Universa Application?!

bobstertl · 02-24-2006, 05:29 AM

hello people!

HAs anybody heard of UNIVERSA APPLICATION?

well, i have it!

Yesterday evening,while surfing on the internet (some chinese Students web site) the Bitdefender firewall prompted me that an application (i think it also called it Universa), tries to connect to the internet. well, i believe it is the first time when i allowed an unknown by me application to connect...and Surprise! Some internet explorer Error occured plus some script error for Internet explorer (i use Mozilla firefox 1.5). These 2 errors were popping up around every minute, so, it was clear.

I thought it is something wrong about some infection, so i got to work.

Today,
First i denied the access to the internet for Universa Application.

Than i runned:

1: Bitdefender antivirus, last updated definisions on today, also.
It found some infections (Trojan) and it deleted
It Found also some suspect files, so i sent them to the Bitdefender lab

2: Lavasoft Ad-Aware Personal, last updated today
Cleaned some Critical entries
3: VX2 Cleaner V2.0 also
System Clean
4: Spybot Search& destroy, today last updated
Cleaned some Critical entries. there were also some about new dot net, i ordered the removal, but spybot, even after the schajuled scan on startup, couldn't remove 2 of them.

5: Trojan Remover (trial version) last updated today, found nothing in the system

well, now, after i tried everything, the firewall lets me know every minute that he blocked the acces of this Universa Application.

I looked ofcourse, in the system tray process list, and i identified these processes:
winEA4.tmp.exe-----loaded 3 times----consumming 8756K two of them, and the third consuming 8652K;
winEAA.tmp.exe-----loaded 2 times----consumming 8644K one, and 8652k the other;
Anyways, these values variate a bit, from time to time, but it is all the time over 8500K.
I tried to end these processes, and they just restart.
I tried to kill the processes with HJT, but it told me that they are protected by Windows.

I, of course followed also the rules than of this forum, before posing the thread, and no success.

the problem is still there.
And i ranned out of ideas!

Perhaps you can help me?

here is the log what HJT gave me after the scan (safe mode):

Logfile of HijackThis v1.99.1
Scan saved at 12:10:23, on 02/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Softwin\BitDefender9\bdswitch.exe
C:\WINDOWS\System32\svchost.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\wincmd\TOTALCMD.EXE
C:\Programme\Softwin\BitDefender9\bdmcon.exe
C:\DOKUME~1\MANDYS~1\LOKALE~1\Temp\_tc\HijackThis.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Yahoo!\Messenger\Y!Multi Messenger.exe
C:\WINDOWS\TEMP\winEA4.tmp.exe
C:\WINDOWS\TEMP\winEAA.tmp.exe
C:\WINDOWS\TEMP\winEA4.tmp.exe
E:\kits (programs packed)\necessary stuff\anti spyware&firewalls\cwshredder\cwshredder.exe
C:\WINDOWS\TEMP\winEAA.tmp.exe
E:\kits (programs packed)\necessary stuff\anti spyware&firewalls\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Programme\b0b\e-snips\SnipBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Programme\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Programme\b0b\e-snips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/self...g/ESTPTest.cab
O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thanx A Lot, Guys, and i wait Anxioussly for Your Replies!
Of Course, if You need any more Logs, i am here! might take a short while untill my answer, but i will be here, mainly...:)

bobstertl · 02-24-2006, 08:14 AM

i am really curious about what i should do next...
is there anybody who has an idea about this universa application?
or should i better try further to solve this situation?

i don't want to sound unpacient, i know that whoever would do something for me, would do it for free...but i desperately need the computer now, and it is going really slow, and the annoing message evry minute from the firewall, switches me out from the window in which i work...:((

i got some update now from bit defender, i will try one more time to get rid of this universa s#*$...(

sorry )

All the best, and please understand me! i ask this, so i avoid changing the structure of the logs (in case somebody is looking already over my log).

If not, i completlly understand, i am not the boss of anybody!

Thanx anyways!

tetonbob · 02-24-2006, 08:18 AM

Before we begin, I want you to upload this file C:\WINDOWS\SYSTEM32\winhld32.dll to http://virusscan.jotti.org and report back what it found.

bobstertl · 02-24-2006, 08:21 AM

i do it rightaway!
i just ghope my internet wont crash in the meanwhile....

Thanx a lot!!!

bobstertl · 02-24-2006, 08:25 AM

u got an eye, baby!!!

how do you want the reply, should i write it here?

thanx!

Ried · 02-24-2006, 08:27 AM

Yes, just copy/paste the results of the jotti scan here in this thread

bobstertl · 02-24-2006, 08:32 AM

Here it is!!!

File: winhld32.dll
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 eb74777a2d79bbeec18bdaf42bf42c28
Packers detected:
-
Scanner results
AntiVir Found nothing
ArcaVir Found Trojan.Clicker.Small.Kb
Avast Found Win32:Trojano-3292
AVG Antivirus Found Clicker.BQZ
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found Adware/Small
Kaspersky Anti-Virus Found Trojan-Clicker.Win32.Small.kb
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Trojan-Clicker.Win32.Small.kb

thanx people!

tetonbob · 02-24-2006, 08:35 AM

Settle in, this will take some time....

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download Ewido Security Suite

Install Ewido Security Suite
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache

Delete Newsgroup Subscriptions

Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

Delete the following Files/Folders if they exist:

C:\WINDOWS\SYSTEM32\winhld32.dll

Restart in normal mode.

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

Click on See report then click Save report

*Turn off the real time scanner of any existing antivirus program while performing the online scan

Restart and run a new HijackThis scan. Save the log file and post it here.

Please return with logs from:

Ewido
Panda
HJT

bobstertl · 02-24-2006, 08:40 AM

in a few hours, will come my logs!!!

Thank you very much, let's see what happenes...

one love!

bobstertl · 02-24-2006, 02:29 PM

ok, guys, i got rid of the S#*$!!!!

Before you read the logs, i must tell you that there were two hard drives in the computer, with 2 different windows partitions. So, F:\ Drive is the Slave drive operation system (it is from another computer, and i just temporarly use it as storage point), and the C:\ drive has the windows XP home in German.

Here are the logs!!!!

1: EWIDO:

---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 21:47:01, 02/24/2006
+ Report-Checksumme: 6A54FC13

+ Scanergebnis:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Gesäubert mit Backup
[252] C:\WINDOWS\system32\winhld32.dll -> Hijacker.Small.kb : Gesäubert mit Backup
:mozilla.9:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.10:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.11:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.12:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.13:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.14:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.15:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.16:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.17:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.18:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.19:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.20:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.21:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.22:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.23:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Casinotropez : Gesäubert mit Backup
:mozilla.27:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Casinotropez : Gesäubert mit Backup
:mozilla.30:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.31:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.32:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.33:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.34:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.35:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.36:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.37:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.38:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.41:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.43:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.44:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.45:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.46:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.47:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.49:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.51:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.52:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.55:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.57:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Doubleclick : Gesäubert mit Backup
:mozilla.58:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Ru4 : Gesäubert mit Backup
:mozilla.59:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Ru4 : Gesäubert mit Backup
:mozilla.60:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.61:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.62:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.63:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.64:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.65:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.66:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.67:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.68:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.69:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.70:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.71:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.72:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.77:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Atdmt : Gesäubert mit Backup
:mozilla.78:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.79:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.80:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.81:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.82:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.83:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Mediaplex : Gesäubert mit Backup
:mozilla.89:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Centrport : Gesäubert mit Backup
:mozilla.91:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
:mozilla.92:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
:mozilla.93:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
:mozilla.94:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
:mozilla.95:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
:mozilla.106:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Trafficmp : Gesäubert mit Backup
:mozilla.107:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Trafficmp : Gesäubert mit Backup
:mozilla.108:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Trafficmp : Gesäubert mit Backup
:mozilla.109:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Trafficmp : Gesäubert mit Backup
:mozilla.110:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Trafficmp : Gesäubert mit Backup
:mozilla.111:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Trafficmp : Gesäubert mit Backup
:mozilla.114:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Yadro : Gesäubert mit Backup
:mozilla.128:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Spylog : Gesäubert mit Backup
:mozilla.135:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Ivwbox : Gesäubert mit Backup
:mozilla.144:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
:mozilla.145:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
:mozilla.146:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
:mozilla.155:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Tribalfusion : Gesäubert mit Backup
:mozilla.156:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Questionmarket : Gesäubert mit Backup
:mozilla.157:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Trafic : Gesäubert mit Backup
:mozilla.163:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Webtrendslive : Gesäubert mit Backup
:mozilla.174:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Tradedoubler : Gesäubert mit Backup
:mozilla.175:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Tradedoubler : Gesäubert mit Backup
:mozilla.176:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Tradedoubler : Gesäubert mit Backup
:mozilla.177:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Tradedoubler : Gesäubert mit Backup
:mozilla.221:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Com : Gesäubert mit Backup
:mozilla.222:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Com : Gesäubert mit Backup
:mozilla.243:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Adtech : Gesäubert mit Backup
:mozilla.244:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Adtech : Gesäubert mit Backup
:mozilla.274:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
:mozilla.281:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.282:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.283:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.284:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.286:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Targetnet : Gesäubert mit Backup
:mozilla.292:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Coremetrics : Gesäubert mit Backup
:mozilla.303:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Casalemedia : Gesäubert mit Backup
:mozilla.304:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Casalemedia : Gesäubert mit Backup
:mozilla.305:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Casalemedia : Gesäubert mit Backup
:mozilla.306:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Casalemedia : Gesäubert mit Backup
:mozilla.307:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Casalemedia : Gesäubert mit Backup
:mozilla.308:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Casalemedia : Gesäubert mit Backup
:mozilla.309:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Masterstats : Gesäubert mit Backup
:mozilla.312:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Qksrv : Gesäubert mit Backup
:mozilla.313:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Qksrv : Gesäubert mit Backup
:mozilla.327:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Overture : Gesäubert mit Backup
:mozilla.334:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Itrack : Gesäubert mit Backup
:mozilla.339:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Addcontrol : Gesäubert mit Backup
:mozilla.340:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Addcontrol : Gesäubert mit Backup
:mozilla.364:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.365:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.366:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.385:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.387:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.396:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Webtrendslive : Gesäubert mit Backup
:mozilla.398:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Web-stat : Gesäubert mit Backup
:mozilla.399:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Web-stat : Gesäubert mit Backup
:mozilla.406:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.407:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.408:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.414:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Goclick : Gesäubert mit Backup
:mozilla.415:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Goclick : Gesäubert mit Backup
:mozilla.428:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Popularix : Gesäubert mit Backup
:mozilla.435:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Bfast : Gesäubert mit Backup
:mozilla.441:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Burstnet : Gesäubert mit Backup
:mozilla.442:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\1h74ag1j.default\cookies.txt -> TrackingCookie.Burstnet : Gesäubert mit Backup
:mozilla.10:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Tribalfusion : Gesäubert mit Backup
:mozilla.15:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Trafic : Gesäubert mit Backup
:mozilla.24:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Atdmt : Gesäubert mit Backup
:mozilla.27:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.28:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.29:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Advertising : Gesäubert mit Backup
:mozilla.51:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Myaffiliateprogram : Gesäubert mit Backup
:mozilla.53:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Doubleclick : Gesäubert mit Backup
:mozilla.61:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Questionmarket : Gesäubert mit Backup
:mozilla.62:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Questionmarket : Gesäubert mit Backup
:mozilla.64:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.65:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.66:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.67:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.69:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.70:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.71:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.73:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.74:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.75:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.76:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.78:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Overture : Gesäubert mit Backup
:mozilla.82:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Overture : Gesäubert mit Backup
:mozilla.83:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Overture : Gesäubert mit Backup
:mozilla.86:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.87:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.88:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.89:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.90:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.92:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Mediaplex : Gesäubert mit Backup
:mozilla.93:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Mediaplex : Gesäubert mit Backup
:mozilla.100:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.101:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.102:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.103:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.104:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.105:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.106:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Falkag : Gesäubert mit Backup
:mozilla.113:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Spylog : Gesäubert mit Backup
:mozilla.122:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.123:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.124:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.125:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.126:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.127:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.128:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.129:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.130:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.135:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Ivwbox : Gesäubert mit Backup
:mozilla.152:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Valueclick : Gesäubert mit Backup
:mozilla.158:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.159:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.160:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.161:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.162:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.163:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.164:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.185:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.186:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.187:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.188:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.189:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.190:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.191:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.192:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.193:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.194:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.195:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.196:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.197:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.203:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Webtrendslive : Gesäubert mit Backup
:mozilla.204:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Coremetrics : Gesäubert mit Backup
:mozilla.211:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Adtech : Gesäubert mit Backup
:mozilla.212:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Adtech : Gesäubert mit Backup
:mozilla.255:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Tradedoubler : Gesäubert mit Backup
:mozilla.256:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Tradedoubler : Gesäubert mit Backup
:mozilla.257:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Tradedoubler : Gesäubert mit Backup
:mozilla.258:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Tradedoubler : Gesäubert mit Backup
:mozilla.261:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Tradedoubler : Gesäubert mit Backup
:mozilla.262:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.271:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Googleadservices : Gesäubert mit Backup
:mozilla.274:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Etracker : Gesäubert mit Backup
:mozilla.275:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Etracker : Gesäubert mit Backup
:mozilla.280:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.285:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
:mozilla.286:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
:mozilla.287:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
:mozilla.288:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
:mozilla.289:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
:mozilla.290:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Itrack : Gesäubert mit Backup
:mozilla.305:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.310:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Onestat : Gesäubert mit Backup
:mozilla.311:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Onestat : Gesäubert mit Backup
:mozilla.312:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Onestat : Gesäubert mit Backup
:mozilla.313:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Googleadservices : Gesäubert mit Backup
:mozilla.320:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Googleadservices : Gesäubert mit Backup
:mozilla.350:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Sitestat : Gesäubert mit Backup
:mozilla.352:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Sitestat : Gesäubert mit Backup
:mozilla.353:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.355:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Googleadservices : Gesäubert mit Backup
:mozilla.357:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.358:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.359:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.360:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.361:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.362:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.363:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Yieldmanager : Gesäubert mit Backup
:mozilla.400:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Googleadservices : Gesäubert mit Backup
:mozilla.406:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Targetnet : Gesäubert mit Backup
:mozilla.408:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
:mozilla.409:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
:mozilla.410:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
:mozilla.411:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
:mozilla.412:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
:mozilla.449:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Tacoda : Gesäubert mit Backup
:mozilla.450:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Burstnet : Gesäubert mit Backup
:mozilla.451:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Burstnet : Gesäubert mit Backup
:mozilla.452:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Burstnet : Gesäubert mit Backup
:mozilla.453:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Tacoda : Gesäubert mit Backup
:mozilla.468:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Googleadservices : Gesäubert mit Backup
:mozilla.511:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Valueclick : Gesäubert mit Backup
:mozilla.545:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.546:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.549:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Weborama : Gesäubert mit Backup
:mozilla.579:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Xhit : Gesäubert mit Backup
:mozilla.580:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Xhit : Gesäubert mit Backup
:mozilla.584:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Adserver : Gesäubert mit Backup
:mozilla.585:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Adserver : Gesäubert mit Backup
:mozilla.590:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
:mozilla.601:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Oewabox : Gesäubert mit Backup
:mozilla.609:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.610:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.611:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.612:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.613:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.614:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.619:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Euroclick : Gesäubert mit Backup
:mozilla.622:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hotlog : Gesäubert mit Backup
:mozilla.655:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Com : Gesäubert mit Backup
:mozilla.656:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Com : Gesäubert mit Backup
:mozilla.690:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Casalemedia : Gesäubert mit Backup
:mozilla.699:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.702:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Bfast : Gesäubert mit Backup
:mozilla.734:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.247realmedia : Gesäubert mit Backup
:mozilla.735:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.247realmedia : Gesäubert mit Backup
:mozilla.736:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Smartadserver : Gesäubert mit Backup
:mozilla.737:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Smartadserver : Gesäubert mit Backup
:mozilla.738:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Smartadserver : Gesäubert mit Backup
:mozilla.744:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.I12 : Gesäubert mit Backup
:mozilla.756:C:\Dokumente und Einstellungen\mandy schönemann\Anwendungsdaten\Mozilla\Firefox\Profiles\m40du79j.b0b\cookies.txt -> TrackingCookie.Addcontrol : Gesäubert mit Backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Gesäubert mit Backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Gesäubert mit Backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Gesäubert mit Backup
C:\WINDOWS\system32\winhld32.dll -> Hijacker.Small.kb : Gesäubert mit Backup
E:\kits (programs packed)\others\crack searcher\cracksearcher.exe -> Not-A-Virus.HackTool.Win32.CrackSearch.a : Gesäubert mit Backup
:mozilla.27:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.28:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Zedo : Gesäubert mit Backup
:mozilla.58:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Liveperson : Gesäubert mit Backup
:mozilla.68:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Liveperson : Gesäubert mit Backup
:mozilla.69:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Liveperson : Gesäubert mit Backup
:mozilla.82:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Trafic : Gesäubert mit Backup
:mozilla.83:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Burstnet : Gesäubert mit Backup
:mozilla.84:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Statcounter : Gesäubert mit Backup
:mozilla.86:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Enhance : Gesäubert mit Backup
:mozilla.87:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Com : Gesäubert mit Backup
:mozilla.88:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Com : Gesäubert mit Backup
:mozilla.95:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Yadro : Gesäubert mit Backup
:mozilla.125:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Tribalfusion : Gesäubert mit Backup
:mozilla.127:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Burstbeacon : Gesäubert mit Backup
:mozilla.128:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Targetnet : Gesäubert mit Backup
:mozilla.133:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.134:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
:mozilla.136:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Doubleclick : Gesäubert mit Backup
:mozilla.137:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Atdmt : Gesäubert mit Backup
:mozilla.139:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Spylog : Gesäubert mit Backup
:mozilla.158:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Revenue : Gesäubert mit Backup
:mozilla.168:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Bfast : Gesäubert mit Backup
:mozilla.169:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Bfast : Gesäubert mit Backup
:mozilla.170:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
:mozilla.173:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.174:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.175:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.176:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Pointroll : Gesäubert mit Backup
:mozilla.184:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Sitestat : Gesäubert mit Backup
:mozilla.204:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Ad-logics : Gesäubert mit Backup
:mozilla.206:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.207:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.2o7 : Gesäubert mit Backup
:mozilla.210:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Questionmarket : Gesäubert mit Backup
:mozilla.211:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Bluestreak : Gesäubert mit Backup
:mozilla.213:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Incredifind : Gesäubert mit Backup
:mozilla.214:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Incredifind : Gesäubert mit Backup
:mozilla.215:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Incredifind : Gesäubert mit Backup
:mozilla.216:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Incredifind : Gesäubert mit Backup
:mozilla.217:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Incredifind : Gesäubert mit Backup
:mozilla.218:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Incredifind : Gesäubert mit Backup
:mozilla.219:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Incredifind : Gesäubert mit Backup
:mozilla.221:F:\Documents and Settings\Mihaela\Application Data\Mozilla\Firefox\Profiles\vis488h6.default\cookies.txt -> TrackingCookie.Casalemedia : Gesäubert mit Backup
F:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Adware.DelphinMediaViewer : Gesäubert mit Backup
F:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Gesäubert mit Backup
F:\WINDOWS\sbsysdll.dll -> Not-A-Virus.Monitor.Win32.SpyBuddy.b : Gesäubert mit Backup
F:\WINDOWS\system32\unregister.exe -> Adware.VB : Gesäubert mit Backup

::Report Ende

2: HJT

Logfile of HijackThis v1.99.1
Scan saved at 21:56:22, on 02/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Programme\b0b\e-snips\SnipBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Programme\b0b\e-snips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/self...g/ESTPTest.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

3:PANDA
unfortunatelly, i could not make the online scanning due the following error (it is not the first time it happens):

"An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again

Possible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,... ""

This was it!!!!!

Guys, thanx a lot!!! problem solved, my computer works...looks even better than before...(anyway, after removing 328 infected elements...for sure!)

Thanx for the tips!!!

One Love! :PRAY:

P.S: Would you tell me if there'S still something to do?

tetonbob · 02-24-2006, 02:45 PM

Before you get too excited (although it looks like we did some good work), let's have a look at a couple things.

First, it appears as thought this HJT log was taken from Safe mode. We require logs be taken from normal mode.

Also, I see you have msconfig enabled. This may prevent us from seeing everything running on your system. Please re-enable all startup items.

Go to Start>Run type msconfig and press Enter.

Select Normal Startup - Load all Device Drivers and Services

Reboot and post a new log.

Regarding the Panda Scan, it's possible you don't have your ActiveX settings set to allow the download of the controls.

Please do this:

Please check your ActiveX security settings (Start -> (Settings) -> Control Panel -> Internet Options, Security Tab -> Internet -> Custom Level).

ActiveX controls and plug-ins
* Download signed ActiveX controls (Prompt)
* Download unsigned ActiveX controls (Prompt)
* Initialize and script ActiveX controls not marked as safe (Disable)
* Run ActiveX controls and plug-ins (Enabled) (This actually refers to Java and Flash, not ActiveX)
* Script ActiveX controls marked safe for scripting (Prompt)

Then try to run the scan again.

bobstertl · 02-24-2006, 03:07 PM

here is the HJT Log, on normal start-up:

Logfile of HijackThis v1.99.1
Scan saved at 23:03:01, on 02/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\wincmd\TOTALCMD.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Programme\b0b\e-snips\SnipBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Programme\b0b\e-snips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/self...g/ESTPTest.cab
O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

as for the panda, it is still not functioning...i did as told with the Active-x settings in the internet opitions, but the same error came...:( i am sorry!

But i still believe that we got rid of the big bad wolf....my comp runs even better than before...:)

so, one more time,

big hug!

P.S: You can't rock without Rock'n Roll!

tetonbob · 02-24-2006, 05:18 PM

I'd really like to get one online scan done. No one scanner gets everything, or sees what the others do.

Are you getting the yellow information bar? Is the download beginning, and then failing? Thousands of perople every day use this scanner, it's got to be some setting preventing it.

First, please do this:

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)

Please try this online scan:

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Run a new HijackThis scan. Save the log file and post it here.

bobstertl · 02-25-2006, 01:14 AM

Man, forget it with the online scan....
Also kspersky couldn't do the trick...:(
I believe it is bcause of my bad internet connection, which interrupts all the time...(I must change the provider, for sure)

i made another scan with HJT, and here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 09:08:52, on 02/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Programme\b0b\e-snips\SnipBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Programme\b0b\e-snips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/self...g/ESTPTest.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

ok.

Thanx again for the moment! i believe evrything is quite fixed now!!!
You helped me a lot!

i am not sure that i can post more replies, due the fact that today i have to leave town...and this computer is a desktop...

ONE Love!!!!

tetonbob · 02-25-2006, 07:33 AM

OK.....reluctantly, I'll say you're clean, as you seem satisfied that your system is operating well.

We still have a few items to address.

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
AD-AWARE
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
IE-SPYAD
IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Download IE-SpyAD - Extract the contents to a new folder
  From within the folder, double-click install.bat
  Select Option #2 - Install the new IE-SPYAD list.
  Then return to the main menu.
  Select option #4 - Add the old porn sites domain
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial

Here are two very good free Antivirus products which are available:
Avast!
AVG

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 4 free ones available for personal use:

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please respond to this thread one more time so we can mark this thread as resolved.

bobstertl · 02-25-2006, 10:36 AM

Thank you very much, my man!!!

i'll do as told!

some of these programs i have in use already, but it's not bad that you reminded me!!!

I will bild now a new antimalware set of programs!

One more time, a big up to all of you, which are doing this job!!!!

Respect!

02-24-2006, 05:29 AM	#1 (permalink)
bobstertl Registered User Join Date: Jan 2006 Posts: 16 OS: XP	Universa Application?! hello people! HAs anybody heard of UNIVERSA APPLICATION? well, i have it! Yesterday evening,while surfing on the internet (some chinese Students web site) the Bitdefender firewall prompted me that an application (i think it also called it Universa), tries to connect to the internet. well, i believe it is the first time when i allowed an unknown by me application to connect...and Surprise! Some internet explorer Error occured plus some script error for Internet explorer (i use Mozilla firefox 1.5). These 2 errors were popping up around every minute, so, it was clear. I thought it is something wrong about some infection, so i got to work. Today, First i denied the access to the internet for Universa Application. Than i runned: 1: Bitdefender antivirus, last updated definisions on today, also. It found some infections (Trojan) and it deleted It Found also some suspect files, so i sent them to the Bitdefender lab 2: Lavasoft Ad-Aware Personal, last updated today Cleaned some Critical entries 3: VX2 Cleaner V2.0 also System Clean 4: Spybot Search& destroy, today last updated Cleaned some Critical entries. there were also some about new dot net, i ordered the removal, but spybot, even after the schajuled scan on startup, couldn't remove 2 of them. 5: Trojan Remover (trial version) last updated today, found nothing in the system well, now, after i tried everything, the firewall lets me know every minute that he blocked the acces of this Universa Application. I looked ofcourse, in the system tray process list, and i identified these processes: winEA4.tmp.exe-----loaded 3 times----consumming 8756K two of them, and the third consuming 8652K; winEAA.tmp.exe-----loaded 2 times----consumming 8644K one, and 8652k the other; Anyways, these values variate a bit, from time to time, but it is all the time over 8500K. I tried to end these processes, and they just restart. I tried to kill the processes with HJT, but it told me that they are protected by Windows. I, of course followed also the rules than of this forum, before posing the thread, and no success. the problem is still there. And i ranned out of ideas! Perhaps you can help me? here is the log what HJT gave me after the scan (safe mode): Logfile of HijackThis v1.99.1 Scan saved at 12:10:23, on 02/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Softwin\BitDefender9\vsserv.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\Softwin\BitDefender9\bdswitch.exe C:\WINDOWS\System32\svchost.exe C:\progra~1\softwin\bitdef~1\bdnagent.exe C:\Programme\Softwin\BitDefender9\bdoesrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\taskmgr.exe C:\wincmd\TOTALCMD.EXE C:\Programme\Softwin\BitDefender9\bdmcon.exe C:\DOKUME~1\MANDYS~1\LOKALE~1\Temp\_tc\HijackThis.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Yahoo!\Messenger\Y!Multi Messenger.exe C:\WINDOWS\TEMP\winEA4.tmp.exe C:\WINDOWS\TEMP\winEAA.tmp.exe C:\WINDOWS\TEMP\winEA4.tmp.exe E:\kits (programs packed)\necessary stuff\anti spyware&firewalls\cwshredder\cwshredder.exe C:\WINDOWS\TEMP\winEAA.tmp.exe E:\kits (programs packed)\necessary stuff\anti spyware&firewalls\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Programme\b0b\e-snips\SnipBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Programme\Softwin\BitDefender9\bdswitch.exe" O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender9\bdnagent.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1 O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_AllO.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Snip to my eSnips account - C:\Programme\b0b\e-snips\res\SnipIt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/self...g/ESTPTest.cab O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender9\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Thanx A Lot, Guys, and i wait Anxioussly for Your Replies! Of Course, if You need any more Logs, i am here! might take a short while untill my answer, but i will be here, mainly...:) Last edited by bobstertl; 02-24-2006 at 05:33 AM.

02-24-2006, 08:14 AM	#2 (permalink)
bobstertl Registered User Join Date: Jan 2006 Posts: 16 OS: XP	universa... i am really curious about what i should do next... is there anybody who has an idea about this universa application? or should i better try further to solve this situation? i don't want to sound unpacient, i know that whoever would do something for me, would do it for free...but i desperately need the computer now, and it is going really slow, and the annoing message evry minute from the firewall, switches me out from the window in which i work...:(( i got some update now from bit defender, i will try one more time to get rid of this universa s#*$...( sorry ) All the best, and please understand me! i ask this, so i avoid changing the structure of the logs (in case somebody is looking already over my log). If not, i completlly understand, i am not the boss of anybody! Thanx anyways!

02-24-2006, 08:18 AM	#3 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,169 OS: 2000 Pro; XP Pro; XP Home	Before we begin, I want you to upload this file C:\WINDOWS\SYSTEM32\winhld32.dll to http://virusscan.jotti.org and report back what it found. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-24-2006, 08:21 AM	#4 (permalink)
bobstertl Registered User Join Date: Jan 2006 Posts: 16 OS: XP	thanx i do it rightaway! i just ghope my internet wont crash in the meanwhile.... Thanx a lot!!!

02-24-2006, 08:25 AM	#5 (permalink)
bobstertl Registered User Join Date: Jan 2006 Posts: 16 OS: XP	u got an eye!!!! u got an eye, baby!!! how do you want the reply, should i write it here? thanx!

02-24-2006, 08:27 AM	#6 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,562 OS: WinXP and Vista	Yes, just copy/paste the results of the jotti scan here in this thread __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

02-24-2006, 08:32 AM	#7 (permalink)
bobstertl Registered User Join Date: Jan 2006 Posts: 16 OS: XP	the result Here it is!!! File: winhld32.dll Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 eb74777a2d79bbeec18bdaf42bf42c28 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found Trojan.Clicker.Small.Kb Avast Found Win32:Trojano-3292 AVG Antivirus Found Clicker.BQZ BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found Adware/Small Kaspersky Anti-Virus Found Trojan-Clicker.Win32.Small.kb NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found Trojan-Clicker.Win32.Small.kb thanx people!

02-24-2006, 08:35 AM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,169 OS: 2000 Pro; XP Pro; XP Home	Settle in, this will take some time.... Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Download Ewido Security Suite Install Ewido Security Suite When installing, under "Additional Options" uncheck.. Install background guard Install scan via context menu Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it. NOTE Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility. Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will not create any backups!! Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop ** Ewido scan would require at least an hour. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O20 - Winlogon Notify: winhld32 - C:\WINDOWS\SYSTEM32\winhld32.dll Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Delete the following Files/Folders if they exist: C:\WINDOWS\SYSTEM32\winhld32.dll Restart in normal mode. Perform an online scan with Internet Explorer with Panda ActiveScan Click on the "Free To Use ActiveScan" located on the top right hand corner Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report Turn off the real time scanner of any existing antivirus program while performing the online scan Restart and run a new HijackThis scan. Save the log file and post it here. Please return with logs from: Ewido Panda HJT __________________ Practice Safe Surfing* PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-24-2006, 08:40 AM	#9 (permalink)
bobstertl Registered User Join Date: Jan 2006 Posts: 16 OS: XP	Thanx a lot! in a few hours, will come my logs!!! Thank you very much, let's see what happenes... one love!

02-24-2006, 02:45 PM	#11 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,169 OS: 2000 Pro; XP Pro; XP Home	Before you get too excited (although it looks like we did some good work), let's have a look at a couple things. First, it appears as thought this HJT log was taken from Safe mode. We require logs be taken from normal mode. Also, I see you have msconfig enabled. This may prevent us from seeing everything running on your system. Please re-enable all startup items. Go to Start>Run type msconfig and press Enter. Select Normal Startup - Load all Device Drivers and Services Reboot and post a new log. Regarding the Panda Scan, it's possible you don't have your ActiveX settings set to allow the download of the controls. Please do this: Please check your ActiveX security settings (Start -> (Settings) -> Control Panel -> Internet Options, Security Tab -> Internet -> Custom Level). ActiveX controls and plug-ins * Download signed ActiveX controls (Prompt) * Download unsigned ActiveX controls (Prompt) * Initialize and script ActiveX controls not marked as safe (Disable) * Run ActiveX controls and plug-ins (Enabled) (This actually refers to Java and Flash, not ActiveX) * Script ActiveX controls marked safe for scripting (Prompt) Then try to run the scan again. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-24-2006, 03:07 PM	#12 (permalink)
bobstertl Registered User Join Date: Jan 2006 Posts: 16 OS: XP	the log in normal start up here is the HJT Log, on normal start-up: Logfile of HijackThis v1.99.1 Scan saved at 23:03:01, on 02/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Softwin\BitDefender9\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\progra~1\softwin\bitdef~1\bdswitch.exe C:\progra~1\softwin\bitdef~1\bdmcon.exe C:\Programme\Softwin\BitDefender9\bdoesrv.exe C:\progra~1\softwin\bitdef~1\bdnagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\wincmd\TOTALCMD.EXE C:\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Programme\b0b\e-snips\SnipBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1 O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_AllO.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Snip to my eSnips account - C:\Programme\b0b\e-snips\res\SnipIt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/self...g/ESTPTest.cab O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender9\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) as for the panda, it is still not functioning...i did as told with the Active-x settings in the internet opitions, but the same error came...:( i am sorry! But i still believe that we got rid of the big bad wolf....my comp runs even better than before...:) so, one more time, big hug! P.S: You can't rock without Rock'n Roll!

02-24-2006, 05:18 PM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,169 OS: 2000 Pro; XP Pro; XP Home	I'd really like to get one online scan done. No one scanner gets everything, or sees what the others do. Are you getting the yellow information bar? Is the download beginning, and then failing? Thousands of perople every day use this scanner, it's got to be some setting preventing it. First, please do this: Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one: O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing) Please try this online scan: Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Run a new HijackThis scan. Save the log file and post it here. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-25-2006, 01:14 AM	#14 (permalink)
bobstertl Registered User Join Date: Jan 2006 Posts: 16 OS: XP	Online virus scan... Man, forget it with the online scan.... Also kspersky couldn't do the trick...:( I believe it is bcause of my bad internet connection, which interrupts all the time...(I must change the provider, for sure) i made another scan with HJT, and here is the log: Logfile of HijackThis v1.99.1 Scan saved at 09:08:52, on 02/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\progra~1\softwin\bitdef~1\bdswitch.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Softwin\BitDefender9\bdoesrv.exe C:\progra~1\softwin\bitdef~1\bdnagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Softwin\BitDefender9\vsserv.exe c:\progra~1\softwin\bitdef~1\bdmcon.exe C:\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Programme\b0b\e-snips\SnipBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1 O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Programme\b0b\offline explorer\Offline Explorer Enterprise\Add_AllO.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Snip to my eSnips account - C:\Programme\b0b\e-snips\res\SnipIt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://support.epson-europe.com/self...g/ESTPTest.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\b0b\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender9\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) ok. Thanx again for the moment! i believe evrything is quite fixed now!!! You helped me a lot! i am not sure that i can post more replies, due the fact that today i have to leave town...and this computer is a desktop... ONE Love!!!!

02-25-2006, 07:33 AM	#15 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,169 OS: 2000 Pro; XP Pro; XP Home	OK.....reluctantly, I'll say you're clean, as you seem satisfied that your system is operating well. We still have a few items to address. Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here AD-AWARE Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here IE-SPYAD IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Download IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online antivirus scanners: Anti-Spyware Tutorial Here are two very good free Antivirus products which are available: Avast! AVG It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software If you do not have a firewall, here are 4 free ones available for personal use: ZoneAlarm Avast Antivirus/Firewall Tiny Personal Firewall OutPost Firewall In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-25-2006, 10:36 AM	#16 (permalink)
bobstertl Registered User Join Date: Jan 2006 Posts: 16 OS: XP	Solved! Thank you very much, my man!!! i'll do as told! some of these programs i have in use already, but it's not bad that you reminded me!!! I will bild now a new antimalware set of programs! One more time, a big up to all of you, which are doing this job!!!! Respect!