Trojaner-Board
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Firefox - Redirect auf (https://www.trojaner-board.de/122281-firefox-redirect.html)

massalode 06.09.2012 23:33
Hallo Cosinus,

hier das Ergebnis von ComboFix:

Combofix Logfile:
Code:
ComboFix 12-09-06.02 - Jan 06.09.2012  23:46:18.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4091.2456 [GMT 2:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\07439fd5-7039-4014-b635-5bf088a1465b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\programdata\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\programdata\PCDr\6032\AddOnDownloaded\16ab6978-b6b5-41fa-81a1-8bffc55a69b9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6032\AddOnDownloaded\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6032\AddOnDownloaded\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2ee79d71-badc-46b4-b731-42b15f3cd1c3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e4c86d5-a5c1-4c3f-8fc7-6258992b16c5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5e1c102f-bfde-420c-87c0-64fe851888e5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6928cebe-dc61-4564-a488-e19724a8de68.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7014e871-cc3b-4dec-b82b-bc70222b40ed.dll
c:\programdata\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8a6735b1-c078-4648-9416-b6bb29ec3dc1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9ad10df8-6662-488d-9a0f-1fab1ee3403d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9f8591c3-5048-42f7-9553-387b30449f54.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a4930af9-016c-4915-a740-a3364e7618aa.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ac96894a-064b-4c44-a457-9d5aaee7032a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\adb45b82-004f-4eed-bd54-d60d7eda1ff5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b2ed8d53-41ce-48e6-b4ac-8b8e5e1a4fdf.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b9ce760f-6209-48f2-a4a3-695324591c45.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c2690c4c-81f4-4565-a861-643c7af1fa90.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e86f11dd-8b83-43cc-899e-f935ce0a1ea0.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\eb1a169a-7868-4b2c-ae46-52b55b4db151.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\windows\iun6002.exe
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-06 bis 2012-09-06  ))))))))))))))))))))))))))))))
.
.
2012-09-06 22:02 . 2012-09-06 22:02        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-06 13:56 . 2012-09-06 13:56        --------        d-----w-        C:\_OTL
2012-08-30 01:07 . 2012-08-30 01:07        73696        ----a-w-        c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-26 16:35 . 2012-08-26 16:35        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-08-26 16:35 . 2012-08-26 16:35        --------        d-----w-        c:\program files (x86)\Java
2012-08-25 12:26 . 2012-08-25 12:26        --------        d-----w-        c:\programdata\PC-Doctor for Windows
2012-08-24 21:06 . 2012-08-24 21:06        --------        d-----w-        c:\users\Jan\AppData\Roaming\Avira
2012-08-24 21:00 . 2012-07-18 16:04        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-08-24 21:00 . 2012-07-18 16:04        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-08-24 21:00 . 2012-07-18 16:04        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-08-24 20:59 . 2012-08-24 21:00        --------        d-----w-        c:\programdata\Avira
2012-08-24 20:59 . 2012-08-24 20:59        --------        d-----w-        c:\program files (x86)\Avira
2012-08-24 14:16 . 2012-08-01 22:58        9309624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CA832FD-9361-4533-8CE3-C41DF377E7B7}\mpengine.dll
2012-08-18 11:38 . 2012-08-18 11:38        --------        d-----w-        c:\program files (x86)\ESET
2012-08-15 14:00 . 2012-02-11 06:43        751104        ----a-w-        c:\windows\system32\win32spl.dll
2012-08-15 14:00 . 2012-02-11 06:36        559104        ----a-w-        c:\windows\system32\spoolsv.exe
2012-08-15 14:00 . 2012-02-11 06:36        67072        ----a-w-        c:\windows\splwow64.exe
2012-08-15 14:00 . 2012-02-11 05:43        492032        ----a-w-        c:\windows\SysWow64\win32spl.dll
2012-08-15 14:00 . 2012-05-05 08:36        503808        ----a-w-        c:\windows\system32\srcore.dll
2012-08-15 14:00 . 2012-05-05 07:46        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2012-08-15 14:00 . 2012-07-04 22:16        73216        ----a-w-        c:\windows\system32\netapi32.dll
2012-08-15 14:00 . 2012-07-04 22:13        59392        ----a-w-        c:\windows\system32\browcli.dll
2012-08-15 14:00 . 2012-07-04 22:13        136704        ----a-w-        c:\windows\system32\browser.dll
2012-08-15 14:00 . 2012-07-04 21:14        41984        ----a-w-        c:\windows\SysWow64\browcli.dll
2012-08-15 14:00 . 2012-07-18 18:15        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-08-15 14:00 . 2012-05-14 05:26        956928        ----a-w-        c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-06 19:29 . 2012-02-25 00:30        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-09-06 19:29 . 2011-03-05 16:55        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-09-06 19:27 . 2011-03-05 16:55        215128        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-08-24 20:47 . 2012-04-04 07:59        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-24 20:47 . 2011-05-13 13:20        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 16:18 . 2010-01-29 22:14        62134624        ----a-w-        c:\windows\system32\MRT.exe
2012-07-19 01:31 . 2012-06-25 18:14        477168        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-07-19 01:31 . 2010-12-04 14:11        473072        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2011-10-20 21:34        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-11 19:27        14172672        ----a-w-        c:\windows\system32\shell32.dll
2009-08-20 14:29 . 2009-08-20 14:29        9818624        ----a-w-        c:\program files\openofficeorg31.msi
2009-03-26 10:36 . 2009-03-26 10:36        451928        ----a-w-        c:\program files\setup.exe
2002-03-11 09:06 . 2002-03-11 09:06        1822520        ----a-w-        c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45        1708856        ----a-w-        c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 250568]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [2009-10-30 460864]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2009-10-30 49728]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-30 114144]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2009-11-19 12800]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-13 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-11 834544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 69152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2009-11-19 20992]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-18 465360]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2009-11-15 50688]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2009-11-15 948224]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2009-11-15 690688]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-16 17152]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2009-05-14 5435904]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-22 69152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 37723981
*Deregistered* - 37723981
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:47]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 15:12]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-26 15:12]
.
2012-08-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-08-25 05:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-25 171520]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3B326610-3CDF-4B5F-8C10-A6F61629A41A}: NameServer = 134.93.8.13 134.93.8.159
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\npilqiao.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-vShare.tv plugin - c:\program files (x86)\vShare.tv plugin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4038644099-852104679-3176737836-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-07  00:19:02
ComboFix-quarantined-files.txt  2012-09-06 22:18
.
Vor Suchlauf: 14 Verzeichnis(se), 108.501.823.488 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 108.122.013.696 Bytes frei
.
- - End Of File - - CF303D3FCB487A785FBCD85A7BA86952

Gruß
Jan

cosinus 07.09.2012 11:02
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

massalode 07.09.2012 16:58
Hallo Cosinus,

hier die drei Logs:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-07 16:23:40
Windows 6.1.7601 Service Pack 1
Running: nm9f51cs.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x37 0xBA 0x95 0x72 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x30 0xA3 0x99 0xF2 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xD1 0xF8 0x2A 0x0A ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x37 0xBA 0x95 0x72 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x30 0xA3 0x99 0xF2 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xD1 0xF8 0x2A 0x0A ...

---- EOF - GMER 1.0.15 ----
--- --- ---



OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:49:46 on 07.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"PCDoctorBackgroundMonitorTask-Delay.job" - "PC-Doctor, Inc." - C:\Program Files\Dell Support Center\uaclauncher.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys  (File found, but it contains no detailed information)
"PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{1E208CE0-FB7451FF-06020200}_0) - "PC-Doctor, Inc." - c:\program files\dell support center\pcdsrvc_x64.pkms
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files (x86)\WinRAR\rarext.dll
{B41DB860-64E4-11D2-9906-E49FADC173CA} "WinRAR shell extension" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_34" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} "Java Plug-in 1.6.0_34" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_34" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_34.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"Dell DataSafe Online" - ? - "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
"Dell Webcam Central" - "Creative Technology Ltd" - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"Desktop Disc Tool" - ? - "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
"OpwareSE4" - "Nuance Communications, Inc." - "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"ShrewSoft DNS Proxy Daemon" (dtpd) - ? - C:\Program Files\ShrewSoft\VPN Client\dtpd.exe  (File found, but it contains no detailed information)
"ShrewSoft IKE Daemon" (iked) - ? - C:\Program Files\ShrewSoft\VPN Client\iked.exe  (File found, but it contains no detailed information)
"ShrewSoft IPSEC Daemon" (ipsecd) - ? - C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe  (File found, but it contains no detailed information)
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"SoftThinks Agent Service" (SftService) - "SoftThinks" - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---



aswMBR:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-07 16:57:28
-----------------------------
16:57:28.252    OS Version: Windows x64 6.1.7601 Service Pack 1
16:57:28.253    Number of processors: 2 586 0x170A
16:57:28.253    ComputerName: JEAN-LUC  UserName: Jan
16:57:29.731    Initialize success
16:59:34.313    AVAST engine defs: 12090700
16:59:55.293    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:59:55.298    Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
16:59:55.303    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:59:55.303    Disk 1 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
16:59:55.323    Disk 0 MBR read successfully
16:59:55.328    Disk 0 MBR scan
16:59:55.338    Disk 0 unknown MBR code
16:59:55.348    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      39 MB offset 63
16:59:55.413    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
16:59:55.438    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      461899 MB offset 30801920
16:59:55.503    Disk 0 scanning C:\Windows\system32\drivers
17:00:12.588    Service scanning
17:01:08.918    Modules scanning
17:01:09.278    Disk 0 trace - called modules:
17:01:09.333    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:01:09.348    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057bb530]
17:01:09.358    3 CLASSPNP.SYS[fffff88001bbb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004add050]
17:01:10.853    AVAST engine scan C:\Windows
17:01:15.453    AVAST engine scan C:\Windows\system32
17:07:29.828    AVAST engine scan C:\Windows\system32\drivers
17:07:50.633    AVAST engine scan C:\Users\Jan
17:28:33.690    AVAST engine scan C:\ProgramData
17:37:14.979    Scan finished successfully
17:47:59.894    Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
17:47:59.899    The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"
Gruß
Jan

cosinus 10.09.2012 13:41
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

massalode 11.09.2012 15:33
Hallo Cosinus,

hier die beiden Logs:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.10.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JEAN-LUC [Administrator]

11.09.2012 00:34:28
mbam-log-2012-09-11 (00-34-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 531937
Laufzeit: 2 Stunde(n), 31 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/11/2012 at 04:30 PM

Application Version : 5.5.1016

Core Rules Database Version : 9203
Trace Rules Database Version: 7015

Scan type      : Complete Scan
Total Scan Time : 01:30:37

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 827
Memory threats detected  : 0
Registry items scanned    : 66608
Registry threats detected : 0
File items scanned        : 65657
File threats detected    : 238

Adware.Tracking Cookie
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\PLZ70IKV.txt [ /tracking.quisma.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\9L0HR2L0.txt [ /amazon-adsystem.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\06OSXY0J.txt [ /ads.creative-serving.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\Q77OY1NY.txt [ /ad.ad-srv.net ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\L5LRPJU3.txt [ /ad.zanox.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\7S2WDVHT.txt [ /lucidmedia.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\9ZNUXAID.txt [ /atdmt.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\PJ9UQAXM.txt [ /www.zanox-affiliate.de ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\FFV18TEV.txt [ /apmebf.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\3GPN5JAH.txt [ /ad4.adfarm1.adition.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\0PSZLO72.txt [ /olympiaverlag.122.2o7.net ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\3FV1GRL1.txt [ /ad.123-template.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\3SHPBP3T.txt [ /advertising.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\6EH3PTXK.txt [ /adform.net ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\DO3L3J3E.txt [ /imrworldwide.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\7F27QB1E.txt [ /adviva.net ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\IHMKHKH2.txt [ /ru4.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\HWEMRK58.txt [ /zanox-affiliate.de ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\5VLCXGU1.txt [ /track.adform.net ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\VY64HEHE.txt [ /tomtailor.dyntracker.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\C5UUENNA.txt [ /adfarm1.adition.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\ECKF30JC.txt [ /bs.serving-sys.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\32903Y4O.txt [ /traffictrack.de ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\1EIQXQTR.txt [ /tradedoubler.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\SSNLJB3C.txt [ /smartadserver.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\B6DX4DHZ.txt [ /ad.360yield.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\JXH0ZGSV.txt [ /ad.yieldmanager.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\RX3RL4PJ.txt [ /c.atdmt.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\E8P0QF9O.txt [ /serving-sys.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\GEZR9XHV.txt [ /specificclick.net ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\DFY32HTQ.txt [ /statse.webtrendslive.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\09GXF2US.txt [ /tracking.mindshare.de ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\FJTL1930.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\WCRMBKEB.txt [ /fastclick.net ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\FYI5JQAA.txt [ /ad3.adfarm1.adition.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\VM3P643Q.txt [ /invitemedia.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\MPHTUFYW.txt [ /mediaplex.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\855IFJMM.txt [ /ad.dyntracker.de ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\Y2VTX84V.txt [ /webmasterplan.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\T826HK2X.txt [ /revsci.net ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\2CA1PLMN.txt [ /yieldmanager.net ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\EE3Y4J5D.txt [ /doubleclick.net ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\2XE5803S.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\UJC52JDR.txt [ /im.banner.t-online.de ]
        C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Cookies\1P1YMR4O.txt [ /zanox.com ]
        C:\USERS\JAN\Cookies\PLZ70IKV.txt [ Cookie:jan@tracking.quisma.com/ ]
        C:\USERS\JAN\Cookies\9L0HR2L0.txt [ Cookie:jan@amazon-adsystem.com/ ]
        C:\USERS\JAN\Cookies\9ZNUXAID.txt [ Cookie:jan@atdmt.com/ ]
        C:\USERS\JAN\Cookies\FFV18TEV.txt [ Cookie:jan@apmebf.com/ ]
        C:\USERS\JAN\Cookies\0PSZLO72.txt [ Cookie:jan@olympiaverlag.122.2o7.net/ ]
        C:\USERS\JAN\Cookies\3SHPBP3T.txt [ Cookie:jan@advertising.com/ ]
        C:\USERS\JAN\Cookies\6EH3PTXK.txt [ Cookie:jan@adform.net/ ]
        C:\USERS\JAN\Cookies\IHMKHKH2.txt [ Cookie:jan@ru4.com/ ]
        C:\USERS\JAN\Cookies\HWEMRK58.txt [ Cookie:jan@zanox-affiliate.de/ ]
        C:\USERS\JAN\Cookies\VY64HEHE.txt [ Cookie:jan@tomtailor.dyntracker.com/ ]
        C:\USERS\JAN\Cookies\C5UUENNA.txt [ Cookie:jan@adfarm1.adition.com/ ]
        C:\USERS\JAN\Cookies\32903Y4O.txt [ Cookie:jan@traffictrack.de/ ]
        C:\USERS\JAN\Cookies\1EIQXQTR.txt [ Cookie:jan@tradedoubler.com/ ]
        C:\USERS\JAN\Cookies\SSNLJB3C.txt [ Cookie:jan@smartadserver.com/ ]
        C:\USERS\JAN\Cookies\JXH0ZGSV.txt [ Cookie:jan@ad.yieldmanager.com/ ]
        C:\USERS\JAN\Cookies\RX3RL4PJ.txt [ Cookie:jan@c.atdmt.com/ ]
        C:\USERS\JAN\Cookies\E8P0QF9O.txt [ Cookie:jan@serving-sys.com/ ]
        C:\USERS\JAN\Cookies\GEZR9XHV.txt [ Cookie:jan@specificclick.net/ ]
        C:\USERS\JAN\Cookies\DFY32HTQ.txt [ Cookie:jan@statse.webtrendslive.com/ ]
        C:\USERS\JAN\Cookies\09GXF2US.txt [ Cookie:jan@tracking.mindshare.de/ ]
        C:\USERS\JAN\Cookies\FJTL1930.txt [ Cookie:jan@ad1.adfarm1.adition.com/ ]
        C:\USERS\JAN\Cookies\MPHTUFYW.txt [ Cookie:jan@mediaplex.com/ ]
        C:\USERS\JAN\Cookies\Y2VTX84V.txt [ Cookie:jan@webmasterplan.com/ ]
        C:\USERS\JAN\Cookies\EE3Y4J5D.txt [ Cookie:jan@doubleclick.net/ ]
        C:\USERS\JAN\Cookies\2XE5803S.txt [ Cookie:jan@ad2.adfarm1.adition.com/ ]
        C:\USERS\JAN\Cookies\UJC52JDR.txt [ Cookie:jan@im.banner.t-online.de/ ]
        C:\USERS\JAN\Cookies\1P1YMR4O.txt [ Cookie:jan@zanox.com/ ]
        banners.securedataimages.com [ D:\TOSHIBA\BENUTZERDATEN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXRQ4TB2 ]
        media.mtvnservices.com [ D:\TOSHIBA\BENUTZERDATEN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXRQ4TB2 ]
        media.scanscout.com [ D:\TOSHIBA\BENUTZERDATEN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AXRQ4TB2 ]
        .xiti.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .oms.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stat.pinkclusive.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stats.planespotters.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .sevenoneintermedia.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .mtvn.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        dfb.stats.yum.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stat.onestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stat.onestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        tracking.sim-technik.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        ox-d.coedmediagroup.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .histats.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .hearst.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .cbsdigitalmedia.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stats.townnews.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .journalregistercompany.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stats.townnews.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stats.townnews.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stats.townnews.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .clickaider.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        www.elitepvpers.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .elitepvpers.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .daimlerag.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .dmtracker.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .timeinc.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stat.onestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .bravenet.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .bravenet.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .amazonservices.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        spenden.wikimedia.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .moviepilot.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .tripod.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .tripod.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .svzstudivz.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        pluckit.demandmedia.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .bf3stats.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .conrad.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .4fuckr.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .4fuckr.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        tracking.statravel.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        tracking.tennisnet.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        servestats.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        mediathek.daserste.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        mediathek.daserste.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        s07.flagcounter.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .twittercounter.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .twittercounter.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .siemens.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        ox-d.mediadakine.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        wstat.wibiya.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .statsverse.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .statsverse.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .statsverse.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        bfbc2.statsverse.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .microsoftsto.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .ehg-newscientist.hitbox.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .ehg-newscientist.hitbox.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .hitbox.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        wysistat.cie.etat.lu [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        wysistat.cie.etat.lu [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        livestat.derstandard.at [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .eset.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        sitestats.ets.org [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .sussex.ac.uk [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .sussex.ac.uk [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stats.comunio.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .stats.comunio.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .stats.comunio.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stats.comunio.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        edates.traffective-tracking.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        swrmediathek.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .eaeacom.112.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        www.der-schaumstoffdiscounter.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        traffic.brand-wall.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .olympiaverlag.122.2o7.net [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        stats.computecmedia.de [ C:\USERS\JAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPILQIAO.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UL16NTPG.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UL16NTPG.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UL16NTPG.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UL16NTPG.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UL16NTPG.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UL16NTPG.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UL16NTPG.DEFAULT\COOKIES.SQLITE ]
Gruß
Jan

cosinus 11.09.2012 21:19
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

massalode 12.09.2012 00:21
Hallo Cosinus,

sonst scheint alles in Ordnung zu sein, also keine Probleme und auch keine Funde.

Zu den Cookies: Verstehe ich das richtig, dass ich im Prinzip nur diese HOST-Liste regelmäßig updaten muss, wie es auf dieser Seite beschrieben ist und dann werden potentiell schädliche Cookies browserunabhängig anhand dieser Liste blockiert? Es erscheint mir nämlich relativ sinnvoll, solche Cookies nach Möglichkeit gar nicht erst zu akzeptieren ;)

Gruß
Jan

cosinus 12.09.2012 00:34
Ja, ab und zu sollte man da schonmal nach Updates reinschauen
Wegen der Cookies kann man das aber dank des CookieCullers schon fast vernachlässigen, denn erst werden damit ja alle nicht geschützten Cookies gelöscht (die Cookies musst du aber selber auf protected setzen und auch die Einstellung so machen, dass der CookieCuller unprotected Cookies löscht, Firefox selber MUSS alle Cookies annehmen und behalten, Einstellung dann rein über die Erweiterung CookieCuller)

Mit der Hostsfile kommt dein Browser garnicht erst an diese Cookies aber du siehst den größen shice an Werbung auch schon mal nicht ;)

massalode 12.09.2012 01:20
Hallo Cosinus,

alles klar, dann weiß ich Bescheid. Dann werde ich einfach von Zeit zu Zeit die HOST-Liste aktualisieren und sonst einfach alle Cookies immer am Ende der Sitzung löschen. Falls mir dadurch ein nicht hinnehmbarer Nachteil entsteht setze ich die entsprechenden Cookies mit dem CookieCuller auf die Whitelist ;)

Dann möchte ich mich zu guter Letzt natürlich auch noch recht herzlich für Deine Hilfe bedanken! :dankeschoen:

Gruß
Jan


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:21 Uhr.
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132