| |
| |||||||
Log-Analyse und Auswertung: Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.06.2012, 16:15
| #1 |
 |  Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Hallo, auch wenn ich bisher dachte, mich vorsichtig im Netz zu bewegen, habe ich mir offenbar nun etwas eingefangen. Bei zwei unterschiedlichen Suchen fand mein Avira Antivirus "Viren oder unerwünschte Programme". Hier zuerst mal die Reports der Funde von Avira: Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 19. Juni 2012 20:16
Es wird nach 3848428 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : USER-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 18:39:57
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 18:39:57
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 18:40:00
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 18:40:01
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 19:49:36
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:13:52
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:43:28
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:58:51
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 19:49:30
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 19:49:30
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 19:49:30
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 19:49:30
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 19:49:30
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 19:49:30
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 19:49:31
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 19:49:31
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 19:49:31
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 19:49:34
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 20:56:01
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 07:05:27
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 07:19:23
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 15:45:47
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 16:37:05
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 16:37:05
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 16:37:07
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 16:37:12
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 16:37:15
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 16:37:15
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 16:48:00
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 16:48:01
VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 19:02:59
VBASE028.VDF : 7.11.33.84 2048 Bytes 18.06.2012 19:02:59
VBASE029.VDF : 7.11.33.85 2048 Bytes 18.06.2012 19:02:59
VBASE030.VDF : 7.11.33.86 2048 Bytes 18.06.2012 19:02:59
VBASE031.VDF : 7.11.33.88 2048 Bytes 18.06.2012 19:02:59
Engineversion : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 01.06.2012 16:37:06
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 14.06.2012 16:51:40
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 17:17:15
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 16:51:55
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.18 807287 Bytes 14.06.2012 16:51:37
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 14.06.2012 16:51:25
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 14.06.2012 16:51:01
AEHELP.DLL : 8.1.21.0 254326 Bytes 10.05.2012 19:49:32
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 16:49:51
AEEXP.DLL : 8.1.0.52 82293 Bytes 14.06.2012 16:51:56
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 16:37:56
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 18:39:55
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 18:39:57
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 18:40:01
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 18:39:56
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 18:39:57
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 18:40:01
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 18:39:57
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 18:40:00
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 18:39:55
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 18:39:55
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, F:, X:, A:, G:, H:, I:, J:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +PCK,+PFS,
Beginn des Suchlaufs: Dienstag, 19. Juni 2012 20:16
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'X:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'A:\'
[INFO] Im Laufwerk 'A:\' ist kein Datenträger eingelegt!
Bootsektor 'G:\'
[INFO] Im Laufwerk 'G:\' ist kein Datenträger eingelegt!
Bootsektor 'H:\'
[INFO] Im Laufwerk 'H:\' ist kein Datenträger eingelegt!
Bootsektor 'I:\'
[INFO] Im Laufwerk 'I:\' ist kein Datenträger eingelegt!
Bootsektor 'J:\'
[INFO] Im Laufwerk 'J:\' ist kein Datenträger eingelegt!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanionInfo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'reader_sl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanion.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'XSrvSetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ESSVR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCUService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2783' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows 7>
C:\Sandbox\***\DefaultBox\user\current\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\50e28fde-1b3ca218
[0] Archivtyp: ZIP
--> a/a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.AW.2
C:\Sandbox\***\DefaultBox\user\current\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\50e28fde-1b3ca218
[0] Archivtyp: ZIP
--> a/a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.AW.2
Beginne mit der Suche in 'E:\' <Daten>
E:\***\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
E:\***\Downloads\Fallout\RealDeathPhys\Realistic_Death_Physics_7zip_version-12306.7z
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
Beginne mit der Suche in 'F:\' <Windows XP>
Beginne mit der Suche in 'X:\' <System-reserviert>
Beginne mit der Suche in 'A:\'
Der zu durchsuchende Pfad A:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'G:\'
Der zu durchsuchende Pfad G:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'H:\'
Der zu durchsuchende Pfad H:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'I:\'
Der zu durchsuchende Pfad I:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'J:\'
Der zu durchsuchende Pfad J:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Desinfektion:
C:\Sandbox\***\DefaultBox\user\current\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\50e28fde-1b3ca218
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.AW.2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55887fe9.qua' verschoben!
Ende des Suchlaufs: Dienstag, 19. Juni 2012 22:08
Benötigte Zeit: 1:16:15 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
43760 Verzeichnisse wurden überprüft
1249645 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1249643 Dateien ohne Befall
19368 Archive wurden durchsucht
2 Warnungen
1 Hinweise
Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 26. Juni 2012 15:04
Es wird nach 3869434 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : USER-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 18:39:57
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 18:39:57
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 18:40:00
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 18:40:01
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 19:49:36
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:13:52
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:43:28
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:58:51
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 19:49:30
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 19:49:30
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 19:49:30
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 19:49:30
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 19:49:30
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 19:49:30
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 19:49:31
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 19:49:31
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 19:49:31
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 19:49:34
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 20:56:01
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 07:05:27
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 07:19:23
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 15:45:47
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 16:37:05
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 16:37:05
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 16:37:07
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 16:37:12
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 16:37:15
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 16:37:15
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 16:48:00
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 16:48:01
VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 19:02:59
VBASE028.VDF : 7.11.33.195 200192 Bytes 22.06.2012 16:06:19
VBASE029.VDF : 7.11.33.196 2048 Bytes 22.06.2012 16:06:19
VBASE030.VDF : 7.11.33.197 2048 Bytes 22.06.2012 16:06:19
VBASE031.VDF : 7.11.33.252 105472 Bytes 25.06.2012 17:25:08
Engineversion : 8.2.10.96
AEVDF.DLL : 8.1.2.8 106867 Bytes 01.06.2012 16:37:06
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 21.06.2012 13:47:47
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 17:17:15
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 16:51:55
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.22 807288 Bytes 21.06.2012 13:47:46
AEOFFICE.DLL : 8.1.2.38 201083 Bytes 21.06.2012 13:47:46
AEHEUR.DLL : 8.1.4.52 4923767 Bytes 21.06.2012 13:47:46
AEHELP.DLL : 8.1.21.0 254326 Bytes 10.05.2012 19:49:32
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 16:49:51
AEEXP.DLL : 8.1.0.54 82293 Bytes 21.06.2012 13:47:47
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 16:37:56
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 18:39:55
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 18:39:57
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 18:40:01
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 18:39:56
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 18:39:57
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 18:40:01
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 18:39:57
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 18:40:00
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 18:39:55
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 18:39:55
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, F:, X:, A:, G:, H:, I:, J:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +PCK,+PFS,
Beginn des Suchlaufs: Dienstag, 26. Juni 2012 15:04
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'X:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'A:\'
[INFO] Im Laufwerk 'A:\' ist kein Datenträger eingelegt!
Bootsektor 'G:\'
[INFO] Im Laufwerk 'G:\' ist kein Datenträger eingelegt!
Bootsektor 'H:\'
[INFO] Im Laufwerk 'H:\' ist kein Datenträger eingelegt!
Bootsektor 'I:\'
[INFO] Im Laufwerk 'I:\' ist kein Datenträger eingelegt!
Bootsektor 'J:\'
[INFO] Im Laufwerk 'J:\' ist kein Datenträger eingelegt!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanionInfo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'reader_sl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCU.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanion.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'XSrvSetup.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ESSVR.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCUService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2781' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows 7>
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6f6f29eb-3935dd29
[0] Archivtyp: ZIP
--> r_ota/r_otb.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/0507.BY.3
--> r_ota/r_otc.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lama.AE.2
--> r_ota/r_ota.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/5353.AJ.4.B
Beginne mit der Suche in 'E:\' <Daten>
E:\***\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
E:\***\Downloads\Fallout\RealDeathPhys\Realistic_Death_Physics_7zip_version-12306.7z
[WARNUNG] Die Komprimierungsmethode wird nicht unterstützt
Beginne mit der Suche in 'F:\' <Windows XP>
Beginne mit der Suche in 'X:\' <System-reserviert>
Beginne mit der Suche in 'A:\'
Der zu durchsuchende Pfad A:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'G:\'
Der zu durchsuchende Pfad G:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'H:\'
Der zu durchsuchende Pfad H:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'I:\'
Der zu durchsuchende Pfad I:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'J:\'
Der zu durchsuchende Pfad J:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Desinfektion:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6f6f29eb-3935dd29
[FUND] Enthält Erkennungsmuster des Exploits EXP/5353.AJ.4.B
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56eb6b9d.qua' verschoben!
Ende des Suchlaufs: Dienstag, 26. Juni 2012 16:11
Benötigte Zeit: 1:05:48 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
35512 Verzeichnisse wurden überprüft
1207651 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1207648 Dateien ohne Befall
17231 Archive wurden durchsucht
2 Warnungen
1 Hinweise
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.30.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: USER-PC [Administrator] 30.06.2012 14:08:37 mbam-log-2012-06-30 (14-08-37).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 400655 Laufzeit: 39 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 30.06.2012 16:55:18 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 53,52% Memory free 7,99 Gb Paging File | 5,86 Gb Available in Paging File | 73,28% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 90,34 Gb Total Space | 60,15 Gb Free Space | 66,59% Space Free | Partition Type: NTFS Drive E: | 325,03 Gb Total Space | 234,67 Gb Free Space | 72,20% Space Free | Partition Type: NTFS Drive F: | 50,29 Gb Total Space | 40,53 Gb Free Space | 80,59% Space Free | Partition Type: NTFS Drive X: | 100,00 Mb Total Space | 69,54 Mb Free Space | 69,54% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - C:\Windows\SysWOW64\XSrvSetup.exe () PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll () MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll () MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (s1039mdm) -- C:\Windows\SysNative\drivers\s1039mdm.sys (MCCI Corporation) DRV:64bit: - (s1039obex) -- C:\Windows\SysNative\drivers\s1039obex.sys (MCCI Corporation) DRV:64bit: - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1039unic.sys (MCCI Corporation) DRV:64bit: - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1039mgmt.sys (MCCI Corporation) DRV:64bit: - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1039nd5.sys (MCCI Corporation) DRV:64bit: - (s1039mdfl) -- C:\Windows\SysNative\drivers\s1039mdfl.sys (MCCI Corporation) DRV:64bit: - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\SysNative\drivers\s1039bus.sys (MCCI Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.telekom.at IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {54BC6F81-02AA-4f39-8246-89FC41CB0474} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{143AC29E-6423-433c-9326-ED1FF924D0B3}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\..\SearchScopes\{54BC6F81-02AA-4f39-8246-89FC41CB0474}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\Programme\Mozilla Firefox\components [2012.06.16 13:57:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.09.25 12:35:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2012.06.30 12:35:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2\Extensions\\Components: C:\Program Files (x86)\Netscape\Netscape 6\Components [2011.05.22 16:39:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2\Extensions\\Plugins: C:\Program Files (x86)\Netscape\Netscape 6\Plugins [2011.06.19 18:26:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: E:\Programme\Mozilla Firefox\components [2012.06.16 13:57:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.09.25 12:35:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2012.06.30 12:35:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2\Extensions\\Components: C:\Program Files (x86)\Netscape\Netscape 6\Components [2011.05.22 16:39:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2\Extensions\\Plugins: C:\Program Files (x86)\Netscape\Netscape 6\Plugins [2011.06.19 18:26:07 | 000,000,000 | ---D | M] [2011.05.08 19:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.05.08 19:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.03 15:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\61wt66de.default\extensions [2011.05.14 21:39:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\61wt66de.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab (Java Plug-in 1.3.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C3B794-4A57-4B5A-8F3C-989A18E1C36E}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.04.30 16:55:58 | 000,000,000 | ---- | M] () - X:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.30 16:49:51 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.23 09:25:16 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.23 09:25:16 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.23 09:25:16 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.23 09:25:06 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.23 09:25:06 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.23 09:25:06 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.23 09:24:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.23 09:24:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.21 17:13:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.06.13 23:38:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 23:38:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 23:38:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 23:38:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 23:38:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 23:38:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 23:38:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 23:38:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 23:38:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 23:38:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 23:38:05 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 23:38:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 23:38:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 22:17:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 22:17:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 22:17:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 22:17:04 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 22:17:04 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 22:17:04 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 22:17:00 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 22:16:55 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 22:16:55 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll ========== Files - Modified Within 30 Days ========== [2012.06.30 12:52:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.30 12:37:58 | 000,002,736 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.06.30 12:34:50 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 12:34:50 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 12:33:19 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.30 12:33:19 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.30 12:33:19 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.30 12:33:19 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.30 12:33:19 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.30 12:27:14 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2012.06.30 12:27:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.30 12:26:48 | 3218,497,536 | -HS- | M] () -- C:\hiberfil.sys [2012.06.26 17:33:31 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.21 15:51:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.21 15:51:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.14 15:27:54 | 000,351,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe ========== Files Created - No Company Name ========== [2011.06.01 11:28:48 | 000,002,736 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.05.25 11:54:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\GBGraphics.dll [2011.05.22 16:39:45 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.22 16:38:47 | 000,083,088 | ---- | C] () -- C:\Windows\N6Uninst.exe [2011.05.22 16:38:46 | 000,006,786 | ---- | C] () -- C:\Windows\mozver.dat [2011.05.20 20:54:07 | 000,000,796 | ---- | C] () -- C:\Users\***\SilentHill.lnk [2011.05.20 20:52:40 | 000,000,789 | ---- | C] () -- C:\Users\***\Labyrinth.lnk [2011.05.20 20:49:08 | 000,000,803 | ---- | C] () -- C:\Users\***\Geschichten.lnk [2011.05.11 23:59:00 | 000,007,597 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2011.05.07 17:44:52 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2011.04.13 14:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.13 14:13:50 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2011.04.13 14:09:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.03.21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.01.13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2011.05.08 19:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.05.21 19:23:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock [2011.05.14 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.14 21:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.05.08 21:02:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at [2011.05.08 19:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.06.14 15:28:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.06.2012 16:55:18 - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 53,52% Memory free
7,99 Gb Paging File | 5,86 Gb Available in Paging File | 73,28% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 90,34 Gb Total Space | 60,15 Gb Free Space | 66,59% Space Free | Partition Type: NTFS
Drive E: | 325,03 Gb Total Space | 234,67 Gb Free Space | 72,20% Space Free | Partition Type: NTFS
Drive F: | 50,29 Gb Total Space | 40,53 Gb Free Space | 80,59% Space Free | Partition Type: NTFS
Drive X: | 100,00 Mb Total Space | 69,54 Mb Free Space | 69,54% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ED1FF88-E802-4E5B-B648-7881D9E13179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2445CE4B-DED2-430E-957C-D2F751D11CC3}" = lport=137 | protocol=17 | dir=in | app=system |
"{24992CE8-DE47-4314-A722-FDB7632C7799}" = rport=137 | protocol=17 | dir=out | app=system |
"{3011CD83-4079-4D6D-B8AF-764DBF6C5554}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30ED4F55-6AAC-4A4A-9EC3-865E0F114447}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37B40849-4CB8-4EA9-B2D3-BD255413BC66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3949080B-B3D7-4235-9002-CD5D486370C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B176817-AC78-4E8E-8B48-A7525F8564D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{3FF09ECC-B21B-4310-BEFC-66ED4EE4C072}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62C4ACFE-87FE-49BE-BEF0-BFAF5E32EEF2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6E57144A-E29D-4691-9992-055DAA1DBBA9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79F4EECE-451C-4AF7-B6CA-9A965F7989C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{888281AC-A511-401A-9471-0954DACB5ECE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A550615F-41DD-4929-BAA0-E37DCB34BE2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A787899A-6F2F-437E-8968-440F13EC055B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0D1F9A2-2221-4C28-88DC-EB5BA6A7D564}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4CDBD0A-B1E3-4F97-B473-DFC60222EE06}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4ECC865-C84C-4B4E-83CF-187473D6A734}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0CB8D0C-8AA5-4E8C-8135-42453AAF4105}" = rport=138 | protocol=17 | dir=out | app=system |
"{DB17FA54-C2D3-4E58-A1EC-72912BD05217}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5645080-D324-4877-88DF-92B1AA5F5E67}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F65D899A-697C-44CC-B474-4FEFD21363AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{F71A61E0-3816-4D2D-BE9D-9CEC67A410AD}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{162D2528-5793-4334-8503-844AD872AD6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{169C5B25-0F80-49D7-9FCC-086E6CA64AEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25FB6C90-A617-4EBB-AD3A-E561BB3EFCE6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45334A87-32CD-4925-AC46-7F06746752F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48882B69-E8D2-409F-9707-1DBF21E629BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{533A7F44-3924-48E6-8DA5-679367B647B5}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{65DBA613-B0BA-416F-BD13-CA358EA8CF7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{738D80A4-8BF5-4ADD-95EB-41BA627ECE5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74867FE8-535D-4971-A416-8FB02A6F2A63}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E630166-9399-42DF-8D0A-0FD9562F6DE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8C2570CD-F64D-4F27-A4D6-B8A1498BBD7D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90056150-86BA-4B7B-BA5F-EFEBB775D4FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9586A4C2-2758-4213-A758-8E4C336B0762}" = protocol=6 | dir=out | app=system |
"{AC4DB314-1262-46DB-94F4-3BB292161B3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B5417DA0-8BB7-4143-9FA4-655CC4A9DE7D}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{C1D8A5B6-4EAA-46ED-9ADC-ACEE2D2BDE9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C24280E8-A1B6-4FF5-917C-A53B6891E9B7}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{C5A60252-6805-40FD-887A-59CE307909B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C811D16D-DD9D-49C8-A4A3-23DD039FFD75}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{CE89BCCF-75A2-4FB6-8525-E91B8C745026}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4775E10-05E8-4070-9D42-8EF0AA5E5BC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC791A1A-379A-4BCA-9C70-DBF5D54EB93C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFE83A6D-3267-481B-A313-DC4488B58092}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{AF1DCDE2-2AB1-4BA9-B246-57F86AD829CE}E:\programme\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=e:\programme\mozilla firefox\plugin-container.exe |
"UDP Query User{3672482C-2550-4D89-AB98-834FD6ED51CD}E:\programme\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=e:\programme\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{47B188E2-2447-5C40-15B6-9D49DC90BF5B}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F143175-13D3-5AE8-5AE9-262C6D60F994}" = AMD Fuel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{D7B6A47A-3DC9-64FE-BFD0-ED02F036D539}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.54 (64-bit)
"sp6" = Logitech SetPoint 6.22
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{810FB87E-B3F8-40E2-B1CD-0B138EE896A2}_is1" = TOPP Vorlagen-Druckstudio (5578)
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E884205-E3A3-55F3-2EE2-0E39F8E6CCED}" = Catalyst Control Center Graphics Previews Common
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9329BA0E-DD91-D33E-B73F-AA5179C53736}" = Catalyst Control Center
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{BD5D6437-94F6-C8F4-AF1B-B1658E0CB8F7}" = CCC Help English
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38556C1-486C-C07B-4655-2F1BCF18C68A}" = Catalyst Control Center InstallProxy
"100,000 Deluxe Graphics Pack" = 100,000 Deluxe Graphics Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.4
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Controller" = Controller
"EasyBCD" = EasyBCD 2.0
"Finale 2002" = Finale 2002
"Free Studio_is1" = Free Studio version 4.8
"GIMP" = GIMP
"Harvard Designer Inhalts-CD-ROM" = Harvard Designer Inhalts-CD-ROM
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JRE 1.3.1" = Java 2 Runtime Environment Standard Edition v1.3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Netscape 6 (6.2)" = Netscape 6 (6.2)
"PhotoResampling_is1" = PhotoResampling 9.2
"Security Task Manager" = Security Task Manager 1.8c
"SPCHDesigner40" = Harvard Designer
"Uninstall_is1" = Uninstall 1.0.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.06.2012 12:54:54 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fallout3.exe, Version: 1.7.0.3, Zeitstempel:
0x4a40f18b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038dc9 ID des fehlerhaften Prozesses:
0xf9c Startzeit der fehlerhaften Anwendung: 0x01cd53bbcb63e0e8 Pfad der fehlerhaften
Anwendung: E:\Spiele\Bethesda Softworks\Fallout 3\Fallout3.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: a6fd6c81-bfaf-11e1-b77e-1c6f653f55e9
Error - 26.06.2012 16:40:32 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm GECK.exe, Version 1.5.0.19 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 368 Startzeit:
01cd53be45848fca Endzeit: 0 Anwendungspfad: E:\Spiele\Bethesda Softworks\Fallout 3\GECK.exe
Berichts-ID:
29f5d40f-bfcf-11e1-b77e-1c6f653f55e9
Error - 27.06.2012 02:00:59 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.06.2012 11:14:40 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.06.2012 13:52:09 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.06.2012 03:06:02 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.06.2012 12:30:56 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 06:28:40 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 06:49:45 | Computer Name = User-PC | Source = VSS | ID = 12310
Description =
Error - 30.06.2012 06:49:45 | Computer Name = User-PC | Source = VSS | ID = 12298
Description =
[ System Events ]
Error - 25.06.2012 12:43:51 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 26.06.2012 02:28:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 26.06.2012 08:59:26 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 26.06.2012 11:35:46 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 27.06.2012 01:59:28 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 27.06.2012 11:13:08 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 28.06.2012 13:50:38 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 29.06.2012 03:04:29 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 29.06.2012 12:29:23 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 30.06.2012 06:27:36 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
< End of report >
Weiters führte ich mit einer Desinfec't Live-DVD Scans mit Bitdefender, ClamAV, Kaspersky Anti-Virus und wieder Avira AntiVir durch. Als einziges Ergebnis fand ClamAv "Heuristics.Phishing.Email.SpoofedDomain" in Benutzer/***/AppData/Roaming/Thunderbird/Profile/b9uext58.default/mail/localfolder/Outlook Express Import/Gelöschte Objekte Verstehe ich es richtig, dass es sich bei letzterem "nur" um ein Mail handelt, das auf eine Phishing-Seite weiterleiten würde, sofern man den Link darin anklickt (was ich aber nicht getan habe) und das von sich aus nichts anrichten kann, wenn man es einfach löscht (wie ich es getan habe) und das man nun endgültig löschen und vergessen kann (wie ich es noch tun sollte)? Ich würde mich über eine Einschätzung meiner Situation und der zu empfehlenden Vorgehensweise freuen. Danke auf jeden Fall im Voraus. |
|
01.07.2012, 06:18
| #2 | ||||
| /// Helfer-Team    | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\..\SearchScopes,DefaultScope = {54BC6F81-02AA-4f39-8246-89FC41CB0474}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{143AC29E-6423-433c-9326-ED1FF924D0B3}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{54BC6F81-02AA-4f39-8246-89FC41CB0474}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
3. erneut einen Scan mit OTL:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
01.07.2012, 10:55
| #3 |
| | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Danke, Kira, für die Antwort und die Anleitung (die ich hoffentlich korrekt befolge).
__________________Hier der Log nach dem OTL-Fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{143AC29E-6423-433c-9326-ED1FF924D0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{143AC29E-6423-433c-9326-ED1FF924D0B3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54BC6F81-02AA-4f39-8246-89FC41CB0474}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BC6F81-02AA-4f39-8246-89FC41CB0474}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: XXX
->Temp folder emptied: 70739553 bytes
->Temporary Internet Files folder emptied: 118869725 bytes
->Java cache emptied: 4812 bytes
->FireFox cache emptied: 321713604 bytes
->Flash cache emptied: 26069 bytes
User: ***
->Temp folder emptied: 54374437 bytes
->Temporary Internet Files folder emptied: 69111375 bytes
->Java cache emptied: 1733325 bytes
->FireFox cache emptied: 367417079 bytes
->Flash cache emptied: 15949 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 233583193 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 11079013204 bytes
Total Files Cleaned = 11.746,00 mb
OTL by OldTimer - Version 3.2.53.0 log created on 07012012_110558
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Code:
ATTFilter 100,000 Deluxe Graphics Pack 02.05.2011 7-Zip 9.20 12.06.2011 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 20.06.2012 6,00MB 11.3.300.262 Adobe Reader 9.4.6 Adobe Systems Incorporated 21.09.2011 144,1MB 9.4.6 aonFTP Telekom Austria TA AG 07.05.2011 aonUpdate Telekom Austria TA AG 07.05.2011 Ashampoo Burning Studio Elements 10.0.4 ashampoo GmbH & Co. KG 28.04.2011 157,7MB 3.1.1 ATI Catalyst Install Manager ATI Technologies, Inc. 13.04.2011 3.0.816.0 Audacity 1.2.6 06.05.2011 Avira Free Antivirus Avira 07.05.2012 104,9MB 12.0.0.1125 BioShock 2K Games 10.05.2011 2.62.0000 Browser Configuration Utility DeviceVM Inc. 12.04.2011 2,98MB 1.1.18.0 CCleaner Piriform 23.05.2011 2.28 Compatibility Pack für 2007 Office System Microsoft Corporation 24.05.2011 68,0MB 12.0.6514.5001 Controller Telekom Austria TA AG 07.05.2011 CPUID CPU-Z 1.57 27.04.2011 EasyBCD 2.0 NeoSmart Technologies 29.04.2011 2.0 EasySaver B9.1214.1 Gigabyte 13.04.2011 1.00.0000 Fallout 3 Bethesda Softworks 14.06.2011 1.00.0000 Fallout 3 - The Garden of Eden Creation Kit Bethesda Softworks 11.07.2011 1.00.0000 Finale 2002 06.05.2011 Free Studio version 4.8 DVDVideoSoft Limited. 13.05.2011 145,8MB Gigabyte Raid Configurer GIGABYTE Technologies, Inc. 12.04.2011 1.00.0001 GIMP 02.05.2011 Harvard Designer 02.05.2011 Harvard Designer Inhalts-CD-ROM 02.05.2011 Highspeed-Internet-Installation Telekom Austria TA AG 07.05.2011 Java 2 Runtime Environment Standard Edition v1.3.1 21.05.2011 Java(TM) 7 Update 4 Oracle 22.05.2012 99,3MB 7.0.40 JavaFX 2.1.0 Oracle Corporation 22.05.2012 20,9MB 2.1.0 Logitech SetPoint 6.22 Logitech 12.04.2011 6.22.24 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 25.06.2012 18,0MB 1.61.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 12.04.2011 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.04.2011 4.0.30319 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 11.06.2011 33,5MB 3.0.19.0 Microsoft Office 2000 Professional Microsoft Corporation 06.05.2011 152,0MB 9.00.2816 Microsoft Office Word Viewer 2003 Microsoft Corporation 24.05.2011 26,7MB 11.0.8173.0 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10.05.2011 0,42MB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 14.05.2011 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.05.2011 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 13.04.2011 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.10.2011 11,1MB 10.0.40219 Mozilla Firefox 12.0 (x86 de) Mozilla 05.05.2012 43,9MB 12.0 Mozilla Firefox 5.0 (x86 de) Mozilla 20.06.2011 31,2MB 5.0 Mozilla Thunderbird (3.1.10) Mozilla 07.05.2011 3.1.10 (de) Mozilla Thunderbird 13.0.1 (x86 de) Mozilla 29.06.2012 62,4MB 13.0.1 NEC Electronics USB 3.0 Host Controller Driver NEC Electronics Corporation 12.04.2011 0,97MB 1.0.18.0 Netscape 6 (6.2) 21.05.2011 ON_OFF Charge B10.0427.1 GIGABYTE 12.04.2011 1.00.0001 oZone3D.Net FurMark v1.8.2 oZone3D.Net 12.04.2011 3,91MB PDFCreator Frank Heindörfer, Philip Chinery 23.05.2011 0.9.9 PhotoResampling 9.2 24.05.2011 Realtek Ethernet Controller Driver For Windows 7 Realtek 12.04.2011 7.18.322.2010 Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 12.04.2011 6.0.1.6034 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12.04.2011 6.0.1.6083 Sandboxie 3.72 (64-bit) SANDBOXIE L.T.D 12.04.2011 3.72 Security Task Manager 1.8c Neuber Software 27.05.2011 1.8c SILENT HILL 3 Konami Computer Entertainment Tokyo, Inc. 03.05.2011 4.971,0MB 1.00.0000 Sony PC Companion 2.10.065 Sony 29.05.2012 19,3MB 2.10.065 TOPP Vorlagen-Druckstudio (5578) frechverlag GmbH 24.04.2012 16,4MB Uninstall 1.0.0.1 13.05.2011 10,6MB Windows Media Player Firefox Plugin Microsoft Corp 24.09.2011 0,29MB 1.0.0.8 Code:
ATTFilter OTL logfile created on: 01.07.2012 11:44:12 - Run 3 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,55% Memory free 7,99 Gb Paging File | 6,36 Gb Available in Paging File | 79,59% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 90,34 Gb Total Space | 61,12 Gb Free Space | 67,65% Space Free | Partition Type: NTFS Drive E: | 325,03 Gb Total Space | 244,96 Gb Free Space | 75,36% Space Free | Partition Type: NTFS Drive F: | 50,29 Gb Total Space | 40,53 Gb Free Space | 80,59% Space Free | Partition Type: NTFS Drive X: | 100,00 Mb Total Space | 69,54 Mb Free Space | 69,54% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.30 12:52:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.06.16 13:57:54 | 000,913,888 | ---- | M] (Mozilla Corporation) -- E:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.08 20:40:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:39:57 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 20:39:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.12 10:56:46 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe PRC - [2012.04.11 15:47:44 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.16 13:57:54 | 002,042,848 | ---- | M] () -- E:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.04.11 15:47:44 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.03 12:30:52 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2011.11.23 18:38:58 | 000,205,824 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.03.09 06:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.03.09 01:06:44 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2012.06.17 09:52:14 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.05.08 20:40:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 20:39:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.0) DRV:64bit: - [2012.05.08 20:40:01 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 20:40:01 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.09 11:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.03.09 06:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.01.19 17:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.04.27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.03.01 11:43:14 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm) DRV:64bit: - [2010.03.01 11:43:14 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex) DRV:64bit: - [2010.03.01 11:43:12 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV:64bit: - [2010.03.01 11:43:12 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2010.03.01 11:43:12 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV:64bit: - [2010.03.01 11:43:10 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl) DRV:64bit: - [2010.03.01 11:43:02 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2012.07.01 11:08:15 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012.06.17 09:52:12 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.telekom.at IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\Programme\Mozilla Firefox\components [2012.06.16 13:57:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.09.25 12:35:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2012.06.30 12:35:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2\Extensions\\Components: C:\Program Files (x86)\Netscape\Netscape 6\Components [2011.05.22 16:39:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2\Extensions\\Plugins: C:\Program Files (x86)\Netscape\Netscape 6\Plugins [2011.06.19 18:26:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: E:\Programme\Mozilla Firefox\components [2012.06.16 13:57:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.09.25 12:35:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2012.06.30 12:35:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2\Extensions\\Components: C:\Program Files (x86)\Netscape\Netscape 6\Components [2011.05.22 16:39:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2\Extensions\\Plugins: C:\Program Files (x86)\Netscape\Netscape 6\Plugins [2011.06.19 18:26:07 | 000,000,000 | ---D | M] [2011.05.08 19:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.05.08 19:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.03 15:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\61wt66de.default\extensions [2011.05.14 21:39:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\61wt66de.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131-win.cab (Java Plug-in 1.3.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C3B794-4A57-4B5A-8F3C-989A18E1C36E}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.04.30 16:55:58 | 000,000,000 | ---- | M] () - X:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.01 11:05:58 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.30 18:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2012.06.30 18:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie [2012.06.30 16:49:51 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.23 09:25:16 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.23 09:25:16 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.23 09:25:16 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.23 09:25:06 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.23 09:25:06 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.23 09:25:06 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.23 09:24:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.23 09:24:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.21 17:13:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.06.13 23:38:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 23:38:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 23:38:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 23:38:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 23:38:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 23:38:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 23:38:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 23:38:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 23:38:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 23:38:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 23:38:05 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 23:38:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 23:38:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 22:17:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 22:17:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 22:17:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 22:17:04 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 22:17:04 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 22:17:04 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 22:17:00 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 22:16:55 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 22:16:55 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll ========== Files - Modified Within 30 Days ========== [2012.07.01 11:15:29 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 11:15:29 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 11:12:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.01 11:12:24 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.01 11:12:24 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.01 11:12:24 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.01 11:12:24 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.01 11:08:15 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2012.07.01 11:08:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.01 11:08:07 | 3218,497,536 | -HS- | M] () -- C:\hiberfil.sys [2012.07.01 10:24:27 | 000,001,844 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.06.30 18:03:25 | 000,000,923 | ---- | M] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk [2012.06.30 12:52:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.26 17:33:31 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.21 15:51:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.21 15:51:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.14 15:27:54 | 000,351,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe ========== Files Created - No Company Name ========== [2012.06.30 18:03:33 | 000,000,923 | ---- | C] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk [2012.06.30 18:03:31 | 000,001,844 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.05.25 11:54:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\GBGraphics.dll [2011.05.22 16:39:45 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.22 16:38:47 | 000,083,088 | ---- | C] () -- C:\Windows\N6Uninst.exe [2011.05.22 16:38:46 | 000,006,786 | ---- | C] () -- C:\Windows\mozver.dat [2011.05.20 20:54:07 | 000,000,796 | ---- | C] () -- C:\Users\***\SilentHill.lnk [2011.05.20 20:52:40 | 000,000,789 | ---- | C] () -- C:\Users\***\Labyrinth.lnk [2011.05.20 20:49:08 | 000,000,803 | ---- | C] () -- C:\Users\***\Geschichten.lnk [2011.05.11 23:59:00 | 000,007,597 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2011.05.07 17:44:52 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2011.04.13 14:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.13 14:13:50 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2011.04.13 14:09:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.03.21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.01.13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2011.05.08 19:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.05.21 19:23:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock [2011.05.14 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.14 21:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.05.08 21:02:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at [2011.05.08 19:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.06.14 15:28:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.07.2012 11:44:12 - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,55% Memory free
7,99 Gb Paging File | 6,36 Gb Available in Paging File | 79,59% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 90,34 Gb Total Space | 61,12 Gb Free Space | 67,65% Space Free | Partition Type: NTFS
Drive E: | 325,03 Gb Total Space | 244,96 Gb Free Space | 75,36% Space Free | Partition Type: NTFS
Drive F: | 50,29 Gb Total Space | 40,53 Gb Free Space | 80,59% Space Free | Partition Type: NTFS
Drive X: | 100,00 Mb Total Space | 69,54 Mb Free Space | 69,54% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ED1FF88-E802-4E5B-B648-7881D9E13179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2445CE4B-DED2-430E-957C-D2F751D11CC3}" = lport=137 | protocol=17 | dir=in | app=system |
"{24992CE8-DE47-4314-A722-FDB7632C7799}" = rport=137 | protocol=17 | dir=out | app=system |
"{3011CD83-4079-4D6D-B8AF-764DBF6C5554}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30ED4F55-6AAC-4A4A-9EC3-865E0F114447}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37B40849-4CB8-4EA9-B2D3-BD255413BC66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3949080B-B3D7-4235-9002-CD5D486370C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B176817-AC78-4E8E-8B48-A7525F8564D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{3FF09ECC-B21B-4310-BEFC-66ED4EE4C072}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62C4ACFE-87FE-49BE-BEF0-BFAF5E32EEF2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6E57144A-E29D-4691-9992-055DAA1DBBA9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79F4EECE-451C-4AF7-B6CA-9A965F7989C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{888281AC-A511-401A-9471-0954DACB5ECE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A550615F-41DD-4929-BAA0-E37DCB34BE2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A787899A-6F2F-437E-8968-440F13EC055B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0D1F9A2-2221-4C28-88DC-EB5BA6A7D564}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4CDBD0A-B1E3-4F97-B473-DFC60222EE06}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4ECC865-C84C-4B4E-83CF-187473D6A734}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0CB8D0C-8AA5-4E8C-8135-42453AAF4105}" = rport=138 | protocol=17 | dir=out | app=system |
"{DB17FA54-C2D3-4E58-A1EC-72912BD05217}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5645080-D324-4877-88DF-92B1AA5F5E67}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F65D899A-697C-44CC-B474-4FEFD21363AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{F71A61E0-3816-4D2D-BE9D-9CEC67A410AD}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{162D2528-5793-4334-8503-844AD872AD6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{169C5B25-0F80-49D7-9FCC-086E6CA64AEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25FB6C90-A617-4EBB-AD3A-E561BB3EFCE6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45334A87-32CD-4925-AC46-7F06746752F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48882B69-E8D2-409F-9707-1DBF21E629BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{533A7F44-3924-48E6-8DA5-679367B647B5}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{65DBA613-B0BA-416F-BD13-CA358EA8CF7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{738D80A4-8BF5-4ADD-95EB-41BA627ECE5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74867FE8-535D-4971-A416-8FB02A6F2A63}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E630166-9399-42DF-8D0A-0FD9562F6DE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8C2570CD-F64D-4F27-A4D6-B8A1498BBD7D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90056150-86BA-4B7B-BA5F-EFEBB775D4FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9586A4C2-2758-4213-A758-8E4C336B0762}" = protocol=6 | dir=out | app=system |
"{AC4DB314-1262-46DB-94F4-3BB292161B3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B5417DA0-8BB7-4143-9FA4-655CC4A9DE7D}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{C1D8A5B6-4EAA-46ED-9ADC-ACEE2D2BDE9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C24280E8-A1B6-4FF5-917C-A53B6891E9B7}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{C5A60252-6805-40FD-887A-59CE307909B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C811D16D-DD9D-49C8-A4A3-23DD039FFD75}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{CE89BCCF-75A2-4FB6-8525-E91B8C745026}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4775E10-05E8-4070-9D42-8EF0AA5E5BC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC791A1A-379A-4BCA-9C70-DBF5D54EB93C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFE83A6D-3267-481B-A313-DC4488B58092}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{AF1DCDE2-2AB1-4BA9-B246-57F86AD829CE}E:\programme\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=e:\programme\mozilla firefox\plugin-container.exe |
"UDP Query User{3672482C-2550-4D89-AB98-834FD6ED51CD}E:\programme\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=e:\programme\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{47B188E2-2447-5C40-15B6-9D49DC90BF5B}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F143175-13D3-5AE8-5AE9-262C6D60F994}" = AMD Fuel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{D7B6A47A-3DC9-64FE-BFD0-ED02F036D539}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.72 (64-bit)
"sp6" = Logitech SetPoint 6.22
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{810FB87E-B3F8-40E2-B1CD-0B138EE896A2}_is1" = TOPP Vorlagen-Druckstudio (5578)
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E884205-E3A3-55F3-2EE2-0E39F8E6CCED}" = Catalyst Control Center Graphics Previews Common
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9329BA0E-DD91-D33E-B73F-AA5179C53736}" = Catalyst Control Center
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{BD5D6437-94F6-C8F4-AF1B-B1658E0CB8F7}" = CCC Help English
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38556C1-486C-C07B-4655-2F1BCF18C68A}" = Catalyst Control Center InstallProxy
"100,000 Deluxe Graphics Pack" = 100,000 Deluxe Graphics Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.4
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Controller" = Controller
"EasyBCD" = EasyBCD 2.0
"Finale 2002" = Finale 2002
"Free Studio_is1" = Free Studio version 4.8
"GIMP" = GIMP
"Harvard Designer Inhalts-CD-ROM" = Harvard Designer Inhalts-CD-ROM
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JRE 1.3.1" = Java 2 Runtime Environment Standard Edition v1.3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Netscape 6 (6.2)" = Netscape 6 (6.2)
"PhotoResampling_is1" = PhotoResampling 9.2
"Security Task Manager" = Security Task Manager 1.8c
"SPCHDesigner40" = Harvard Designer
"Uninstall_is1" = Uninstall 1.0.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.06.2012 13:52:09 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.06.2012 03:06:02 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.06.2012 12:30:56 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 06:28:40 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 06:49:45 | Computer Name = User-PC | Source = VSS | ID = 12310
Description =
Error - 30.06.2012 06:49:45 | Computer Name = User-PC | Source = VSS | ID = 12298
Description =
Error - 30.06.2012 11:41:02 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 11:51:49 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.07.2012 04:15:22 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.07.2012 05:10:00 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.06.2012 01:59:28 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 27.06.2012 11:13:08 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 28.06.2012 13:50:38 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 29.06.2012 03:04:29 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 29.06.2012 12:29:23 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 30.06.2012 06:27:36 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 30.06.2012 11:39:29 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 30.06.2012 11:50:14 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 01.07.2012 04:13:48 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 01.07.2012 05:08:26 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
< End of report >
|
|
02.07.2012, 07:48
| #4 | |
| /// Helfer-Team | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Systemreinigung und Prüfung: 1. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " für 64 Bit: Java(TM) 7 Update 4 - von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 2. Adobe Reader aktualisieren : - Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 3. Aktualisieren: -> Mozilla Firefox-> Hilfe -> über Menü Hilfe -> "Über Fitefox" 4. Zitat:
✏ Tipp: Um eine bessere Übersicht über laufenden Anwendungen und Prozesse, die CPU-Aktivität zu beobachten , kann ich Dir aus eigene Erfahrung auch den -> Prozess explorer Von Mark Russinovich zu empfehlen 5. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 6. reinige dein System mit CCleaner:
7.
8. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 9. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 10. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
02.07.2012, 22:27
| #5 | |
| | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Leider bin ich nur bis Punkt 7 gekommen. Zitat:
Vielleicht kannst du trotzdem erst mal etwas mit dem Log anfangen: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/02/2012 at 10:47 PM
Application Version : 5.5.1006
Core Rules Database Version : 8832
Trace Rules Database Version: 6644
Scan type : Complete Scan
Total Scan Time : 00:54:17
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 716
Memory threats detected : 0
Registry items scanned : 66558
Registry threats detected : 0
File items scanned : 66632
File threats detected : 616
Adware.Tracking Cookie
C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\T1H60LH1.txt [ Cookie:XXX@zanox.com/ ]
C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\2ZXP1FWJ.txt [ Cookie:XXX@apmebf.com/ ]
C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\FLVH0Z1G.txt [ Cookie:XXX@smartadserver.com/ ]
C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\XXX@adx.chip[2].txt [ Cookie:XXX@adx.chip.de/ ]
C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\T8IAXLPU.txt [ Cookie:XXX@doubleclick.net/ ]
C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\NVWSVGDN.txt [ Cookie:XXX@ad.zanox.com/ ]
C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\C0Z6FY9W.txt [ Cookie:XXX@atdmt.com/ ]
C:\USERS\XXX\Cookies\T1H60LH1.txt [ Cookie:XXX@zanox.com/ ]
C:\USERS\XXX\Cookies\2ZXP1FWJ.txt [ Cookie:XXX@apmebf.com/ ]
C:\USERS\XXX\Cookies\FLVH0Z1G.txt [ Cookie:XXX@smartadserver.com/ ]
C:\USERS\XXX\Cookies\XXX@adx.chip[2].txt [ Cookie:XXX@adx.chip.de/ ]
C:\USERS\XXX\Cookies\T8IAXLPU.txt [ Cookie:XXX@doubleclick.net/ ]
C:\USERS\XXX\Cookies\NVWSVGDN.txt [ Cookie:XXX@ad.zanox.com/ ]
C:\USERS\XXX\Cookies\C0Z6FY9W.txt [ Cookie:XXX@atdmt.com/ ]
.xiti.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.neckermannde.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
counter.search.bg [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.eduscho.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
stat.fratz.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.edsa.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.3gnet.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ads20.wwe-media.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.secmedia.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.harrenmedianetwork.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.nbcwidget.clientmediaserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
stats.garimediagroup.com.re.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.findmyhome.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.sevenoneintermedia.112.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adcentriconline.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.gostats.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.snapfish.112.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.tchibo.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
adserver.adreactor.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tradefx.advertserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
banner.lv.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.mixxt.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.getitgmbh.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.droetker.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.jobmedia.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.xxxlutz.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.xxxlutz.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.docfinder.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.docfinder.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.foxfilmedentertainment.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.maxfunadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
banner.electronic-arts.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ads20.wwe-media.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ads20.wwe-media.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.bravenet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
livestat.derstandard.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ox-d.rdmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.plandeutschland.122.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wnl4ooczagq.stats.esomniture.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.shinystat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.urbia.wwe-media.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.urbia.wwe-media.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.urbia.wwe-media.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.etargetnet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ads20.wwe-media.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
stats.greenpeace.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.banner.tripple.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track1.httptrack.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track1.httptrack.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track2.httptrack.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.weinwelt.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.interspar.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
count.asnetworks.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
dztadserver.dx-work.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track12.solocpm.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track1.httptrack.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track13.solocpm.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.oe24.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.zalando.at [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
stat.aldi.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.neckermannde.122.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
counter.search.bg [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.eduscho.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
stat.fratz.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.edsa.122.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.3gnet.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ad.adnet.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ads20.wwe-media.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.secmedia.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.harrenmedianetwork.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.nbcwidget.clientmediaserver.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
stats.garimediagroup.com.re.getclicky.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.findmyhome.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.sim-technik.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.sevenoneintermedia.112.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adcentriconline.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.gostats.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.snapfish.112.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ads.adxvalue.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adxvalue.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.tchibo.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
adserver.adreactor.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tradefx.advertserve.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
banner.lv.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.mixxt.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.getitgmbh.122.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.droetker.122.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.jobmedia.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.stepstone.112.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.xxxlutz.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.xxxlutz.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.docfinder.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.docfinder.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.foxfilmedentertainment.122.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.maxfunadserver.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
fl01.ct2.comclick.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
banner.electronic-arts.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ads20.wwe-media.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ads20.wwe-media.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.bravenet.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
livestat.derstandard.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ox-d.rdmedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.plandeutschland.122.2o7.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wnl4ooczagq.stats.esomniture.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.shinystat.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.urbia.wwe-media.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.urbia.wwe-media.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.urbia.wwe-media.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.etargetnet.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
eas4.emediate.eu [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
delivery.way2traffic.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.ads20.wwe-media.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
stats.greenpeace.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.banner.tripple.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track1.httptrack.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track1.httptrack.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track2.httptrack.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.solocpm.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.weinwelt.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.interspar.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
count.asnetworks.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
dztadserver.dx-work.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track12.solocpm.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track1.httptrack.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track13.solocpm.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.oe24.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.zalando.at [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.adserver01.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
track.effiliation.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
stat.aldi.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\SANDBOX\XXX\DEFAULTBOX\USER\CURRENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EU78Z50F.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Chifrax
F:\SYSTEM VOLUME INFORMATION\_RESTORE{4E36CC04-50F4-409C-AA1A-C50911885241}\RP3\A0008264.DLL
F:\SYSTEM VOLUME INFORMATION\_RESTORE{4E36CC04-50F4-409C-AA1A-C50911885241}\RP3\A0009658.EXE
F:\WINDOWS\$NTSERVICEPACKUNINSTALL$\WEXTRACT.EXE
Trojan.Agent/Gen-Refroso
F:\WINDOWS\SERVICEPACKFILES\I386\WEXTRACT.EXE
F:\WINDOWS\SYSTEM32\WEXTRACT.EXE
|
|
03.07.2012, 09:05
| #6 |
| /// Helfer-Team | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. ►Prüfende Datei/en: Code:
ATTFilter F:\WINDOWS\SYSTEM32\WEXTRACT.EXE
► Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!: Scanergebnisse mitsamt Dateiname! Code:
ATTFilter Datei File name:
<hier kommt die Dateiname>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
VT Community
goodware/badware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.22.00 2010.10.21 -
AntiVir 7.10.13.15 2010.10.21 -
Antiy-AVL 2.0.3.7 2010.10.22 -
Authentium 5.2.0.5 2010.10.22 -
Avast 4.8.1351.0 2010.10.21 -
Avast5 5.0.594.0 2010.10.21 -
usw........
...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!!
__________________ --> Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden |
|
03.07.2012, 18:40
| #7 |
| | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Okay, hier das Ergebnis von Virustotal (Das "2" und "0" nach "Analysis Date" bedeutet, dass es von null Usern als schädlich und von zweien als harmlos beurteilt wurde, die dazugehörige Grafik lässt sich nicht mitkopieren.): Code:
ATTFilter VirusTotal
SHA256: 2fe325ef0bf2f43dc50899c49e916554fd1c86279cc7ad39efaa1a7743331f5d
SHA1: d191af1a363ab7534ed78e1202dcfe1b8651fd2e
MD5: e80f82021bcc115719f594fd1d5ca878
File size: 65.5 KB ( 67072 bytes )
File name: wextract.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-07-03 15:01:15 UTC ( 0 Minuten ago )
2
0
More details
Antivirus Result Update
AhnLab-V3 - 20120702
AntiVir - 20120703
Antiy-AVL - 20120703
Avast - 20120703
AVG - 20120703
BitDefender - 20120703
ByteHero - 20120626
CAT-QuickHeal - 20120703
ClamAV - 20120703
Commtouch - 20120703
Comodo - 20120703
DrWeb - 20120703
Emsisoft - 20120703
eSafe - 20120702
F-Prot - 20120703
F-Secure - 20120703
Fortinet - 20120703
GData - 20120703
Ikarus - 20120703
Jiangmin - 20120703
K7AntiVirus - 20120702
Kaspersky - 20120703
McAfee - 20120703
McAfee-GW-Edition - 20120702
Microsoft - 20120703
NOD32 - 20120703
Norman - 20120703
nProtect - 20120703
Panda - 20120703
PCTools - 20120703
Rising - 20120703
Sophos - 20120703
SUPERAntiSpyware - 20120703
Symantec - 20120703
TheHacker - 20120702
TotalDefense - 20120629
TrendMicro - 20120703
TrendMicro-HouseCall - 20120703
VBA32 - 20120702
VIPRE - 20120703
ViRobot - 20120703
VirusBuster - 20120703
Comments
Votes
Additional information
No comments
Code:
ATTFilter ssdeep
1536:G5GJEhlcbW5sk1BlfLvveIbXWm+nwN6JRs5gtZNhAY8fjoegdeDXD5:8Gu9BlfzWIbXWm+w0J+5sNhAY88tderl
TrID
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ExifTool
UninitializedDataSize....: 0
InitializedDataSize......: 26624
ImageVersion.............: 5.1
ProductName..............: Betriebssystem Microsoft Windows
FileVersionNumber........: 6.0.2900.5512
LanguageCode.............: German
FileFlagsMask............: 0x003f
FileDescription..........: Win32 Cabinet Self-Extractor
CharacterSet.............: Unicode
LinkerVersion............: 7.1
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 6.00.2900.5512 (xpsp.080413-2105)
TimeStamp................: 2008:04:13 20:32:45+02:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: Wextract
ProductVersion...........: 6.00.2900.5512
SubsystemVersion.........: 4.0
OSVersion................: 5.1
OriginalFilename.........: WEXTRACT.EXE
LegalCopyright...........: Microsoft Corporation. Alle Rechte vorbehalten.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Microsoft Corporation
CodeSize.................: 39424
FileSubtype..............: 0
ProductVersionNumber.....: 6.0.2900.5512
Warning..................: Possibly corrupt Version resource
EntryPoint...............: 0x645c
ObjectFileType...........: Executable application
Sigcheck
publisher................: Microsoft Corporation
product..................: Betriebssystem Microsoft_ Windows_
internal name............: Wextract
copyright................: (c) Microsoft Corporation. Alle Rechte vorbehalten.
original name............: WEXTRACT.EXE
file version.............: 6.00.2900.5512 (xpsp.080413-2105)
description..............: Win32 Cabinet Self-Extractor
Portable Executable structural information
Compilation timedatestamp.....: 2008-04-13 18:32:45
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0000645C
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 39368 39424 6.58 87fe10d9dbd6b4e42fc70a9a4ecaa575
.data 45056 7140 1024 4.25 99858e86526942a66950c7139f78a725
.rsrc 53248 25564 25600 3.98 614137ed8cef986b77c54d4babbcce1f
PE Imports....................:
VERSION.dll
GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
GDI32.dll
GetDeviceCaps
KERNEL32.dll
LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, lstrlenA, GetModuleFileNameA, GetSystemDirectoryA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, lstrcpyA, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, FreeResource, GetProcAddress, LoadResource, SizeofResource, FindResourceA, lstrcatA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, LockResource
ADVAPI32.dll
FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
USER32.dll
ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
COMCTL32.dll
PE Exports....................:
Symantec Reputation
Suspicious.Insight
First seen by VirusTotal
2008-10-07 08:45:09 UTC ( 3 Jahre, 9 Monate ago )
Last seen by VirusTotal
2012-07-03 15:01:15 UTC ( 15 Minuten ago )
File names (max. 25)
C:\WINDOWS\system32\wextract.exe
wextract.exe
WEXTRACT.EXE
wextract.exe.virus
file-3323700_exe
wextract.exe.2virus
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7987c9fdd60f764ba101b953d1032b80
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-03 04:53:41
# local_time=2012-07-03 06:53:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 22458019 22458019 0 0
# compatibility_mode=5893 16776573 100 94 3146 92961028 0 0
# compatibility_mode=8192 67108863 100 0 316 316 0 0
# scanned=171110
# found=2
# cleaned=2
# scan_time=3242
C:\Sandbox\***\DefaultBox\user\current\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\701544da-4d7eda35 Java/Exploit.CVE-2012-0507.CH trojan (deleted - quarantined) 00000000000000000000000000000000 C
K:\NISAM\normalan.exe a variant of Win32/Peerfrag.GH worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Der neuerliche OTL-Scan lt. Punkt 10: Code:
ATTFilter OTL logfile created on: 03.07.2012 19:23:29 - Run 4 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 49,31% Memory free 7,99 Gb Paging File | 5,10 Gb Available in Paging File | 63,81% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 90,34 Gb Total Space | 60,28 Gb Free Space | 66,72% Space Free | Partition Type: NTFS Drive E: | 325,03 Gb Total Space | 244,92 Gb Free Space | 75,35% Space Free | Partition Type: NTFS Drive F: | 50,29 Gb Total Space | 40,53 Gb Free Space | 80,59% Space Free | Partition Type: NTFS Drive K: | 3,72 Gb Total Space | 1,14 Gb Free Space | 30,51% Space Free | Partition Type: FAT32 Drive L: | 124,72 Mb Total Space | 32,09 Mb Free Space | 25,73% Space Free | Partition Type: FAT Drive M: | 465,76 Gb Total Space | 398,97 Gb Free Space | 85,66% Space Free | Partition Type: NTFS Drive N: | 3,76 Gb Total Space | 3,76 Gb Free Space | 99,95% Space Free | Partition Type: FAT32 Drive X: | 100,00 Mb Total Space | 69,54 Mb Free Space | 69,54% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.30 12:52:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.06.16 13:57:54 | 000,913,888 | ---- | M] (Mozilla Corporation) -- E:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe PRC - [2012.05.08 20:40:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:39:57 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 20:39:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe PRC - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.16 13:57:54 | 002,042,848 | ---- | M] () -- E:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.03.09 06:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.03.09 01:06:44 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2012.06.17 09:52:14 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.05.08 20:40:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 20:39:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Running] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.0) DRV:64bit: - [2012.05.08 20:40:01 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 20:40:01 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.09 11:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.03.09 06:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.01.19 17:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.04.27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.03.01 11:43:14 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm) DRV:64bit: - [2010.03.01 11:43:14 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex) DRV:64bit: - [2010.03.01 11:43:12 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) DRV:64bit: - [2010.03.01 11:43:12 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2010.03.01 11:43:12 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) DRV:64bit: - [2010.03.01 11:43:10 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl) DRV:64bit: - [2010.03.01 11:43:02 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.07 12:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.10.07 12:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2012.07.03 16:08:46 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012.06.17 09:52:12 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.telekom.at IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {26D1BEA2-3695-4210-8721-712C0667B53B} IE - HKCU\..\SearchScopes\{22B2A9EE-E843-4dca-A9DA-ED91D20FDF83}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKCU\..\SearchScopes\{26D1BEA2-3695-4210-8721-712C0667B53B}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKCU\..\SearchScopes\{8FB5B937-2C81-4847-9802-C78AC31F2B99}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\Programme\Mozilla Firefox\components [2012.06.16 13:57:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2012.07.02 20:36:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2012.06.30 12:35:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2\Extensions\\Components: C:\Program Files (x86)\Netscape\Netscape 6\Components [2011.05.22 16:39:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 6 6.2\Extensions\\Plugins: C:\Program Files (x86)\Netscape\Netscape 6\Plugins [2012.07.02 20:36:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: E:\Programme\Mozilla Firefox\components [2012.06.16 13:57:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2012.07.02 20:36:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2012.06.30 12:35:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2\Extensions\\Components: C:\Program Files (x86)\Netscape\Netscape 6\Components [2011.05.22 16:39:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Netscape 6 6.2\Extensions\\Plugins: C:\Program Files (x86)\Netscape\Netscape 6\Plugins [2012.07.02 20:36:13 | 000,000,000 | ---D | M] [2011.05.08 19:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.05.08 19:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.03 15:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\61wt66de.default\extensions [2011.05.14 21:39:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\61wt66de.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25C3B794-4A57-4B5A-8F3C-989A18E1C36E}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.03.28 15:43:20 | 000,000,000 | ---D | M] - L:\Autorun von Externer -- [ FAT ] O32 - AutoRun File - [2011.04.30 16:55:58 | 000,000,000 | ---- | M] () - X:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.03 17:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.07.02 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2012.07.02 21:23:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.07.02 21:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.07.02 21:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.07.02 21:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.07.02 21:19:10 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.07.02 21:18:52 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.07.02 21:18:52 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.07.02 21:08:31 | 000,000,000 | ---D | C] -- E:\***\Eigene Dokumente\Gesicherte RegistryÄnderungen [2012.07.02 20:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.07.02 20:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.07.02 20:31:20 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.07.02 20:31:20 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.07.02 20:31:20 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.07.02 20:31:16 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.07.02 20:31:16 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.07.02 20:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.07.01 11:05:58 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.30 18:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2012.06.30 18:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie [2012.06.30 16:49:51 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.23 09:25:16 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.23 09:25:16 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.23 09:25:16 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.23 09:25:06 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.23 09:25:06 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.23 09:25:06 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.23 09:24:59 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.23 09:24:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.21 17:13:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.06.13 23:38:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.13 23:38:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.13 23:38:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.13 23:38:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.13 23:38:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.13 23:38:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.13 23:38:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.13 23:38:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.13 23:38:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.13 23:38:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.13 23:38:05 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.13 23:38:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.13 23:38:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.13 22:17:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 22:17:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 22:17:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 22:17:04 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 22:17:04 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 22:17:04 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 22:17:00 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 22:16:55 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 22:16:55 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll ========== Files - Modified Within 30 Days ========== [2012.07.03 17:44:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.03 17:44:55 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.03 17:44:55 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.03 17:44:55 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.03 17:44:55 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.03 16:16:35 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.03 16:16:35 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.03 16:10:52 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.07.03 16:08:46 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2012.07.03 16:08:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.03 16:08:25 | 3218,497,536 | -HS- | M] () -- C:\hiberfil.sys [2012.07.02 21:23:41 | 000,001,817 | ---- | M] () -- C:\Users\***\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.07.02 20:36:13 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.07.02 20:31:12 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.07.02 20:31:12 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.07.02 20:31:12 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.07.02 20:31:12 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.07.02 20:31:12 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.07.01 10:24:27 | 000,001,844 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.06.30 18:03:25 | 000,000,923 | ---- | M] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk [2012.06.30 12:52:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.26 17:33:31 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.21 15:51:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.21 15:51:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.14 15:27:54 | 000,351,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.02 21:23:41 | 000,001,817 | ---- | C] () -- C:\Users\***\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.30 18:03:33 | 000,000,923 | ---- | C] () -- C:\Users\***\Desktop\Sandboxed Web Browser.lnk [2012.06.30 18:03:31 | 000,001,844 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.05.25 11:54:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\GBGraphics.dll [2011.05.22 16:39:45 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.22 16:38:47 | 000,083,088 | ---- | C] () -- C:\Windows\N6Uninst.exe [2011.05.22 16:38:46 | 000,006,786 | ---- | C] () -- C:\Windows\mozver.dat [2011.05.20 20:54:07 | 000,000,796 | ---- | C] () -- C:\Users\***\SilentHill.lnk [2011.05.20 20:52:40 | 000,000,789 | ---- | C] () -- C:\Users\***\Labyrinth.lnk [2011.05.20 20:49:08 | 000,000,803 | ---- | C] () -- C:\Users\***\Geschichten.lnk [2011.05.11 23:59:00 | 000,007,597 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2011.05.07 17:44:52 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2011.04.13 14:59:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.13 14:13:50 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2011.04.13 14:09:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.03.21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.01.13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2011.05.08 19:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.05.21 19:23:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock [2011.05.14 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.14 21:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.05.08 21:02:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at [2011.05.08 19:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.06.14 15:28:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.07.2012 19:23:29 - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 49,31% Memory free
7,99 Gb Paging File | 5,10 Gb Available in Paging File | 63,81% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 90,34 Gb Total Space | 60,28 Gb Free Space | 66,72% Space Free | Partition Type: NTFS
Drive E: | 325,03 Gb Total Space | 244,92 Gb Free Space | 75,35% Space Free | Partition Type: NTFS
Drive F: | 50,29 Gb Total Space | 40,53 Gb Free Space | 80,59% Space Free | Partition Type: NTFS
Drive K: | 3,72 Gb Total Space | 1,14 Gb Free Space | 30,51% Space Free | Partition Type: FAT32
Drive L: | 124,72 Mb Total Space | 32,09 Mb Free Space | 25,73% Space Free | Partition Type: FAT
Drive M: | 465,76 Gb Total Space | 398,97 Gb Free Space | 85,66% Space Free | Partition Type: NTFS
Drive N: | 3,76 Gb Total Space | 3,76 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
Drive X: | 100,00 Mb Total Space | 69,54 Mb Free Space | 69,54% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ED1FF88-E802-4E5B-B648-7881D9E13179}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2445CE4B-DED2-430E-957C-D2F751D11CC3}" = lport=137 | protocol=17 | dir=in | app=system |
"{24992CE8-DE47-4314-A722-FDB7632C7799}" = rport=137 | protocol=17 | dir=out | app=system |
"{3011CD83-4079-4D6D-B8AF-764DBF6C5554}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30ED4F55-6AAC-4A4A-9EC3-865E0F114447}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37B40849-4CB8-4EA9-B2D3-BD255413BC66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3949080B-B3D7-4235-9002-CD5D486370C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B176817-AC78-4E8E-8B48-A7525F8564D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{3FF09ECC-B21B-4310-BEFC-66ED4EE4C072}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62C4ACFE-87FE-49BE-BEF0-BFAF5E32EEF2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6E57144A-E29D-4691-9992-055DAA1DBBA9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79F4EECE-451C-4AF7-B6CA-9A965F7989C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{888281AC-A511-401A-9471-0954DACB5ECE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A550615F-41DD-4929-BAA0-E37DCB34BE2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A787899A-6F2F-437E-8968-440F13EC055B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0D1F9A2-2221-4C28-88DC-EB5BA6A7D564}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4CDBD0A-B1E3-4F97-B473-DFC60222EE06}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4ECC865-C84C-4B4E-83CF-187473D6A734}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0CB8D0C-8AA5-4E8C-8135-42453AAF4105}" = rport=138 | protocol=17 | dir=out | app=system |
"{DB17FA54-C2D3-4E58-A1EC-72912BD05217}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5645080-D324-4877-88DF-92B1AA5F5E67}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F65D899A-697C-44CC-B474-4FEFD21363AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{F71A61E0-3816-4D2D-BE9D-9CEC67A410AD}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{162D2528-5793-4334-8503-844AD872AD6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{169C5B25-0F80-49D7-9FCC-086E6CA64AEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25FB6C90-A617-4EBB-AD3A-E561BB3EFCE6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45334A87-32CD-4925-AC46-7F06746752F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48882B69-E8D2-409F-9707-1DBF21E629BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{533A7F44-3924-48E6-8DA5-679367B647B5}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{65DBA613-B0BA-416F-BD13-CA358EA8CF7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{738D80A4-8BF5-4ADD-95EB-41BA627ECE5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74867FE8-535D-4971-A416-8FB02A6F2A63}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E630166-9399-42DF-8D0A-0FD9562F6DE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8C2570CD-F64D-4F27-A4D6-B8A1498BBD7D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{90056150-86BA-4B7B-BA5F-EFEBB775D4FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9586A4C2-2758-4213-A758-8E4C336B0762}" = protocol=6 | dir=out | app=system |
"{AC4DB314-1262-46DB-94F4-3BB292161B3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B5417DA0-8BB7-4143-9FA4-655CC4A9DE7D}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{C1D8A5B6-4EAA-46ED-9ADC-ACEE2D2BDE9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C24280E8-A1B6-4FF5-917C-A53B6891E9B7}" = protocol=17 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{C5A60252-6805-40FD-887A-59CE307909B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C811D16D-DD9D-49C8-A4A3-23DD039FFD75}" = protocol=6 | dir=in | app=c:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{CE89BCCF-75A2-4FB6-8525-E91B8C745026}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4775E10-05E8-4070-9D42-8EF0AA5E5BC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC791A1A-379A-4BCA-9C70-DBF5D54EB93C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFE83A6D-3267-481B-A313-DC4488B58092}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{AF1DCDE2-2AB1-4BA9-B246-57F86AD829CE}E:\programme\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=e:\programme\mozilla firefox\plugin-container.exe |
"UDP Query User{3672482C-2550-4D89-AB98-834FD6ED51CD}E:\programme\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=e:\programme\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{40B91513-A7B9-94AB-5353-926FB1C07334}" = WMV9/VC-1 Video Playback
"{47B188E2-2447-5C40-15B6-9D49DC90BF5B}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F143175-13D3-5AE8-5AE9-262C6D60F994}" = AMD Fuel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D7B6A47A-3DC9-64FE-BFD0-ED02F036D539}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.72 (64-bit)
"sp6" = Logitech SetPoint 6.22
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{810FB87E-B3F8-40E2-B1CD-0B138EE896A2}_is1" = TOPP Vorlagen-Druckstudio (5578)
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E884205-E3A3-55F3-2EE2-0E39F8E6CCED}" = Catalyst Control Center Graphics Previews Common
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9329BA0E-DD91-D33E-B73F-AA5179C53736}" = Catalyst Control Center
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{BD5D6437-94F6-C8F4-AF1B-B1658E0CB8F7}" = CCC Help English
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38556C1-486C-C07B-4655-2F1BCF18C68A}" = Catalyst Control Center InstallProxy
"100,000 Deluxe Graphics Pack" = 100,000 Deluxe Graphics Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.4
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Controller" = Controller
"EasyBCD" = EasyBCD 2.0
"ESET Online Scanner" = ESET Online Scanner v3
"Finale 2002" = Finale 2002
"Free Studio_is1" = Free Studio version 4.8
"GIMP" = GIMP
"Harvard Designer Inhalts-CD-ROM" = Harvard Designer Inhalts-CD-ROM
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}" = SILENT HILL 3
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Netscape 6 (6.2)" = Netscape 6 (6.2)
"PhotoResampling_is1" = PhotoResampling 9.2
"Security Task Manager" = Security Task Manager 1.8c
"SPCHDesigner40" = Harvard Designer
"Uninstall_is1" = Uninstall 1.0.0.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2012 09:39:09 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 13:44:17 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 13:57:42 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 15:13:09 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 10:10:19 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 11:51:37 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.07.2012 11:51:37 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.07.2012 11:54:20 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.07.2012 11:54:20 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.07.2012 11:54:22 | Computer Name = User-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 02.07.2012 09:37:52 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 02.07.2012 13:42:41 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 02.07.2012 13:56:29 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 02.07.2012 15:11:37 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 03.07.2012 10:08:57 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 03.07.2012 10:10:24 | Computer Name = User-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 03.07.2012 11:40:57 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 03.07.2012 11:40:58 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 03.07.2012 11:40:58 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 03.07.2012 11:40:59 | Computer Name = User-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
< End of report >
Frage: Ist Punkt 7 (SuperAntiSpyWare) abgehakt, auch wenn ich den Scan nie "fertig gestellt" habe? Gruß, Woodwose |
|
04.07.2012, 08:38
| #8 | ||
| /// Helfer-Team | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden also die Funde nicht löschen lassen! ** Lass dein System in der nächste Zeit noch unter Beobachtung! 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
04.07.2012, 20:23
| #9 |
| | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Ach, war's das bereits? Ging ja dann schneller, als ich befürchtet hatte. Kann ich die Funde einfach in der Quarantäne lassen und ignorieren? Und was ist mit dem Nisam-Verzeichnis, das es auf K geben sollte? Was soll das sein? Das macht mich irgendwie unruhig. Aber wenn das alles keine Probleme bedeutet, soll es mir auch Recht sein. Auf jeden Fall möchte ich mich herzlich für deine Zeit und Mühe bedanken!  Gruß, Woodwose |
|
05.07.2012, 12:52
| #10 |
| /// Helfer-Team | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden was ist Datenträger "K"? bei die Eset-Onlineprüfung welche externe Datenträger angeschlossen wurde?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
06.07.2012, 22:22
| #11 |
| | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Sorry wegen der späten Reaktion. "k" war in diesem Fall ein USB-Stick. |
|
07.07.2012, 00:27
| #12 | ||
| /// Helfer-Team | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden dort wurde gefunden: Zitat:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
07.07.2012, 13:02
| #13 |
| | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Bei mir funktionieren weder der Panda noch der Symantec Security Scan. Der Panda führt den Scan zwar durch, aber bei "Analysing cloud Report - Results in a few Moments" hängt er sich danach auf und ncihts passiert mehr. Wenn ich beim Symantec die Activwe-X Elemente herunterladen soll, komme ich nur zu "Klicken Sie zum Fortfahren auf das Symbol ? oben auf der Seite- Wenn Sie dieses nicht sehen, klicken Sie hier." Das steht zwei mal untereinander und ich sehe weder das Fragezeichen-Symbol, noch passiert irgendetwas, wenn ich auf den "hier-Link" klicke. Ich werde noch irgwendwelche anderen Online-Scanner versuchen, aber momentan ist das ganze irgendwie ernüchternd. Auf angesprochenem USB-Stick befindet sich nur ein (weiteres) Backup, das ich jederzeit wieder herstellen könnte. Wäre es fahrlässig, den beim jetzigen Stand einfach neu zu formatieren, oder sollte man ihn noch prüfen, um zu wissen, was darauf los war? Gruß, Woodwose |
|
07.07.2012, 16:20
| #14 |
| | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden Nachdem obiges nicht geklappt hat, habe ich einen Scan mit Trend Micro House Call gemacht. Der spuckt leider keine Logs aus, daher ein Screenshot der Funde. Hoffe, der nützt etwas. "M" ist übrigens eine externe Festplatte . |
|
08.07.2012, 07:15
| #15 | |
| /// Helfer-Team | Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefundenZitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Exploits EXP/0507.BY.3, EXP/5353.AJ.4.B, EXP/2012-0507.AW.2 bzw. JAVA/Dldr.Lama.AE.2 gefunden |
| 7-zip, antivirus, audacity, avira, bho, browser, converter, cpu-z, dateisystem, desktop, flash player, heuristiks/extra, heuristiks/shuriken, install.exe, java/dldr.lama.ae.2, kaspersky, logfile, microsoft office word, mp3, nt.dll, ntdll.dll, plug-in, registry, searchscopes, security, server, software, svchost.exe, usb 3.0, verweise, viren, warnung, win32/peerfrag.gh, windows, windows xp |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse. 
Linear-Darstellung
