Trojaner-Board
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Suspicious.Cloud.7.EP (https://www.trojaner-board.de/112217-suspicious-cloud-7-ep.html)

cosinus 29.03.2012 20:08
Also irgendwie hat das nicht geklappt. :balla: Machen wir das mal mit OTL

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL):


Code:
:reg
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"=-
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LWA"=-
"LWB"=-
"LWC"=-
"LWD"=-
"LWE"=-
"LWF"=-
"LWG"=-
"LWH"=-
"LWI"=-
"LWJ"=-
"LWK"=-
"LWL"=-
"LWM"=-
"LWN"=-
"LWO"=-
"LWP"=-
"LWQ"=-
"LWR"=-
"LWS"=-
"LWT"=-
"LWU"=-
"LWV"=-
"LWW"=-
"LWX"=-
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

aloabi 29.03.2012 20:17
ok bin fertig , hier das Log:
Code:
All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableClock deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWA deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWB deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWC deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWD deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWE deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWF deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWG deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWH deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWI deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWJ deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWK deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWL deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWM deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWN deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWO deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWP deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWQ deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWR deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWS deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWT deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWU deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWV deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWW deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\\LWX deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gerhard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gerrit
->Temp folder emptied: 2398 bytes
->Temporary Internet Files folder emptied: 34552 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 327602474 bytes
->Flash cache emptied: 1311 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 313,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Gerhard
 
User: Gerrit
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03292012_211340

Files\Folders moved on Reboot...
C:\Users\Gerrit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

der taskmanager ist immer noch deaktiv, das könnte mein vater gemacht haben ... Mein Vater versuchte jetzt auch den Taskmanager zu deaktivieren bisher ohne Erfolg

cosinus 29.03.2012 21:11
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

aloabi 30.03.2012 12:48
ist schon ok wenn ich quick scan mache

großes problem :
es stürzt nach 4 min immer ab

habe es schon 3 mal neuinstalliert

cosinus 30.03.2012 15:27
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

aloabi 30.03.2012 15:43
Yeah , es hat funktioniert :
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 16:39:05
-----------------------------
16:39:05.200    OS Version: Windows x64 6.1.7601 Service Pack 1
16:39:05.200    Number of processors: 3 586 0x502
16:39:05.202    ComputerName: GERRIT-PC  UserName: Gerrit
16:39:16.077    Initialize success
16:39:20.754    AVAST engine defs: 12033000
16:39:38.320    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
16:39:38.322    Disk 0 Vendor: ST1500DL CC45 Size: 1430799MB BusType: 3
16:39:38.386    Disk 0 MBR read successfully
16:39:38.388    Disk 0 MBR scan
16:39:38.391    Disk 0 unknown MBR code
16:39:38.403    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:39:38.415    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463328 MB offset 206848
16:39:38.450    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13510 MB offset 949102592
16:39:38.454    Disk 0 Partition - 00    0F Extended LBA            953859 MB offset 976771072
16:39:38.494    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      953858 MB offset 976773120
16:39:38.598    Disk 0 scanning C:\Windows\system32\drivers
16:40:10.927    Service scanning
16:40:41.880    Modules scanning
16:40:41.908    Disk 0 trace - called modules:
16:40:41.945    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
16:40:41.951    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f2060]
16:40:41.957    3 CLASSPNP.SYS[fffff88001b7643f] -> nt!IofCallDriver -> [0xfffffa8004053e40]
16:40:41.963    5 ACPI.sys[fffff88000f7f7a1] -> nt!IofCallDriver -> \Device\00000063[0xfffffa800425f290]
16:40:41.970    Scan finished successfully
16:41:55.957    Disk 0 MBR has been saved successfully to "C:\Users\Gerrit\Desktop\Virenprogramme\Logs alt und neu\neue Logs\MBR.dat"
16:41:55.962    The log file has been saved successfully to "C:\Users\Gerrit\Desktop\Virenprogramme\Logs alt und neu\neue Logs\aswMBR.txt"
hab ich einen rootkit auf meinem rechner ????

cosinus 30.03.2012 15:46
Zitat:
16:39:38.391 Disk 0 unknown MBR code
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

aloabi 30.03.2012 15:56
ist es normal wenn dieser fix nur einige sekunden dauert ???

ok hier die Logs :
Fixed log :
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 16:52:14
-----------------------------
16:52:14.321    OS Version: Windows x64 6.1.7601 Service Pack 1
16:52:14.321    Number of processors: 3 586 0x502
16:52:14.322    ComputerName: GERRIT-PC  UserName: Gerrit
16:52:15.040    Initialize success
16:52:19.519    AVAST engine defs: 12033000
16:52:46.949    Verifying
16:52:56.974    Disk 0 Windows 601 MBR fixed successfully
16:53:18.344    Disk 0 MBR has been saved successfully to "C:\Users\Gerrit\Desktop\Virenprogramme\Logs alt und neu\neue Logs\MBR.dat"
16:53:18.344    The log file has been saved successfully to "C:\Users\Gerrit\Desktop\Virenprogramme\Logs alt und neu\neue Logs\aswMBR2.txt"
normales log :
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 16:56:55
-----------------------------
16:56:55.188    OS Version: Windows x64 6.1.7601 Service Pack 1
16:56:55.188    Number of processors: 3 586 0x502
16:56:55.188    ComputerName: GERRIT-PC  UserName: Gerrit
16:57:04.579    Initialize success
16:57:11.787    AVAST engine defs: 12033000
16:57:15.047    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
16:57:15.047    Disk 0 Vendor: ST1500DL CC45 Size: 1430799MB BusType: 3
16:57:15.078    Disk 0 MBR read successfully
16:57:15.094    Disk 0 MBR scan
16:57:15.109    Disk 0 Windows 7 default MBR code
16:57:15.125    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:57:15.141    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463328 MB offset 206848
16:57:15.187    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13510 MB offset 949102592
16:57:15.187    Disk 0 Partition - 00    0F Extended LBA            953859 MB offset 976771072
16:57:15.234    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      953858 MB offset 976773120
16:57:15.281    Disk 0 scanning C:\Windows\system32\drivers
16:57:30.820    Service scanning
16:58:09.229    Modules scanning
16:58:09.245    Disk 0 trace - called modules:
16:58:09.261    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
16:58:09.276    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f2450]
16:58:09.276    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80043801d0]
16:58:09.276    5 ACPI.sys[fffff88000f697a1] -> nt!IofCallDriver -> \Device\00000064[0xfffffa80043806a0]
16:58:09.292    Scan finished successfully
16:58:19.557    Disk 0 MBR has been saved successfully to "C:\Users\Gerrit\Desktop\Virenprogramme\Logs alt und neu\neue Logs\MBR.dat"
16:58:19.557    The log file has been saved successfully to "C:\Users\Gerrit\Desktop\Virenprogramme\Logs alt und neu\neue Logs\aswMBR3.txt"

cosinus 30.03.2012 17:02
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

aloabi 30.03.2012 17:44
der taskmanager geht immer noch nicht
mach gerade scan mit malwarebytes
hier jetzt schon mal das malwarebytes Log :
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gerrit :: GERRIT-PC [Administrator]

Schutz: Deaktiviert

30.03.2012 18:15:12
mbam-log2

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 484623
Laufzeit: 1 Stunde(n), 5 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

war das ok , dass ich nur c durchsucht habe und nicht die factory image oder die andere festplatte , wo ich nichts draufhab

Hab Lösung gefunden : mein Papa wars
Die Zeitsperre ( timeboss ) war schuld , der hat taskmanager deaktiviert
eine Frage soll ich noch die scans machen ???

cosinus 30.03.2012 21:17
Ja das andere auch bitte

aloabi 30.03.2012 21:54
Ist es normal dass dieser antispayware scan ewig dauert ( 50 min für ca. 70000 durchsuchte Files)

cosinus 30.03.2012 23:02
Ja SASW kann etwas dauern

aloabi 31.03.2012 12:06
Log antispyware :
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/31/2012 at 12:49 PM

Application Version : 5.0.1146

Core Rules Database Version : 8402
Trace Rules Database Version: 6214

Scan type      : Quick Scan
Total Scan Time : 00:04:14

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 647
Memory threats detected  : 0
Registry items scanned    : 54415
Registry threats detected : 0
File items scanned        : 10693
File threats detected    : 79

Adware.Tracking Cookie
        a.visualrevenue.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Cookies\W6TSQR71.txt [ /bs.serving-sys.com ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Cookies\EK4A3A5B.txt [ /atdmt.com ]
        C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Cookies\OW5JP04J.txt [ /c.atdmt.com ]
        C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Cookies\EFRY9SYN.txt [ /serving-sys.com ]
        .doubleclick.net [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Cookies\LJPKT0G4.txt [ /media.warrock.net ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZDZACFP4.DEFAULT\COOKIES.SQLITE ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@revsci[2].txt [ Cookie:gerrit@revsci.net/ ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@ad4.adfarm1.adition[2].txt [ Cookie:gerrit@ad4.adfarm1.adition.com/ ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@im.banner.t-online[2].txt [ Cookie:gerrit@im.banner.t-online.de/ ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@ad2.adfarm1.adition[2].txt [ Cookie:gerrit@ad2.adfarm1.adition.com/ ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@2o7[2].txt [ Cookie:gerrit@2o7.net/ ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@tracking.mlsat02[1].txt [ Cookie:gerrit@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@atdmt[2].txt [ Cookie:gerrit@atdmt.com/ ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@c.atdmt[2].txt [ Cookie:gerrit@c.atdmt.com/ ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@tradedoubler[1].txt [ Cookie:gerrit@tradedoubler.com/ ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@tracking.quisma[1].txt [ Cookie:gerrit@tracking.quisma.com/ ]
        C:\USERS\GERRIT\AppData\Roaming\Microsoft\Windows\Cookies\Low\gerrit@invitemedia[1].txt [ Cookie:gerrit@invitemedia.com/ ]
        C:\USERS\GERRIT\Cookies\W6TSQR71.txt [ Cookie:gerrit@bs.serving-sys.com/ ]
        C:\USERS\GERRIT\Cookies\EK4A3A5B.txt [ Cookie:gerrit@atdmt.com/ ]
        C:\USERS\GERRIT\Cookies\OW5JP04J.txt [ Cookie:gerrit@c.atdmt.com/ ]
        C:\USERS\GERRIT\Cookies\LJPKT0G4.txt [ Cookie:gerrit@media.warrock.net/ ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        a.visualrevenue.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .xiti.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad4.adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

aloabi 01.04.2012 16:17
und jetzt das fullscan antispyware log:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/01/2012 at 04:53 PM

Application Version : 5.0.1146

Core Rules Database Version : 8402
Trace Rules Database Version: 6214

Scan type      : Complete Scan
Total Scan Time : 00:55:40

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 686
Memory threats detected  : 0
Registry items scanned    : 65991
Registry threats detected : 0
File items scanned        : 81202
File threats detected    : 152

Adware.Tracking Cookie
        C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Cookies\YS7AFIMW.txt [ /bs.serving-sys.com ]
        C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Cookies\D23UO7QR.txt [ /atdmt.com ]
        C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Cookies\C4548SAT.txt [ /c.atdmt.com ]
        C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Cookies\NWDHSJIN.txt [ /serving-sys.com ]
        C:\USERS\GERRIT\Cookies\YS7AFIMW.txt [ Cookie:gerrit@bs.serving-sys.com/ ]
        C:\USERS\GERRIT\Cookies\D23UO7QR.txt [ Cookie:gerrit@atdmt.com/ ]
        C:\USERS\GERRIT\Cookies\C4548SAT.txt [ Cookie:gerrit@c.atdmt.com/ ]
        accounts.google.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .statcounter.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .xiti.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .eaeacom.112.2o7.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        server.adform.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        banner.testberichte.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.mlsat02.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ww251.smartadserver.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .imrworldwide.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .cmp.112.2o7.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        de.sitestat.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adbrite.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .specificclick.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.usenext.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .traffictrack.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad3.adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unitymedia.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .unitymedia.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.adform.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .a.revenuemax.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .fuckmybrain.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .amazon-adsystem.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .amazon-adsystem.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adtech.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.faktmedia.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        stats.computecmedia.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .mediaplex.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.zanox-affiliate.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adxvalue.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        adx.chip.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .dyntracker.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.quisma.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        server.adform.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adform.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tracking.mindshare.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.dyntracker.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .bs.serving-sys.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .serving-sys.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        www.googleadservices.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .smartadserver.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        track.effiliation.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox-affiliate.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.dyntracker.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .zanox.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.zanox.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .tradedoubler.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .invitemedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .realmedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .realmedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .interclick.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .realmedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .interclick.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .interclick.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        network.realmedia.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .webmasterplan.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad1.adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        a.visualrevenue.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .ad.adnet.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad2.adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .revsci.net [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad4.adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .adfarm1.adition.com [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .im.banner.t-online.de [ C:\USERS\GERRIT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
hey hab noch was interessantes von combofix gefunden
Code:
2012-03-29 14:37:56 . 2012-03-29 17:22:48                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
2012-03-28 15:10:18 . 2012-03-28 15:10:18            2,966 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-PunkBusterSvc.reg.dat
2012-03-28 15:10:18 . 2012-03-28 15:10:18              478 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-loadtbs-2.1.reg.dat
2012-03-28 15:10:18 . 2012-03-28 15:10:18              900 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-EasyBits Magic Desktop.reg.dat
2012-03-28 14:24:10 . 2012-03-29 17:28:35            6,000 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-03-28 13:31:50 . 2012-03-29 17:21:44              561 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2012-03-05 17:57:49 . 2012-03-05 19:54:29      86,405,736 ----a-w-  C:\Qoobox\Quarantine\C\Users\Gerrit\APB_Reloaded_Installer.exe.vir
2012-01-31 17:15:42 . 2012-01-31 17:15:42          172,032 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\muzapp.exe.vir
laut den logfiles ist doch alles gut oder nicht


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:22 Uhr.
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130