Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Verschlüsselungstrojaner (BKA) auf meinem Windows 7 Pc (https://www.trojaner-board.de/118464-verschluesselungstrojaner-bka-meinem-windows-7-pc.html)

cosinus 10.07.2012 14:07
Nein nichts löschen!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Filib1990 10.07.2012 19:48
Hier der Combo Fix Log :)
Code:
ComboFix 12-07-10.01 - Filib 10.07.2012  20:37:34.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.4007.2504 [GMT 2:00]
ausgeführt von:: c:\users\Filib\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120627215756.109999
c:\programdata\Roaming
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-10 bis 2012-07-10  ))))))))))))))))))))))))))))))
.
.
2012-07-10 18:41 . 2012-07-10 18:41        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-07-10 18:41 . 2012-07-10 18:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-10 10:21 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E608237-B9CE-4FB5-829B-1051087331F7}\mpengine.dll
2012-07-08 15:38 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-07 11:24 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe
2012-07-07 11:23 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-07-07 11:23 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-07-07 07:43 . 2012-07-07 07:43        --------        d-----w-        c:\program files\7-Zip
2012-07-06 13:00 . 2012-07-10 10:12        --------        d-----w-        c:\program files (x86)\Steam
2012-07-06 11:45 . 2012-07-09 18:23        --------        d-----w-        C:\_OTL
2012-07-05 23:45 . 2012-07-06 22:02        --------        d-----w-        c:\program files (x86)\Common Files\Steam
2012-07-05 21:37 . 2012-07-05 21:36        544008        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-07-05 21:36 . 2012-07-05 21:36        --------        d-----w-        c:\program files\Java
2012-07-05 21:36 . 2012-07-05 21:35        476936        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-07-05 14:32 . 2012-07-05 14:32        --------        d-----w-        c:\program files (x86)\ESET
2012-07-04 11:17 . 2012-07-04 11:17        --------        d-----w-        c:\users\Filib\AppData\Local\Secunia PSI
2012-07-04 11:17 . 2012-07-04 11:17        --------        d-----w-        c:\program files (x86)\Secunia
2012-07-04 11:11 . 2012-07-04 11:11        --------        d-----w-        c:\windows\Sun
2012-07-04 09:56 . 2012-07-04 09:56        --------        d-----w-        c:\users\Filib\AppData\Roaming\Avira
2012-07-04 09:54 . 2012-05-04 11:11        927800        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACE6FAE1-3680-42FE-9952-654DCC2295AA}\gapaengine.dll
2012-07-04 09:51 . 2012-05-02 13:24        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-07-04 09:51 . 2012-04-27 08:20        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-07-04 09:51 . 2012-04-24 22:32        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-07-04 09:50 . 2012-07-04 09:50        --------        d-----w-        c:\programdata\Avira
2012-07-04 09:50 . 2012-07-04 09:50        --------        d-----w-        c:\program files (x86)\Avira
2012-07-03 21:25 . 2012-07-03 21:25        --------        d-----w-        c:\program files\CCleaner
2012-07-03 21:14 . 2012-05-18 02:51        754808        ----a-w-        c:\program files\Internet Explorer\iexplore.exe
2012-07-03 21:13 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-07-03 21:13 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-07-03 21:13 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-07-03 21:13 . 2012-05-01 05:40        209920        ----a-w-        c:\windows\system32\profsvc.dll
2012-07-03 21:13 . 2012-05-04 11:06        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-07-03 21:13 . 2012-05-04 10:03        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-07-03 21:13 . 2012-05-04 10:03        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-07-03 21:13 . 2012-04-24 05:37        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-07-03 21:13 . 2012-04-24 05:37        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-07-03 21:13 . 2012-04-24 05:37        1462272        ----a-w-        c:\windows\system32\crypt32.dll
2012-07-03 21:13 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-07-03 21:13 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-07-03 21:13 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-07-03 21:12 . 2012-05-15 01:32        3146752        ----a-w-        c:\windows\system32\win32k.sys
2012-07-03 21:12 . 2012-04-07 12:31        3216384        ----a-w-        c:\windows\system32\msi.dll
2012-07-03 21:12 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\SysWow64\msi.dll
2012-07-03 21:12 . 2012-04-28 03:55        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:41 . 2012-07-03 20:41        --------        d-----w-        c:\users\Filib\AppData\Roaming\Malwarebytes
2012-07-03 20:41 . 2012-07-03 20:41        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-03 20:41 . 2012-07-03 20:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-03 20:41 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-27 14:48 . 2012-06-27 14:48        --------        d-----w-        c:\program files (x86)\ElastoMania111
2012-06-27 14:39 . 2012-06-27 14:40        --------        d-----w-        c:\users\Filib\AppData\Local\Microsoft Games
2012-06-21 07:59 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 07:59 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 07:59 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 07:59 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 07:59 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 07:59 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 07:59 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 07:59 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 07:59 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-15 20:02 . 2012-06-15 20:02        --------        d-----w-        c:\users\Filib\AppData\Local\Macromedia
2012-06-12 23:40 . 2012-05-04 11:11        927800        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 21:37 . 2012-03-29 22:57        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 21:37 . 2012-01-20 14:32        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 21:36 . 2011-02-10 20:50        525576        ----a-w-        c:\windows\system32\deployJava1.dll
2012-07-05 21:35 . 2011-02-10 20:50        472840        ----a-w-        c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-02-03 506712]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-04-14 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2011-04-14 228448]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2012-1-20 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 136176]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe [2007-06-11 33712]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-06-27 681056]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 257224]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-10-23 46592]
R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\drivers\fspad_xp64.sys [2010-11-08 68608]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-06 690208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-21 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-24 25960]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2010-10-07 159752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 876976]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31088]
S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\DRIVERS\fspad_wlh64.sys [2010-11-08 68608]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:37]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:19]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Filib\AppData\Roaming\Mozilla\Firefox\Profiles\z1ehmlkz.default\
FF - prefs.js: browser.startup.homepage - www.orf.at
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-10  20:43:31
ComboFix-quarantined-files.txt  2012-07-10 18:43
.
Vor Suchlauf: 11 Verzeichnis(se), 515.870.646.272 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 517.058.961.408 Bytes frei
.
- - End Of File - - 875644D389A4F164FE30CACEE2D80035

cosinus 10.07.2012 22:19
Code:
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
Das fällt mir ja jetzt erst auf :headbang:

Willst du dein System in die Knie zwingen? Zwei solcher Virenscanner installiert man niemals parallel! Deinstalliere einen der beiden!

Max. Malwarebytes kann man zu einem installierten Virenscanner benutzen, bei Malwarebytes würde ich aber die reine Free-Variante ohne Hintergrundschutz-Modul verwenden.
(die anderen Scanner die ich hier in der Bereinigung/Analyse verwende kommen den anderen auch nichts ins Gehege)

Filib1990 11.07.2012 11:01
Hehe, jep ich weiß eh. Ich habe MSE Echtzeitschutz vorerst deaktiviert und wollte es dann eh deinstallieren. Habe mich eben jetzt nach dem Trojaner für AVIRA entschieden da ich hier im Forum auch besseres Feedback für diesen Viren Scan gefunden habe.
Malwarebytes werde ich ebenfalls nicht als Echtzeitschutz sondern nur als Scanner in verwendung haben!
Lg

cosinus 11.07.2012 12:56
Deinstallier es bitte jetzt oder hast es schon gemacht

Filib1990 12.07.2012 15:44
Ist schon deinstalliert! :)

cosinus 12.07.2012 18:19
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Filib1990 12.07.2012 22:48
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-12 23:39:46
Windows 6.1.7601 Service Pack 1
Running: 0z9jxgpk.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97102ab6a                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97102ab6a (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:53:43 on 12.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"%RTL8192su.DeviceDesc.DispName%" (RTL8192su) - "Realtek Semiconductor Corporation                          " - C:\Windows\System32\DRIVERS\RTL8192su.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PEGAGFN" (PEGAGFN) - "PEGATRON" - C:\Program Files (x86)\PHotkey\PEGAGFN.sys
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"wsvd" (wsvd) - "CyberLink" - C:\Windows\System32\DRIVERS\wsvd.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay.at" - ? - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout64" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
"eBay.at" - ? - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4  (HTTP value)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"watchmi tray.lnk" - ? - C:\Program Files (x86)\watchmi\TvdTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"Dolby Advanced Audio v2" - "Dolby Laboratories Inc." - "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"YouCam Mirage" - "CyberLink" - "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"YouCam Tray" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@C:\Windows\system32\CxAudMsg64.exe,-100" (CxAudMsg) - "Conexant Systems Inc." - C:\Windows\system32\CxAudMsg64.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"GFNEX Service" (GFNEXSrv) - ? - C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"watchmi service" (watchmi) - ? - C:\Program Files (x86)\watchmi\TvdService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Wireless PAN DHCP Server" (MyWiFiDHCPDNS) - ? - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-12 23:58:12
-----------------------------
23:58:12.617    OS Version: Windows x64 6.1.7601 Service Pack 1
23:58:12.617    Number of processors: 4 586 0x2A07
23:58:12.618    ComputerName: FILIB-PC  UserName: Filib
23:58:14.786    Initialize success
23:59:45.854    AVAST engine defs: 12071201
00:00:18.291    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:00:18.295    Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
00:00:18.313    Disk 0 MBR read successfully
00:00:18.319    Disk 0 MBR scan
00:00:18.329    Disk 0 unknown MBR code
00:00:18.343    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
00:00:18.366    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      568394 MB offset 206848
00:00:18.393    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        40960 MB offset 1164277760
00:00:18.418    Disk 0 Partition 4 00    12  Compaq diag NTFS        1024 MB offset 1248163840
00:00:18.462    Disk 0 scanning C:\Windows\system32\drivers
00:00:29.752    Service scanning
00:01:03.446    Modules scanning
00:01:03.465    Disk 0 trace - called modules:
00:01:03.513    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
00:01:03.519    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006685060]
00:01:03.526    3 CLASSPNP.SYS[fffff88001b7443f] -> nt!IofCallDriver -> [0xfffffa8003c986e0]
00:01:03.532    5 ACPI.sys[fffff88000f5c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004770050]
00:01:05.911    AVAST engine scan C:\Windows
00:01:10.103    AVAST engine scan C:\Windows\system32
00:04:54.218    AVAST engine scan C:\Windows\system32\drivers
00:05:08.727    AVAST engine scan C:\Users\Filib
00:07:41.159    AVAST engine scan C:\ProgramData
00:08:33.545    Scan finished successfully
00:09:56.526    Disk 0 MBR has been saved successfully to "C:\Users\Filib\Desktop\MBR.dat"
00:09:56.542    The log file has been saved successfully to "C:\Users\Filib\Desktop\aswMBR.txt"
Danke und Lg

cosinus 13.07.2012 14:11
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Filib1990 15.07.2012 10:38
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-12 23:58:12
-----------------------------
23:58:12.617    OS Version: Windows x64 6.1.7601 Service Pack 1
23:58:12.617    Number of processors: 4 586 0x2A07
23:58:12.618    ComputerName: FILIB-PC  UserName: Filib
23:58:14.786    Initialize success
23:59:45.854    AVAST engine defs: 12071201
00:00:18.291    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:00:18.295    Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
00:00:18.313    Disk 0 MBR read successfully
00:00:18.319    Disk 0 MBR scan
00:00:18.329    Disk 0 unknown MBR code
00:00:18.343    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
00:00:18.366    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      568394 MB offset 206848
00:00:18.393    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        40960 MB offset 1164277760
00:00:18.418    Disk 0 Partition 4 00    12  Compaq diag NTFS        1024 MB offset 1248163840
00:00:18.462    Disk 0 scanning C:\Windows\system32\drivers
00:00:29.752    Service scanning
00:01:03.446    Modules scanning
00:01:03.465    Disk 0 trace - called modules:
00:01:03.513    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
00:01:03.519    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006685060]
00:01:03.526    3 CLASSPNP.SYS[fffff88001b7443f] -> nt!IofCallDriver -> [0xfffffa8003c986e0]
00:01:03.532    5 ACPI.sys[fffff88000f5c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004770050]
00:01:05.911    AVAST engine scan C:\Windows
00:01:10.103    AVAST engine scan C:\Windows\system32
00:04:54.218    AVAST engine scan C:\Windows\system32\drivers
00:05:08.727    AVAST engine scan C:\Users\Filib
00:07:41.159    AVAST engine scan C:\ProgramData
00:08:33.545    Scan finished successfully
00:09:56.526    Disk 0 MBR has been saved successfully to "C:\Users\Filib\Desktop\MBR.dat"
00:09:56.542    The log file has been saved successfully to "C:\Users\Filib\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-14 15:52:50
-----------------------------
15:52:50.283    OS Version: Windows x64 6.1.7601 Service Pack 1
15:52:50.283    Number of processors: 4 586 0x2A07
15:52:50.283    ComputerName: FILIB-PC  UserName: Filib
15:52:58.926    Initialize success
15:53:05.135    AVAST engine defs: 12071401
15:53:43.183    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:53:43.183    Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
15:53:43.292    Disk 0 MBR read successfully
15:53:43.292    Disk 0 MBR scan
15:53:43.292    Disk 0 Windows 7 default MBR code
15:53:43.308    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:53:43.323    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      568394 MB offset 206848
15:53:43.370    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        40960 MB offset 1164277760
15:53:43.433    Disk 0 Partition 4 00    12  Compaq diag NTFS        1024 MB offset 1248163840
15:53:43.495    Disk 0 scanning C:\Windows\system32\drivers
15:54:06.333    Service scanning
15:55:13.164    Modules scanning
15:55:13.164    Disk 0 trace - called modules:
15:55:13.663    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:55:13.679    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006683060]
15:55:13.679    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004b46800]
15:55:13.679    5 ACPI.sys[fffff88000f4c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800542c050]
15:55:21.120    AVAST engine scan C:\Windows
15:55:37.516    AVAST engine scan C:\Windows\system32
15:59:15.011    AVAST engine scan C:\Windows\system32\drivers
15:59:30.939    AVAST engine scan C:\Users\Filib
16:01:45.692    AVAST engine scan C:\ProgramData
16:02:34.302    Scan finished successfully
16:38:27.355    Disk 0 MBR has been saved successfully to "C:\Users\Filib\Desktop\MBR.dat"
16:38:27.636    The log file has been saved successfully to "C:\Users\Filib\Desktop\aswMBR.txt"
Hier der neue Log, ich sag nur gleich dazu bin zwei wochen auf urlaub ab morgen, d.h. nicht denken das ich das thema aufgegeben habe nur keine möglichkeit online zu kommen in der Zeit ;)
lg

cosinus 15.07.2012 17:03
Ok, dann schönen Urlaub. Wenn du in 2 Wochen wieder zurück bist kommt noch das:

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Filib1990 26.07.2012 09:28
Hi Arne, bin aus dem URlaub zurück, hier der Log für Malwarebytes, der andere folgt sofort den starte ich jetzt! ;)

Code:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Filib :: FILIB-PC [Administrator]

25.07.2012 23:54:40
mbam-log-2012-07-25 (23-54-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 324370
Laufzeit: 50 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
wow, das hat lange geaudert, und hat (dummerweise habe ich cookies vor dme scan nicht gelöscht) 10000 cookies gefunden, hier der log
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/26/2012 at 11:49 AM

Application Version : 5.5.1012

Core Rules Database Version : 8959
Trace Rules Database Version: 6771

Scan type      : Complete Scan
Total Scan Time : 01:17:04

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 673
Memory threats detected  : 0
Registry items scanned    : 69581
Registry threats detected : 0
File items scanned        : 139460
File threats detected    : 189

Adware.Tracking Cookie
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\CNBRD3TX.txt [ /apmebf.com ]
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\W3J8U39X.txt [ /zanox.com ]
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\X7LVA8E4.txt [ /atdmt.com ]
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\F32CA9UQ.txt [ /doubleclick.net ]
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\GVKI3A0E.txt [ /ad.zanox.com ]
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\QM7D18Z6.txt [ /ad.yieldmanager.com ]
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\0ZUMT9GN.txt [ /mediaplex.com ]
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\N9DF5O5T.txt [ /fastclick.net ]
        C:\USERS\FILIB\Cookies\CNBRD3TX.txt [ Cookie:filib@apmebf.com/ ]
        C:\USERS\FILIB\Cookies\W3J8U39X.txt [ Cookie:filib@zanox.com/ ]
        C:\USERS\FILIB\Cookies\X7LVA8E4.txt [ Cookie:filib@atdmt.com/ ]
        C:\USERS\FILIB\Cookies\F32CA9UQ.txt [ Cookie:filib@doubleclick.net/ ]
        C:\USERS\FILIB\Cookies\GVKI3A0E.txt [ Cookie:filib@ad.zanox.com/ ]
        C:\USERS\FILIB\Cookies\QM7D18Z6.txt [ Cookie:filib@ad.yieldmanager.com/ ]
        C:\USERS\FILIB\Cookies\0ZUMT9GN.txt [ Cookie:filib@mediaplex.com/ ]
        .doubleclick.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ads.247activemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .lucidmedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .bwincom.122.2o7.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .premiumtv.122.2o7.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        stats.computecmedia.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .dealtime.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        stat.dealtime.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .hlstatsx.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        stats.computecmedia.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .counter-strike.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .counter-strike.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .counter-strike.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        www.digital-eliteboard.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        www.digital-eliteboard.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .digital-eliteboard.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .digital-eliteboard.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .digital-eliteboard.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        tracking.tennisnet.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        tracking.tennisnet.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        m1.webstats.motigo.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .accounts.google.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        accounts.youtube.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
Lg Filib

cosinus 26.07.2012 15:22
Zitat:
UAC On - Limited User
Wie hast du SASW gestartet? Einfach per Doppelklick?

Filib1990 26.07.2012 19:06
nein, rechtsklick und als admin. aber hab dann noch mal abgebrochen und neu gestartet, vlt war das das problem. ich mach gleich nochmal! :)

Hoffe dieser Log entspricht nun den Erwartungen ;), habe mit rechtsklick und als administrator ausführen, allerdings öffnet sich dann erst ein symbol in der tastkleiste über das ich dann den suchlauf durchführe, hoffe das passt so! :)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/27/2012 at 00:51 AM

Application Version : 5.5.1012

Core Rules Database Version : 8959
Trace Rules Database Version: 6771

Scan type      : Complete Scan
Total Scan Time : 04:43:21

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 711
Memory threats detected  : 0
Registry items scanned    : 69718
Registry threats detected : 0
File items scanned        : 140373
File threats detected    : 32

Adware.Tracking Cookie
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\EU7LZ220.txt [ /atdmt.com ]
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\E95O0HDQ.txt [ /doubleclick.net ]
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\0TR6XXWE.txt [ /ad.yieldmanager.com ]
        C:\Users\Filib\AppData\Roaming\Microsoft\Windows\Cookies\YQ9E4B9K.txt [ /fastclick.net ]
        C:\USERS\FILIB\Cookies\EU7LZ220.txt [ Cookie:filib@atdmt.com/ ]
        C:\USERS\FILIB\Cookies\E95O0HDQ.txt [ Cookie:filib@doubleclick.net/ ]
        C:\USERS\FILIB\Cookies\0TR6XXWE.txt [ Cookie:filib@ad.yieldmanager.com/ ]
        .doubleclick.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FILIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z1EHMLKZ.DEFAULT\COOKIES.SQLITE ]

Filib1990 02.08.2012 13:13
Hey, gibt es noch irgendwas was ich beachten muss oder jetzt noch machen soll?
Lg


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:08 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131