [ /adfarm1.adition.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\3RWGEJ09.txt [ /ad3.adfarm1.adition.com ]
        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BVPN2DCE.txt [ /imrworldwide.com ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@c.atdmt[2].txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@doubleclick[1].txt [ Cookie:***@doubleclick.net/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@atdmt[1].txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@apmebf[1].txt [ Cookie:***@apmebf.com/ ]
        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\***@insightexpressai[1].txt [ Cookie:***@insightexpressai.com/ ]
        C:\USERS\***\Cookies\ZT7XAOGI.txt [ Cookie:***@c.atdmt.com/ ]
        C:\USERS\***\Cookies\***@doubleclick[1].txt [ Cookie:***@doubleclick.net/ ]
        C:\USERS\***\Cookies\LKUAW01K.txt [ Cookie:***@atdmt.com/ ]
        C:\USERS\***\Cookies\WWSXHKUZ.txt [ Cookie:***@serving-sys.com/ ]
        C:\USERS\***\Cookies\D1LMR743.txt [ Cookie:***@specificclick.net/ ]
        C:\USERS\***\Cookies\WSEQUZOE.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
        C:\USERS\***\Cookies\0NL7B4F3.txt [ Cookie:***@invitemedia.com/ ]
        C:\USERS\***\Cookies\***@apmebf[1].txt [ Cookie:***@apmebf.com/ ]
        C:\USERS\***\Cookies\***@insightexpressai[1].txt [ Cookie:***@insightexpressai.com/ ]
        C:\USERS\***\Cookies\J9EAPG8T.txt [ Cookie:***@adserver.adtechus.com/ ]
        C:\USERS\***\Cookies\WC2DY8LJ.txt [ Cookie:***@adfarm1.adition.com/ ]
        C:\USERS\***\Cookies\3RWGEJ09.txt [ Cookie:***@ad3.adfarm1.adition.com/ ]
        C:\USERS\***\Cookies\BVPN2DCE.txt [ Cookie:***@imrworldwide.com/cgi-bin ]
        C:\USERS\***\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\***@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
        .adultfriendfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .dmtracker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        dc.tremormedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.jdtracker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ads2.zeusclicks.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .banners.bookofsex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ads.zeusclicks.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .hightraffic.hugoboss.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .stats.ilivid.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        stats.comunio.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .stats.comunio.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .stats.comunio.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .stats.comunio.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        stats.comunio.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        stats.comunio.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ads.crakmedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adultfriendfinder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        clicktrace.info [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .clicktrace.info [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .clicktrace.info [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .sexad.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .banners.bookofsex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .banners.bookofsex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .banners.bookofsex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .banners.bookofsex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .banners.bookofsex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .harrenmedianetwork.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ads.247activemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        adsrv1.admediate.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .admediate.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .pro-market.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .aim4media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .aim4media.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        www.usenext.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        publishers.domainadvertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        www4.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        tracker.roitesting.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .sonyeurope.112.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        stats.computecmedia.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        banner.slashcam.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        int.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        int.sitestat.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        sales.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .www.burstnet.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        server.lon.liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .e-2dj6wjl4ukajefp.stats.esomniture.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .dyntracker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        stats.finepix.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        banner.testberichte.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .de.partypoker.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]
        .googleads.g.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2U0A5L79.DEFAULT\COOKIES.SQLITE ]

Besten Dank!

cosinus 20.12.2011 14:17
Das sind nur harmlose Cookies, aber die können weg.
Was ist mit ESET?

habata 20.12.2011 15:28
Cookies gelöscht und anschließender Scan mit dem ESET Online Scanner.

Logfile:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bffb8155db75b24ea5cd8db6c0590aee
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-19 04:53:24
# local_time=2011-12-19 05:53:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1211052 1211052 0 0
# compatibility_mode=5893 16776573 100 94 4131 75939931 0 0
# compatibility_mode=8192 67108863 100 0 3760 3760 0 0
# scanned=210181
# found=9
# cleaned=0
# scan_time=3523
C:\Users\***\AppData\Roaming\5059\components\AcroFF0595.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\5059\components\AcroFF0596.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\5060\components\AcroFF0600.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\5060\components\AcroFF0605.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\5060\components\AcroFF0606.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\5061\components\AcroFF061.dll        a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\5061\components\AcroFF0610.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\5061\components\AcroFF0615.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\5061\components\AcroFF0616.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bffb8155db75b24ea5cd8db6c0590aee
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 02:20:41
# local_time=2011-12-20 03:20:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1288529 1288529 0 0
# compatibility_mode=5893 16776573 100 94 3697 76017408 0 0
# compatibility_mode=8192 67108863 100 0 81237 81237 0 0
# scanned=177237
# found=9
# cleaned=0
# scan_time=3283
C:\_OTL\MovedFiles\12192011_194841\C_Users\***\AppData\Roaming\5059\components\AcroFF0595.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12192011_194841\C_Users\***\AppData\Roaming\5059\components\AcroFF0596.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12192011_194841\C_Users\***\AppData\Roaming\5060\components\AcroFF0600.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12192011_194841\C_Users\***\AppData\Roaming\5060\components\AcroFF0605.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12192011_194841\C_Users\***\AppData\Roaming\5060\components\AcroFF0606.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12192011_194841\C_Users\***\AppData\Roaming\5061\components\AcroFF061.dll        a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12192011_194841\C_Users\***\AppData\Roaming\5061\components\AcroFF0610.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12192011_194841\C_Users\***\AppData\Roaming\5061\components\AcroFF0615.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12192011_194841\C_Users\***\AppData\Roaming\5061\components\AcroFF0616.dll        probably a variant of Win32/Spy.Banker.WZJ trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 20.12.2011 16:05
Das sind nur isolierte Überreste in der Q von OTL
Rechner soweit wieder im Lot?

habata 20.12.2011 16:13
Rechner ist im Lot. Konnte keine Probleme feststellen.

Kann die abgelgte Sicherung jetzt händisch gelöscht werden?

Ich danke Dir jedenfalls vielmals für die ausgezeichnete und schnelle Hilfe!

Kannst du eingrenzen woran es gelegen hat bzw. um welche Art Trojaner es sich gehandelt hat?

cosinus 20.12.2011 16:15
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.


Flashplayer
Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers => Adobe - Andere Version des Adobe Flash Player installieren
(Alternativ bei Chip => http://filepony.de/?q=Flash+Player)

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131