Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner/Virus sbcvvhost_win86 behindert Zugriff auf Windows in allem Modi (https://www.trojaner-board.de/106898-trojaner-virus-sbcvvhost_win86-behindert-zugriff-windows-allem-modi.html)

cosinus 31.12.2011 15:22
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll File not found
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\4.7\freeripToolbarIE.dll File not found
O2 - BHO: (no name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found.
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (FreeRIP Toolbar) - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files (x86)\FreeRIP Toolbar\IE\4.7\freeripToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7242f609-0e0f-11e0-8158-001966d640e5}\Shell - "" = AutoRun
O33 - MountPoints2\{7242f609-0e0f-11e0-8158-001966d640e5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{975257b6-4a65-11df-b326-001966d640e5}\Shell - "" = AutoRun
O33 - MountPoints2\{975257b6-4a65-11df-b326-001966d640e5}\Shell\AutoRun\command - "" = E:\TmUnitedForever_Setup.exe
:Files
C:\Windows\Internet Logs
C:\Users\garry\AppData\Roaming\CheckPoint
C:\Program Files\CheckPoint
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Winamp Toolbar
C:\Program Files (x86)\FreeRIP Toolbar
C:\Program Files (x86)\AskTBar
C:\Program Files (x86)\PriceGong
C:\Program Files (x86)\Skype\Toolbars
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Doppelgrunz 31.12.2011 19:34
Okay, alles ausgeführt. Hier ist der log.

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E634228A-03CF-4BC8-B0AB-668257F1FD8C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search\ deleted successfully.
C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search\ not found.
File C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7242f609-0e0f-11e0-8158-001966d640e5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7242f609-0e0f-11e0-8158-001966d640e5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7242f609-0e0f-11e0-8158-001966d640e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7242f609-0e0f-11e0-8158-001966d640e5}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{975257b6-4a65-11df-b326-001966d640e5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{975257b6-4a65-11df-b326-001966d640e5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{975257b6-4a65-11df-b326-001966d640e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{975257b6-4a65-11df-b326-001966d640e5}\ not found.
File E:\TmUnitedForever_Setup.exe not found.
========== FILES ==========
C:\Windows\Internet Logs folder moved successfully.
C:\Users\garry\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Users\garry\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Users\garry\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Users\garry\AppData\Roaming\CheckPoint folder moved successfully.
C:\Program Files\CheckPoint\ZAForceField folder moved successfully.
C:\Program Files\CheckPoint folder moved successfully.
File\Folder C:\Program Files (x86)\Ask.com not found.
File\Folder C:\Program Files (x86)\Winamp Toolbar not found.
File\Folder C:\Program Files (x86)\FreeRIP Toolbar not found.
C:\Program Files (x86)\AskTBar\bar\Settings folder moved successfully.
C:\Program Files (x86)\AskTBar\bar\History folder moved successfully.
C:\Program Files (x86)\AskTBar\bar\Cache folder moved successfully.
C:\Program Files (x86)\AskTBar\bar\1.bin folder moved successfully.
C:\Program Files (x86)\AskTBar\bar folder moved successfully.
C:\Program Files (x86)\AskTBar folder moved successfully.
File\Folder C:\Program Files (x86)\PriceGong not found.
C:\Program Files (x86)\Skype\Toolbars\Shared folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\Skype\Toolbars folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: garry
->Temp folder emptied: 2341645893 bytes
->Temporary Internet Files folder emptied: 375084580 bytes
->Java cache emptied: 82106 bytes
->FireFox cache emptied: 74228937 bytes
->Flash cache emptied: 7516 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109531886 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119624 bytes
RecycleBin emptied: 8322817 bytes
 
Total Files Cleaned = 2.776,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12312011_192216

Files\Folders moved on Reboot...
C:\Users\garry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Wie gehts weiter?

cosinus 02.01.2012 11:13
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Doppelgrunz 02.01.2012 12:53
Hallo Arne,

hier der log des TDSS Killers.

Code:
12:28:58.0798 1864        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:28:58.0971 1864        ============================================================
12:28:58.0971 1864        Current date / time: 2012/01/02 12:28:58.0971
12:28:58.0971 1864        SystemInfo:
12:28:58.0971 1864       
12:28:58.0972 1864        OS Version: 6.1.7601 ServicePack: 1.0
12:28:58.0972 1864        Product type: Workstation
12:28:58.0972 1864        ComputerName: LARRY
12:28:58.0973 1864        UserName: garry
12:28:58.0974 1864        Windows directory: C:\Windows
12:28:58.0974 1864        System windows directory: C:\Windows
12:28:58.0974 1864        Running under WOW64
12:28:58.0974 1864        Processor architecture: Intel x64
12:28:58.0974 1864        Number of processors: 2
12:28:58.0974 1864        Page size: 0x1000
12:28:58.0974 1864        Boot type: Normal boot
12:28:58.0974 1864        ============================================================
12:28:59.0804 1864        Initialize success
12:29:36.0984 3012        ============================================================
12:29:36.0984 3012        Scan started
12:29:36.0984 3012        Mode: Manual; SigCheck; TDLFS;
12:29:36.0984 3012        ============================================================
12:29:37.0689 3012        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:29:37.0817 3012        1394ohci - ok
12:29:37.0892 3012        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:29:37.0913 3012        ACPI - ok
12:29:37.0930 3012        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:29:37.0991 3012        AcpiPmi - ok
12:29:38.0033 3012        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:29:38.0058 3012        adp94xx - ok
12:29:38.0078 3012        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:29:38.0091 3012        adpahci - ok
12:29:38.0117 3012        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:29:38.0128 3012        adpu320 - ok
12:29:38.0191 3012        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:29:38.0235 3012        AFD - ok
12:29:38.0279 3012        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:29:38.0295 3012        agp440 - ok
12:29:38.0331 3012        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:29:38.0344 3012        aliide - ok
12:29:38.0356 3012        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:29:38.0370 3012        amdide - ok
12:29:38.0395 3012        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:29:38.0442 3012        AmdK8 - ok
12:29:38.0472 3012        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:29:38.0493 3012        AmdPPM - ok
12:29:38.0527 3012        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:29:38.0536 3012        amdsata - ok
12:29:38.0551 3012        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:29:38.0562 3012        amdsbs - ok
12:29:38.0579 3012        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:29:38.0588 3012        amdxata - ok
12:29:38.0628 3012        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:29:38.0731 3012        AppID - ok
12:29:38.0781 3012        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:29:38.0790 3012        arc - ok
12:29:38.0808 3012        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:29:38.0817 3012        arcsas - ok
12:29:38.0848 3012        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:38.0942 3012        AsyncMac - ok
12:29:39.0007 3012        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:29:39.0015 3012        atapi - ok
12:29:39.0058 3012        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
12:29:39.0111 3012        avgntflt - ok
12:29:39.0178 3012        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
12:29:39.0190 3012        avipbb - ok
12:29:39.0226 3012        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:29:39.0277 3012        b06bdrv - ok
12:29:39.0301 3012        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:29:39.0344 3012        b57nd60a - ok
12:29:39.0373 3012        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:29:39.0423 3012        Beep - ok
12:29:39.0468 3012        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:29:39.0491 3012        blbdrive - ok
12:29:39.0542 3012        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:29:39.0576 3012        bowser - ok
12:29:39.0604 3012        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:29:39.0653 3012        BrFiltLo - ok
12:29:39.0670 3012        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:29:39.0683 3012        BrFiltUp - ok
12:29:39.0706 3012        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:29:39.0736 3012        Brserid - ok
12:29:39.0754 3012        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:29:39.0775 3012        BrSerWdm - ok
12:29:39.0792 3012        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:29:39.0810 3012        BrUsbMdm - ok
12:29:39.0824 3012        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:29:39.0845 3012        BrUsbSer - ok
12:29:39.0861 3012        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:29:39.0882 3012        BTHMODEM - ok
12:29:39.0918 3012        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:29:39.0949 3012        cdfs - ok
12:29:39.0977 3012        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:29:39.0995 3012        cdrom - ok
12:29:40.0018 3012        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:29:40.0039 3012        circlass - ok
12:29:40.0083 3012        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:29:40.0105 3012        CLFS - ok
12:29:40.0146 3012        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:29:40.0165 3012        CmBatt - ok
12:29:40.0197 3012        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:29:40.0212 3012        cmdide - ok
12:29:40.0258 3012        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
12:29:40.0289 3012        CNG - ok
12:29:40.0301 3012        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:29:40.0309 3012        Compbatt - ok
12:29:40.0334 3012        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:29:40.0364 3012        CompositeBus - ok
12:29:40.0379 3012        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:29:40.0387 3012        crcdisk - ok
12:29:40.0443 3012        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:29:40.0478 3012        DfsC - ok
12:29:40.0512 3012        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:29:40.0541 3012        discache - ok
12:29:40.0569 3012        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:29:40.0579 3012        Disk - ok
12:29:40.0608 3012        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:29:40.0631 3012        drmkaud - ok
12:29:40.0684 3012        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:29:40.0715 3012        DXGKrnl - ok
12:29:40.0788 3012        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:29:40.0866 3012        ebdrv - ok
12:29:40.0900 3012        ElbyCDIO        (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:29:40.0908 3012        ElbyCDIO - ok
12:29:40.0937 3012        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:29:40.0953 3012        elxstor - ok
12:29:40.0982 3012        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:29:41.0010 3012        ErrDev - ok
12:29:41.0050 3012        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:29:41.0083 3012        exfat - ok
12:29:41.0110 3012        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:29:41.0150 3012        fastfat - ok
12:29:41.0173 3012        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:29:41.0201 3012        fdc - ok
12:29:41.0229 3012        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:29:41.0238 3012        FileInfo - ok
12:29:41.0252 3012        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:29:41.0290 3012        Filetrace - ok
12:29:41.0310 3012        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:29:41.0329 3012        flpydisk - ok
12:29:41.0377 3012        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:29:41.0398 3012        FltMgr - ok
12:29:41.0418 3012        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:29:41.0427 3012        FsDepends - ok
12:29:41.0443 3012        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:29:41.0453 3012        Fs_Rec - ok
12:29:41.0478 3012        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:29:41.0491 3012        fvevol - ok
12:29:41.0505 3012        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:29:41.0514 3012        gagp30kx - ok
12:29:41.0543 3012        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:29:41.0568 3012        hcw85cir - ok
12:29:41.0617 3012        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:29:41.0649 3012        HdAudAddService - ok
12:29:41.0683 3012        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:29:41.0713 3012        HDAudBus - ok
12:29:41.0745 3012        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:29:41.0766 3012        HidBatt - ok
12:29:41.0780 3012        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:29:41.0805 3012        HidBth - ok
12:29:41.0820 3012        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:29:41.0833 3012        HidIr - ok
12:29:41.0873 3012        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:29:41.0899 3012        HidUsb - ok
12:29:41.0936 3012        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:29:41.0945 3012        HpSAMD - ok
12:29:41.0994 3012        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:29:42.0037 3012        HTTP - ok
12:29:42.0081 3012        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:29:42.0090 3012        hwpolicy - ok
12:29:42.0129 3012        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:29:42.0140 3012        i8042prt - ok
12:29:42.0173 3012        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:29:42.0187 3012        iaStorV - ok
12:29:42.0228 3012        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:29:42.0237 3012        iirsp - ok
12:29:42.0259 3012        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:29:42.0268 3012        intelide - ok
12:29:42.0287 3012        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:29:42.0306 3012        intelppm - ok
12:29:42.0344 3012        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:42.0372 3012        IpFilterDriver - ok
12:29:42.0411 3012        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:29:42.0423 3012        IPMIDRV - ok
12:29:42.0439 3012        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:29:42.0478 3012        IPNAT - ok
12:29:42.0495 3012        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:29:42.0519 3012        IRENUM - ok
12:29:42.0565 3012        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:29:42.0577 3012        isapnp - ok
12:29:42.0610 3012        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:29:42.0630 3012        iScsiPrt - ok
12:29:42.0646 3012        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:29:42.0660 3012        kbdclass - ok
12:29:42.0685 3012        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:29:42.0702 3012        kbdhid - ok
12:29:42.0737 3012        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
12:29:42.0747 3012        KSecDD - ok
12:29:42.0793 3012        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
12:29:42.0810 3012        KSecPkg - ok
12:29:42.0842 3012        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:29:42.0898 3012        ksthunk - ok
12:29:42.0920 3012        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:29:42.0957 3012        lltdio - ok
12:29:42.0985 3012        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:29:42.0994 3012        LSI_FC - ok
12:29:43.0007 3012        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:29:43.0017 3012        LSI_SAS - ok
12:29:43.0029 3012        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:29:43.0038 3012        LSI_SAS2 - ok
12:29:43.0058 3012        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:29:43.0068 3012        LSI_SCSI - ok
12:29:43.0093 3012        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:29:43.0131 3012        luafv - ok
12:29:43.0176 3012        LVRS64          (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
12:29:43.0193 3012        LVRS64 - ok
12:29:43.0286 3012        LVUVC64        (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
12:29:43.0384 3012        LVUVC64 - ok
12:29:43.0415 3012        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:29:43.0422 3012        MBAMProtector - ok
12:29:43.0450 3012        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:29:43.0458 3012        megasas - ok
12:29:43.0478 3012        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:29:43.0490 3012        MegaSR - ok
12:29:43.0513 3012        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:29:43.0552 3012        Modem - ok
12:29:43.0571 3012        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:29:43.0595 3012        monitor - ok
12:29:43.0634 3012        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:29:43.0642 3012        mouclass - ok
12:29:43.0656 3012        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:29:43.0667 3012        mouhid - ok
12:29:43.0695 3012        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:29:43.0705 3012        mountmgr - ok
12:29:43.0731 3012        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:29:43.0741 3012        mpio - ok
12:29:43.0767 3012        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:29:43.0810 3012        mpsdrv - ok
12:29:43.0842 3012        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:29:43.0865 3012        MRxDAV - ok
12:29:43.0906 3012        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:43.0934 3012        mrxsmb - ok
12:29:43.0977 3012        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:44.0009 3012        mrxsmb10 - ok
12:29:44.0042 3012        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:44.0054 3012        mrxsmb20 - ok
12:29:44.0088 3012        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:29:44.0097 3012        msahci - ok
12:29:44.0113 3012        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:29:44.0122 3012        msdsm - ok
12:29:44.0167 3012        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:29:44.0204 3012        Msfs - ok
12:29:44.0216 3012        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:29:44.0251 3012        mshidkmdf - ok
12:29:44.0269 3012        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:29:44.0278 3012        msisadrv - ok
12:29:44.0301 3012        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:29:44.0335 3012        MSKSSRV - ok
12:29:44.0359 3012        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:44.0397 3012        MSPCLOCK - ok
12:29:44.0426 3012        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:29:44.0463 3012        MSPQM - ok
12:29:44.0504 3012        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:29:44.0518 3012        MsRPC - ok
12:29:44.0552 3012        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:29:44.0561 3012        mssmbios - ok
12:29:44.0580 3012        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:29:44.0619 3012        MSTEE - ok
12:29:44.0637 3012        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:29:44.0653 3012        MTConfig - ok
12:29:44.0669 3012        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:29:44.0694 3012        Mup - ok
12:29:44.0724 3012        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:29:44.0747 3012        NativeWifiP - ok
12:29:44.0815 3012        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:29:44.0836 3012        NDIS - ok
12:29:44.0853 3012        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:29:44.0883 3012        NdisCap - ok
12:29:44.0896 3012        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:44.0936 3012        NdisTapi - ok
12:29:44.0959 3012        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:45.0002 3012        Ndisuio - ok
12:29:45.0033 3012        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:45.0071 3012        NdisWan - ok
12:29:45.0112 3012        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:29:45.0144 3012        NDProxy - ok
12:29:45.0173 3012        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:29:45.0210 3012        NetBIOS - ok
12:29:45.0267 3012        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:29:45.0321 3012        NetBT - ok
12:29:45.0381 3012        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:29:45.0390 3012        nfrd960 - ok
12:29:45.0420 3012        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:29:45.0456 3012        Npfs - ok
12:29:45.0482 3012        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:29:45.0524 3012        nsiproxy - ok
12:29:45.0580 3012        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:29:45.0637 3012        Ntfs - ok
12:29:45.0660 3012        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:29:45.0697 3012        Null - ok
12:29:45.0927 3012        nvlddmkm        (ac8cbe9a0663e88f6429ee5530d5e32b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:29:46.0210 3012        nvlddmkm - ok
12:29:46.0282 3012        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:29:46.0299 3012        nvraid - ok
12:29:46.0318 3012        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:29:46.0328 3012        nvstor - ok
12:29:46.0364 3012        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:29:46.0375 3012        nv_agp - ok
12:29:46.0405 3012        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:29:46.0440 3012        ohci1394 - ok
12:29:46.0472 3012        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:29:46.0484 3012        Parport - ok
12:29:46.0532 3012        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:29:46.0541 3012        partmgr - ok
12:29:46.0579 3012        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:29:46.0589 3012        pci - ok
12:29:46.0622 3012        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:29:46.0631 3012        pciide - ok
12:29:46.0650 3012        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:29:46.0662 3012        pcmcia - ok
12:29:46.0686 3012        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:29:46.0695 3012        pcw - ok
12:29:46.0720 3012        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:29:46.0768 3012        PEAUTH - ok
12:29:46.0839 3012        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:29:46.0877 3012        PptpMiniport - ok
12:29:46.0892 3012        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:29:46.0908 3012        Processor - ok
12:29:46.0952 3012        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:29:46.0994 3012        Psched - ok
12:29:47.0032 3012        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:29:47.0077 3012        ql2300 - ok
12:29:47.0101 3012        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:29:47.0111 3012        ql40xx - ok
12:29:47.0131 3012        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:29:47.0156 3012        QWAVEdrv - ok
12:29:47.0172 3012        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:29:47.0210 3012        RasAcd - ok
12:29:47.0235 3012        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:29:47.0264 3012        RasAgileVpn - ok
12:29:47.0310 3012        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:47.0368 3012        Rasl2tp - ok
12:29:47.0397 3012        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:47.0439 3012        RasPppoe - ok
12:29:47.0456 3012        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:29:47.0496 3012        RasSstp - ok
12:29:47.0535 3012        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:29:47.0576 3012        rdbss - ok
12:29:47.0587 3012        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:29:47.0611 3012        rdpbus - ok
12:29:47.0623 3012        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:47.0662 3012        RDPCDD - ok
12:29:47.0682 3012        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:29:47.0723 3012        RDPENCDD - ok
12:29:47.0736 3012        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:29:47.0766 3012        RDPREFMP - ok
12:29:47.0797 3012        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:29:47.0842 3012        RDPWD - ok
12:29:47.0875 3012        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:29:47.0885 3012        rdyboost - ok
12:29:47.0926 3012        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:29:47.0969 3012        rspndr - ok
12:29:47.0999 3012        RTL8167        (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:29:48.0012 3012        RTL8167 - ok
12:29:48.0040 3012        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:29:48.0051 3012        sbp2port - ok
12:29:48.0095 3012        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:29:48.0149 3012        scfilter - ok
12:29:48.0188 3012        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:29:48.0227 3012        secdrv - ok
12:29:48.0252 3012        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:29:48.0264 3012        Serenum - ok
12:29:48.0282 3012        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:29:48.0305 3012        Serial - ok
12:29:48.0336 3012        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:29:48.0347 3012        sermouse - ok
12:29:48.0389 3012        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:29:48.0412 3012        sffdisk - ok
12:29:48.0419 3012        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:29:48.0441 3012        sffp_mmc - ok
12:29:48.0448 3012        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:29:48.0477 3012        sffp_sd - ok
12:29:48.0504 3012        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:29:48.0525 3012        sfloppy - ok
12:29:48.0556 3012        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:29:48.0566 3012        SiSRaid2 - ok
12:29:48.0589 3012        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:29:48.0599 3012        SiSRaid4 - ok
12:29:48.0623 3012        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:29:48.0662 3012        Smb - ok
12:29:48.0705 3012        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:29:48.0713 3012        spldr - ok
12:29:48.0757 3012        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
12:29:48.0757 3012        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
12:29:48.0759 3012        sptd ( LockedFile.Multi.Generic ) - warning
12:29:48.0759 3012        sptd - detected LockedFile.Multi.Generic (1)
12:29:48.0807 3012        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:29:48.0844 3012        srv - ok
12:29:48.0879 3012        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:29:48.0907 3012        srv2 - ok
12:29:48.0952 3012        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:29:48.0980 3012        srvnet - ok
12:29:49.0022 3012        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:29:49.0037 3012        stexstor - ok
12:29:49.0080 3012        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:29:49.0095 3012        swenum - ok
12:29:49.0174 3012        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:29:49.0239 3012        Tcpip - ok
12:29:49.0279 3012        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:29:49.0310 3012        TCPIP6 - ok
12:29:49.0349 3012        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:29:49.0387 3012        tcpipreg - ok
12:29:49.0412 3012        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:29:49.0442 3012        TDPIPE - ok
12:29:49.0452 3012        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:29:49.0489 3012        TDTCP - ok
12:29:49.0529 3012        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:29:49.0570 3012        tdx - ok
12:29:49.0609 3012        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:29:49.0619 3012        TermDD - ok
12:29:49.0662 3012        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:29:49.0699 3012        tssecsrv - ok
12:29:49.0730 3012        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:29:49.0751 3012        TsUsbFlt - ok
12:29:49.0790 3012        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:29:49.0824 3012        tunnel - ok
12:29:49.0847 3012        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:29:49.0857 3012        uagp35 - ok
12:29:49.0893 3012        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:29:49.0934 3012        udfs - ok
12:29:49.0979 3012        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:29:49.0995 3012        uliagpkx - ok
12:29:50.0036 3012        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:29:50.0059 3012        umbus - ok
12:29:50.0081 3012        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:29:50.0108 3012        UmPass - ok
12:29:50.0169 3012        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:29:50.0200 3012        usbaudio - ok
12:29:50.0220 3012        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:29:50.0255 3012        usbccgp - ok
12:29:50.0279 3012        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:29:50.0313 3012        usbcir - ok
12:29:50.0334 3012        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:29:50.0356 3012        usbehci - ok
12:29:50.0406 3012        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:29:50.0434 3012        usbhub - ok
12:29:50.0475 3012        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:29:50.0499 3012        usbohci - ok
12:29:50.0528 3012        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:29:50.0557 3012        usbprint - ok
12:29:50.0578 3012        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:29:50.0606 3012        USBSTOR - ok
12:29:50.0620 3012        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:29:50.0640 3012        usbuhci - ok
12:29:50.0668 3012        VClone          (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
12:29:50.0690 3012        VClone - ok
12:29:50.0728 3012        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:29:50.0743 3012        vdrvroot - ok
12:29:50.0768 3012        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:29:50.0782 3012        vga - ok
12:29:50.0794 3012        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:29:50.0834 3012        VgaSave - ok
12:29:50.0865 3012        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:29:50.0877 3012        vhdmp - ok
12:29:50.0894 3012        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:29:50.0903 3012        viaide - ok
12:29:50.0932 3012        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:29:50.0941 3012        volmgr - ok
12:29:50.0988 3012        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:29:51.0001 3012        volmgrx - ok
12:29:51.0021 3012        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:29:51.0033 3012        volsnap - ok
12:29:51.0064 3012        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:29:51.0075 3012        vsmraid - ok
12:29:51.0099 3012        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:29:51.0121 3012        vwifibus - ok
12:29:51.0138 3012        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:29:51.0155 3012        WacomPen - ok
12:29:51.0190 3012        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:51.0227 3012        WANARP - ok
12:29:51.0241 3012        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:51.0270 3012        Wanarpv6 - ok
12:29:51.0299 3012        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:29:51.0308 3012        Wd - ok
12:29:51.0333 3012        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:29:51.0350 3012        Wdf01000 - ok
12:29:51.0376 3012        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:29:51.0406 3012        WfpLwf - ok
12:29:51.0422 3012        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:29:51.0431 3012        WIMMount - ok
12:29:51.0485 3012        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:29:51.0508 3012        WinUsb - ok
12:29:51.0526 3012        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:29:51.0538 3012        WmiAcpi - ok
12:29:51.0557 3012        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:29:51.0595 3012        ws2ifsl - ok
12:29:51.0635 3012        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:29:51.0674 3012        WudfPf - ok
12:29:51.0705 3012        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:29:51.0742 3012        WUDFRd - ok
12:29:51.0760 3012        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:29:51.0870 3012        \Device\Harddisk0\DR0 - ok
12:29:51.0874 3012        Boot (0x1200)  (1b20caf158eaad23477aa9a8317139d0) \Device\Harddisk0\DR0\Partition0
12:29:51.0875 3012        \Device\Harddisk0\DR0\Partition0 - ok
12:29:51.0876 3012        ============================================================
12:29:51.0877 3012        Scan finished
12:29:51.0877 3012        ============================================================
12:29:51.0892 2804        Detected object count: 1
12:29:51.0892 2804        Actual detected object count: 1
12:48:39.0029 2804        sptd ( LockedFile.Multi.Generic ) - skipped by user
12:48:39.0029 2804        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:48:58.0474 4036        Deinitialize success

Noch kurz ein Hinweis: Ich werde berufsbedingt die nächsten Tage unterwegs sein, und kann deswegen nicht sofort reagieren wenn Du mir den nächsten Schritt schickst. Ich habe hier im Forum gesehen, dass Mandate nach 3 Tagen ohne Rückmeldung niedergelegt werden, und wollte Dich bitten, dies in diesem Fall nicht zu tun. Du kannst mir einfach den nächsten Schritt hier posten und ich werde ihn spätestens nächstes Wochenende ausführen.

Vielen Dank!

cosinus 02.01.2012 14:12
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Doppelgrunz 07.01.2012 15:50
Okay, Combofix ausgeführt und das hier ist die logdatei:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 12-01-06.03 - garry 07.01.2012  15:35:22.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3263.2163 [GMT 1:00]
ausgeführt von:: c:\users\garry\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\garry\AppData\Roaming\dwlGina3.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-07 bis 2012-01-07  ))))))))))))))))))))))))))))))
.
.
2012-01-07 14:39 . 2012-01-07 14:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-07 14:26 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{09363A2A-5C9F-477C-8AD3-440C0B63060B}\mpengine.dll
2011-12-30 03:03 . 2011-12-30 03:03        --------        d-----w-        c:\program files (x86)\ESET
2011-12-30 02:03 . 2011-12-30 02:03        --------        d-----w-        c:\users\garry\AppData\Roaming\Malwarebytes
2011-12-30 02:00 . 2011-12-30 02:00        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-30 02:00 . 2011-12-30 02:00        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-30 02:00 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-27 09:09 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2011-12-27 09:09 . 2011-12-27 03:47        --------        d-----w-        C:\_OTL
2011-12-26 07:10 . 2011-12-26 07:23        --------        d-----w-        C:\Malwarebytes' Anti-Malware
2011-12-25 16:12 . 2011-12-25 19:44        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0
2011-12-18 19:36 . 2011-12-18 19:36        --------        d-----w-        c:\windows\system32\Macromed
2011-12-16 21:37 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-12-16 21:37 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-16 21:37 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-12-16 21:37 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-16 21:37 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 19:38 . 2011-06-12 11:32        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 13:29 . 2010-03-20 17:39        270720        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files (x86)\PPStream\ppsap.exe" [2010-02-24 214408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-05 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-12 281768]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-05 136360]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ           getPlusHelper
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\garry\AppData\Roaming\Mozilla\Firefox\Profiles\if8yly7h.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe
AddRemove-Winamp Toolbar - c:\program files (x86)\Winamp Toolbar\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1749393697-2492884230-3525210288-1000\Software\SecuROM\License information*]
"datasecu"=hex:70,46,99,c5,fa,c7,d6,2c,b3,21,50,40,ef,d9,7e,1d,66,61,11,2e,96,
   91,70,eb,47,d6,29,60,35,94,6b,f9,1c,c2,d4,9a,50,88,9e,29,50,04,fa,b4,d3,90,\
"rkeysecu"=hex:aa,2d,c4,ca,c2,6d,a1,98,6f,68,f0,2b,73,62,35,0c
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\IoctlSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-07  15:44:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-07 14:44
.
Vor Suchlauf: 18 Verzeichnis(se), 389.597.216.768 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 389.068.849.152 Bytes frei
.
- - End Of File - - 918620FEBCD4DDA0CA49433624D43CE9

--- --- ---
Was jetzt?

cosinus 07.01.2012 16:29
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Doppelgrunz 07.01.2012 17:29
Hier die Logdatei:

Code:
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-07 17:03:46
-----------------------------
17:03:46.633    OS Version: Windows x64 6.1.7601 Service Pack 1
17:03:46.636    Number of processors: 2 586 0x170A
17:03:46.637    ComputerName: LARRY  UserName: garry
17:03:49.314    Initialize success
17:06:28.138    AVAST engine defs: 12010700
17:09:41.641    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:09:41.644    Disk 0 Vendor: STM3500418AS CC35 Size: 476940MB BusType: 3
17:09:41.653    Disk 0 MBR read successfully
17:09:41.656    Disk 0 MBR scan
17:09:41.662    Disk 0 Windows 7 default MBR code
17:09:41.667    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      476938 MB offset 2048
17:09:41.672    Service scanning
17:09:44.291    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:09:45.398    Modules scanning
17:09:45.403    Disk 0 trace - called modules:
17:09:45.423    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80033d92c0]<<
17:09:45.426    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800368f060]
17:09:45.430    3 CLASSPNP.SYS[fffff88001bcb43f] -> nt!IofCallDriver -> [0xfffffa8003517e40]
17:09:45.758    5 ACPI.sys[fffff880010447a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8003544060]
17:09:45.764    \Driver\atapi[0xfffffa80034ecd60] -> IRP_MJ_CREATE -> 0xfffffa80033d92c0
17:09:48.152    AVAST engine scan C:\Windows
17:09:52.813    AVAST engine scan C:\Windows\system32
17:11:47.494    AVAST engine scan C:\Windows\system32\drivers
17:12:00.456    AVAST engine scan C:\Users\garry
17:21:46.428    AVAST engine scan C:\ProgramData
17:23:11.112    Scan finished successfully
17:27:36.664    Disk 0 MBR has been saved successfully to "C:\Users\garry\Downloads\MBR.dat"
17:27:36.669    The log file has been saved successfully to "C:\Users\garry\Downloads\aswMBR.txt"
Kurz eine Frage: Wieviele Schritte sind es noch? Kannst Du mir kurz sagen, wonach wir eigentlich suchen? Vielen Dank!

cosinus 07.01.2012 17:48
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Doppelgrunz 08.01.2012 01:26
Malwarebytes Scan:

Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
garry :: LARRY [Administrator]

Schutz: Aktiviert

07.01.2012 20:18:57
mbam-log-2012-01-07 (20-18-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 370549
Laufzeit: 44 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
SASW log:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/07/2012 at 09:21 PM

Application Version : 5.0.1142

Core Rules Database Version : 8112
Trace Rules Database Version: 5924

Scan type      : Quick Scan
Total Scan Time : 00:09:59

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 550
Memory threats detected  : 0
Registry items scanned    : 61305
Registry threats detected : 0
File items scanned        : 28358
File threats detected    : 426

Adware.Tracking Cookie
        C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\M1C0K6UZ.txt [ /2o7.net ]
        C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\VG2D09JU.txt [ /atdmt.com ]
        C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\REFAT3GM.txt [ /questionmarket.com ]
        C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\EP45TYQQ.txt [ /c.atdmt.com ]
        C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\E8T9GQKN.txt [ /doubleclick.net ]
        C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\QYIN0OVB.txt [ /mediav.com ]
        C:\Users\garry\AppData\Roaming\Microsoft\Windows\Cookies\ZMYE3S63.txt [ /microsoftwllivemkt.112.2o7.net ]
        C:\USERS\GARRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\VAL06FFD.txt [ Cookie:garry@2o7.net/ ]
        C:\USERS\GARRY\AppData\Roaming\Microsoft\Windows\Cookies\Low\WX79CELJ.txt [ Cookie:garry@atdmt.com/ ]
        C:\USERS\GARRY\Cookies\M1C0K6UZ.txt [ Cookie:garry@2o7.net/ ]
        C:\USERS\GARRY\Cookies\VG2D09JU.txt [ Cookie:garry@atdmt.com/ ]
        C:\USERS\GARRY\Cookies\REFAT3GM.txt [ Cookie:garry@questionmarket.com/ ]
        C:\USERS\GARRY\Cookies\EP45TYQQ.txt [ Cookie:garry@c.atdmt.com/ ]
        C:\USERS\GARRY\Cookies\E8T9GQKN.txt [ Cookie:garry@doubleclick.net/ ]
        C:\USERS\GARRY\Cookies\QYIN0OVB.txt [ Cookie:garry@mediav.com/ ]
        .doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        adserver.adreactor.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        lyricfind.rotator.hadj7.adjuggler.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ads.247activemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        adsrv1.admediate.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .leylines.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .leylines.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .leylines.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .leylines.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .autoscout24.112.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        medianac.nacamar.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .germanwings.112.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .opodo.122.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        airfrance.bannerfactory.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tracking.mindshare.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .content.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.ad-track.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        fl01.ct2.comclick.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ads.adxvalue.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .pmu3.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .pmu3.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .pmu3.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .pmu3.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .openstat.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .spylog.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .h.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .h.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .h.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .h.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .c.atdmt.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        webclickmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        webclickengine.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .sfr.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .sfr.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .sfr.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .sfr.solution.weborama.fr [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        adserver2.clipkit.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .viacom.adbureau.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .viacom.adbureau.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .viacom.adbureau.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adlegend.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adlegend.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ad-emea.doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .at.atwola.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .blogads.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .blogads.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IF8YLY7H.DEFAULT\COOKIES.SQLITE ]
ESET scan

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35f9a08f42ac7f40949d4756a8bcd331
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-30 04:23:46
# local_time=2011-12-30 05:23:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 0 61754917 1103 0
# compatibility_mode=5893 16776573 100 94 0 76844311 0 0
# compatibility_mode=8192 67108863 100 0 3879 3879 0 0
# compatibility_mode=9217 16777214 75 66 11297271 27175163 0 0
# scanned=215441
# found=18
# cleaned=0
# scan_time=4565
C:\Program Files (x86)\AskTBar\bar\1.bin\A5POPSWT.DLL        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Users\garry\AppData\Local\Temp\NERO14992\Toolbar.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
C:\Users\garry\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe        a variant of Win32/SweetIM.B application (unable to clean)        00000000000000000000000000000000        I
C:\Users\garry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\358d72cc-4ecd8dc1        Java/Exploit.CVE-2011-3544.L trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\garry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\150cad71-34025faa        Java/Exploit.CVE-2011-3544.L trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\garry\Downloads\freeripmp3.61-setup.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\garry\Downloads\SoftonicDownloader_fuer_magix-mp3-maker.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\garry\Downloads\SweetImSetup.exe        a variant of Win32/SweetIM.B application (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\40094e8.msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=35f9a08f42ac7f40949d4756a8bcd331
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 10:38:10
# local_time=2012-01-07 11:38:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 0 62512229 21902 0
# compatibility_mode=5893 16776573 100 94 27601 77601623 0 0
# compatibility_mode=8192 67108863 100 0 761191 761191 0 0
# scanned=201068
# found=14
# cleaned=0
# scan_time=4117
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Users\garry\Downloads\freeripmp3.61-setup.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\garry\Downloads\SoftonicDownloader_fuer_magix-mp3-maker.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\garry\Downloads\SweetImSetup.exe        a variant of Win32/SweetIM.B application (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\40094e8.msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12272011_040919\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\12312011_192216\C_Program Files (x86)\AskTBar\bar\1.bin\A5POPSWT.DLL        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
Was jetzt?

cosinus 08.01.2012 01:48
Da sind nur Cookies und ein paar Adware-Reste.
Löschen wir mit OTL

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:
:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Users\garry\Downloads\freeripmp3.61-setup.exe
C:\Users\garry\Downloads\SoftonicDownloader*
C:\Users\garry\Downloads\SweetImSetup.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Doppelgrunz 08.01.2012 03:39
Okay, fix in OTL durchgeführt. Hier das log:

Code:
All processes killed
========== FILES ==========
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Users\garry\Downloads\freeripmp3.61-setup.exe moved successfully.
C:\Users\garry\Downloads\SoftonicDownloader_fuer_magix-mp3-maker.exe moved successfully.
C:\Users\garry\Downloads\SweetImSetup.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: garry
->Temp folder emptied: 176296710 bytes
->Temporary Internet Files folder emptied: 50370571 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 116449226 bytes
->Flash cache emptied: 3255 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 327,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01082012_033454

Files\Folders moved on Reboot...
C:\Users\garry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Was jetzt?

cosinus 08.01.2012 19:56
Ok der Rest wurde auch entfernt. Den Ornder C:\_OTL kannst du jetzt meinetwegen auch löschen
Rechner soweit wieder im Lot?

Doppelgrunz 08.01.2012 20:25
Hallo Arne,

soweit ich es überblicken kann, ist der Rechner jetzt wieder in Ordnung. Ich habe es geschafft, die Desktop Icons wiederbekommen (durch eigene Recherche), und der Task Manager ist auch nicht mehr gesperrt. Ich habe noch nicht alle Programme wieder ausprobiert, aber das wichtigste war ja, erstmal wieder Zugriff auf den Rechner zu bekommen.

Abschließend möchte ich noch sagen, dass ich es wirklich fantastisch finde, dass ihr mir und anderen Computergeplagten hier quasi umsonst aus der Patsche helft! Ich hätte mich über ein wenig mehr Kommunikation gefreut (also dass auch auf meine Fragen mehr eingegangen wird und sie vielleicht auch mal beantwortet werden), aber da ihr sehr viele Anfragen bekommt kann ich schon verstehen, dass dies hier kein Chat ist sondern ein Forum wo einem geholfen wird (auch wenn man nachher nicht wirklich nachvollziehen kann was am Anfang mit dem Rechner schief gelaufen ist oder was genau gemacht wurde um das Problem zu beheben). Auf jeden Fall läuft mein Rechner jetzt wieder, und ich werde jetzt alle Dateien sichern bevor es weitergeht.

Danke nochmal an Dich! :dankeschoen:

Vielleicht noch eine kurze Frage zum Abschluss: Was soll ich mit den Programmen machen, die ich im Zuge unserer Rettungsaktion auf den Computer geladen habe (Malwarebytes, SASW, ESET ...)? Soll ich die genauso löschen wie OTL?

Beste Grüße,
Doppelgrunz

cosinus 08.01.2012 21:28
Zitat:
Ich hätte mich über ein wenig mehr Kommunikation gefreut
Ich beantworte immer Fragen wenn ich das kann aber sowas mach ich wirklich nicht gerne in einer laufenden Bereinigung weil man dann immer wieder vom Thema wegkommt. Ich hab das anfangs mal gemacht aber mittlerweile nicht mehr. Fragen beantowrte ich wenn man soweit durch ist.

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:42 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131