Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Malware.Packer.GenX bei Alcohol 120% Testversion (https://www.trojaner-board.de/123992-malware-packer-genx-alcohol-120-testversion.html)

cosinus 20.09.2012 21:50
War richtig so

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

meheeco 21.09.2012 17:19
Keine Ahnung, ob ich alles richtig gemacht habe, aber hier das Ergebnis.


Combofix Logfile:
Code:
ComboFix 12-09-20.03 - M*** 21.09.2012  17:55:28.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3948.2441 [GMT 2:00]
ausgeführt von:: c:\users\M***\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-21 bis 2012-09-21  ))))))))))))))))))))))))))))))
.
.
2012-09-21 12:47 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{632D069C-BC02-4E06-B8A1-57A005B35011}\mpengine.dll
2012-09-19 18:00 . 2012-09-19 18:00        --------        d-----w-        C:\_OTL
2012-09-14 19:41 . 2012-09-14 19:41        --------        d-----w-        c:\users\M***\AppData\Local\Xara
2012-09-14 19:41 . 2012-09-14 19:41        --------        d-----w-        c:\program files (x86)\Common Files\MAGIX Shared
2012-09-14 18:44 . 2012-09-14 18:44        --------        d-----w-        c:\users\M***\AppData\Roaming\AquaSoft
2012-09-14 18:39 . 2012-09-14 18:39        --------        d-----w-        c:\users\M***\AppData\Local\PackageAware
2012-09-12 19:06 . 2012-09-12 19:06        --------        d-----w-        c:\users\M***\AppData\Roaming\Malwarebytes
2012-09-12 19:06 . 2012-09-12 19:06        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-12 19:06 . 2012-09-12 19:06        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-12 19:06 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-12 17:57 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-12 17:57 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 17:57 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-12 17:57 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2012-09-12 17:57 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-12 17:57 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-12 17:57 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-03 18:41 . 2012-09-03 18:41        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-30 11:51 . 2012-08-30 11:51        --------        d-----w-        c:\program files (x86)\Alcohol Soft
2012-08-30 11:47 . 2012-09-14 18:41        530488        ----a-w-        c:\windows\system32\drivers\sptd.sys
2012-08-28 20:40 . 2012-08-28 20:40        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-08-28 20:39 . 2012-09-03 18:41        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 17:58 . 2011-11-07 19:12        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-09-03 18:41 . 2011-11-15 14:50        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-08-29 07:33 . 2012-04-14 06:34        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-29 07:33 . 2011-08-12 07:32        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2012-01-05 17:42        359464        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-01-05 17:42        969200        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-01-05 17:42        59728        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-03-27 17:01        54072        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-01-05 17:42        71600        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-01-05 17:42        25232        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-01-05 17:42        41224        ----a-w-        c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-01-05 17:42        227648        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-01-05 17:42        285328        ----a-w-        c:\windows\system32\aswBoot.exe
2012-07-18 18:15 . 2012-08-16 15:02        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-16 15:02        73216        ----a-w-        c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 15:02        59392        ----a-w-        c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 15:02        136704        ----a-w-        c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 15:02        41984        ----a-w-        c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-17 10:29        17809920        ----a-w-        c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-17 10:29        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-17 10:29        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-17 10:29        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-17 10:29        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-17 10:29        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-17 10:29        237056        ----a-w-        c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-17 10:29        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-17 10:29        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-17 10:29        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-17 10:29        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-17 10:30        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-17 10:30        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-17 10:29        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-17 10:29        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-17 10:29        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-17 10:29        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-17 10:29        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-17 10:30        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-06-25 14:04 . 2012-06-25 14:04        1394248        ----a-w-        c:\windows\SysWow64\msxml4.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-05-07 160840]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\M***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files (x86)\Stickies\stickies.exe [2012-2-18 1130496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
.print Client Windows.lnk - c:\windows\Installer\{FBB862E3-4F8F-4C7C-8D15-1A9FB16A3E41}\sc_client12_FBB862E34F8F4C7C8D151A9FB16A3E41.exe [2011-12-5 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-30 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-11-19 12800]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-09-08 28992]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-12 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-12 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-12 62776]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2009-11-19 20992]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-11-15 50688]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-11-15 948224]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-11-15 690688]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-09-08 2253120]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11        133400        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\M***\AppData\Roaming\Mozilla\Firefox\Profiles\kqnr87ue.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{96D198CA-AE1F-4A5E-96AB-77376BD08A62} - c:\users\M***\AppData\Local\{8C1F383F-034C-474D-BCAF-641BEF5CAE38}\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager.9.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-21  18:06:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-21 16:06
.
Vor Suchlauf: 13 Verzeichnis(se), 357.559.713.792 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 357.032.787.968 Bytes frei
.
- - End Of File - - 3E5F082A840F9C1BD4B6BA5D888C5B5A
--- --- ---

--- --- ---

cosinus 21.09.2012 21:07
hast du gut gemacht so http://cosgan.de/images/smilie/liebe/n020.gif

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

meheeco 23.09.2012 08:23
weiter gehts...

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-23 08:44:26
Windows 6.1.7601 Service Pack 1
Running: e5lo8jt6.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                    771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                    285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                    1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                  0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                0x40 0xA4 0xEF 0xB0 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                      0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                    0x40 0xA4 0xEF 0xB0 ...

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 08:58:09 on 23.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"NTIDrvr" (NTIDrvr) - "NTI Corporation" - C:\Windows\system32\drivers\NTIDrvr.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"UBHelper" (UBHelper) - "NTI Corporation" - C:\Windows\system32\drivers\UBHelper.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout64" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "Free Download Manager" - ? - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll  (Hidden registry entry, rootkit activity | File signed by Microsoft)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\m***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Stickies.lnk" - "Zhorn Software" - C:\Program Files (x86)\Stickies\stickies.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
".print Client Windows.lnk" - "ThinPrint GmbH" - C:\Program Files (x86)\ThinPrint Client\Thnclnt32.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"BackupManagerTray" - "NTI Corporation" - "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
"Dolby Advanced Audio v2" - "Dolby Laboratories Inc." - "C:\Dolby PCEE4\pcee4.exe" -autostart
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe
"PDFPrint" - "Geek Software GmbH" - C:\Program Files (x86)\PDF24\pdf24.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"SuiteTray" - "Egis Technology Inc." - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
"EgisTec Ticket Service" (EgisTec Ticket Service) - "Egis Technology Inc. " - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
"ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"GREGService" (GREGService) - "Acer Incorporated" - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Intel(R) Turbo Boost Technology Monitor 2.0" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Live Updater Service" (Live Updater Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NTI Corporation" - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ShrewSoft DNS Proxy Daemon" (dtpd) - ? - C:\Program Files\ShrewSoft\VPN Client\dtpd.exe  (File found, but it contains no detailed information)
"ShrewSoft IKE Daemon" (iked) - ? - C:\Program Files\ShrewSoft\VPN Client\iked.exe  (File found, but it contains no detailed information)
"ShrewSoft IPSEC Daemon" (ipsecd) - ? - C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe  (File found, but it contains no detailed information)
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-23 09:03:03
-----------------------------
09:03:03.911    OS Version: Windows x64 6.1.7601 Service Pack 1
09:03:03.911    Number of processors: 4 586 0x2A07
09:03:03.911    ComputerName: ****  UserName: m***
09:03:05.081    Initialize success
09:03:05.175    AVAST engine defs: 12092201
09:03:45.719    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:03:45.735    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:03:45.750    Disk 0 MBR read successfully
09:03:45.750    Disk 0 MBR scan
09:03:45.766    Disk 0 Windows 7 default MBR code
09:03:45.766    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        18432 MB offset 2048
09:03:45.781    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 37750784
09:03:45.813    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      458406 MB offset 37955584
09:03:45.828    Disk 0 scanning C:\Windows\system32\drivers
09:03:51.538    Service scanning
09:04:03.862    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
09:04:08.557    Modules scanning
09:04:08.573    Disk 0 trace - called modules:
09:04:08.589    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
09:04:08.589    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007593060]
09:04:08.604    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80050c9050]
09:04:09.571    AVAST engine scan C:\Windows
09:04:12.223    AVAST engine scan C:\Windows\system32
09:05:38.542    AVAST engine scan C:\Windows\system32\drivers
09:05:46.561    AVAST engine scan C:\Users\m***
09:07:35.777    AVAST engine scan C:\ProgramData
09:08:32.717    Scan finished successfully
09:08:54.058    Disk 0 MBR has been saved successfully to "C:\Users\m***\Desktop\MBR.dat"
09:08:54.058    The log file has been saved successfully to "C:\Users\m***\Desktop\aswMBR.txt"
aswMBR scheint funktioniert zu haben, hat mich aber nicht gefragt, ob ich mit der aktuellen Virendefinition von AVAST! scannen möchte.

cosinus 23.09.2012 16:51
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

meheeco 27.09.2012 19:03
Sorry, dass es so lange gedauert hat. Hier die beiden Posts:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/26/2012 at 09:52 PM

Application Version : 5.5.1016

Core Rules Database Version : 9295
Trace Rules Database Version: 7107

Scan type      : Complete Scan
Total Scan Time : 01:20:51

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 734
Memory threats detected  : 0
Registry items scanned    : 70406
Registry threats detected : 0
File items scanned        : 170146
File threats detected    : 228

Adware.Tracking Cookie
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DH9WQ06.txt [ Cookie:D***@tradedoubler.com/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\5G21HXHW.txt [ Cookie:D***@doubleclick.net/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\S2CMUNCI.txt [ Cookie:D***@ad3.adfarm1.adition.com/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\3JAZP3I6.txt [ Cookie:D***@traffictrack.de/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\4RNT2RL4.txt [ Cookie:D***@tracking.quisma.com/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\C9MEUKE1.txt [ Cookie:D***@adfarm1.adition.com/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y1Z5L8AJ.txt [ Cookie:D***@specificclick.net/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\FX7IZZG8.txt [ Cookie:D***@atdmt.com/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NUMOO0X.txt [ Cookie:D***@webmasterplan.com/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z28DC6SQ.txt [ Cookie:D***@zanox.com/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\CVY69OQT.txt [ Cookie:D***@imrworldwide.com/cgi-bin ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\YQ212G0H.txt [ Cookie:D***@studivz.adfarm1.adition.com/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\37B06D27.txt [ Cookie:D***@serving-sys.com/ ]
        C:\USERS\D***\AppData\Roaming\Microsoft\Windows\Cookies\Low\YIKTO1L5.txt [ Cookie:D***@ad4.adfarm1.adition.com/ ]
        ad.yieldmanager.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .tradetracker.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        studivz.adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        tracking.tchibo.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .countomat.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        track.zalando.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        media.gan-online.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .generaltracking.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .cunda.122.2o7.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .brucespringsteen.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .brucespringsteen.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .brucespringsteen.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .w3counter.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .loyaltypartner.122.2o7.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\D***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WVKZG9L.DEFAULT\COOKIES.SQLITE ]
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.25.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
M*** :: **** [Administrator]

25.09.2012 20:07:40
mbam-log-2012-09-25 (20-07-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 396783
Laufzeit: 41 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Geschafft?

cosinus 27.09.2012 20:49
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

meheeco 29.09.2012 06:47
Vielen Dank, Cosinus.

Scheint alles zu funktionieren. Das mit den Cookies ist mir bekannt. Ich selber surfe immer im privaten Modus. Meine Freundin ist nur der Meinung, dass man das nur macht, wenn man etwas zu verbergen hat, daher nimmt sie das nicht so genau mit Cookies, Cache und Verlauf löschen etc.
Ich werde ihr mal ins Gewissen reden und mir selber diese MVPS Hosts File-Sache zu Herzen nehmen.
Sonst bleibt mir nur, nochmal Danke zu sagen und die ganzen Scanner und Logs zu löschen. Ich nehme an, ich brauche die nicht mehr.

Gruß
meheeco

cosinus 01.10.2012 09:40
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:17 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131