| |
| |||||||
Log-Analyse und Auswertung: Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDAWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.09.2012, 18:42
| #1 |
| |  Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA und unzählige Cookies die sich nur in Quarantäne verschieben lassen. Hallo an die lieben Helfer hier  , ich würde gerne mal wissen ob ich hier ein Problem habe. Probier mal ne kurze Abfolge zusammenzubringen... - Routerbox-Passwort geändert, - ab dann: Norton-Meldungen: Runasuser/Suspicious Cloud 7/ WS Trojan H entlastet, - später zusätzlich immer wieder mal Fluten von UDP-Paketen, im Vergleich zu vorher, auch vermehrt Standard/Regelblockierungen bzgl. Key-Änderungsversuchen, und unzählige Versuche von z.B. Conhost.exe, Isass.exe, SVhost.exe ins Internet zu kommen + Änderungsveruschen. Norton fand nur ein paar Tracking-Cookies, Spybot + MA-M nichts. Zum Fachmann mit dem Ergebnis das MA-M, Avira und Kaspersky auch nichts gefunden haben. Wieder zu Hause mit Super-AntiSpyware Free Edition nen Suchlauf gestartet der X Quarantäne-Cookies zur Seite gelegt hat. Und vor kurzem die beiden oben stehenden Funde. Defogger ist gemacht, auch der Scan mit OTL (gleich geschockt von Host-Links die ich def. nicht bewusst aufgerufen hab -.-). Danke im Voraus! |
|
11.09.2012, 12:02
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDAZitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
11.09.2012, 12:56
| #3 |
| | Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA Hallo und sry wegen dem Fehler!
__________________Ich hoffe ich mache das jetzt richtig... OTL.txt Code:
ATTFilter OTL logfile created on: 09.09.2012 16:08:45 - Run 1 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\ASUS\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,79 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 56,80% Memory free 7,58 Gb Paging File | 5,34 Gb Available in Paging File | 70,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 101,66 Gb Free Space | 68,21% Space Free | Partition Type: NTFS Drive D: | 435,41 Gb Total Space | 435,30 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\ASUS\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe (Symantec Corporation) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\ExpressGateUtil\VAWinService.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\ExpressGateUtil\VAWinAgent.exe () PRC - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus) PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\ExpressGateUtil\VAWinAgent.exe () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe (Symantec Corporation) SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) SRV - (VideAceWindowsService) -- C:\ExpressGateUtil\VAWinService.exe () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ironx64.sys (Symantec Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (ZTE Incorporated) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120908.009\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120908.009\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120907.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120905.001\BHDrvx64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E F2 AA 6C 60 1B CC 01 [binary data] IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=DE&ver=5 IE - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012.06.02 21:15:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2012.09.09 10:44:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 17:00:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 17:00:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.05 18:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Extensions [2012.06.12 22:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS\AppData\Roaming\mozilla\Firefox\Profiles\utl0f7r6.default\extensions [2012.01.03 01:36:06 | 000,002,448 | ---- | M] () -- C:\Users\ASUS\AppData\Roaming\mozilla\firefox\profiles\utl0f7r6.default\searchplugins\safesearch.xml [2012.09.07 16:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.07 17:00:01 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.07 12:05:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 08:50:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.07 12:05:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.07 12:05:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.07 12:05:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.07 12:05:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.27 21:49:38 | 000,442,922 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15216 more lines... O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4062554738-4053094353-3407602840-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001..\Run: [Spotify Web Helper] C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4062554738-4053094353-3407602840-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-4062554738-4053094353-3407602840-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4062554738-4053094353-3407602840-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D39FBE9-2375-475C-9E07-074A975C12D6}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.09 16:01:48 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2012.09.07 16:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.09.09 16:01:49 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS\Desktop\OTL.exe [2012.09.09 15:30:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.09 15:06:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.09 14:43:44 | 000,000,000 | ---- | M] () -- C:\Users\ASUS\defogger_reenable [2012.09.09 14:37:39 | 000,050,477 | ---- | M] () -- C:\Users\ASUS\Desktop\Defogger(1).exe [2012.09.09 10:52:50 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.09 10:52:50 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.09 10:44:56 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.09 10:44:10 | 3054,383,104 | -HS- | M] () -- C:\hiberfil.sys [2012.09.08 19:35:07 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.08.18 10:04:16 | 000,350,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.18 10:00:50 | 001,987,621 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB [2012.08.17 19:35:23 | 000,002,128 | ---- | M] () -- C:\{8016EA34-C4D5-4761-9FA8-392FAC8DD901} [2012.08.17 18:53:32 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038 [2012.08.17 18:49:29 | 000,002,312 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012.08.16 09:07:43 | 000,031,614 | ---- | M] () -- C:\Users\Public\Desktop\BurnInTest.htm [2012.08.16 08:21:41 | 001,529,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.16 08:21:41 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.16 08:21:41 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.16 08:21:41 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.16 08:21:41 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.14 17:27:42 | 000,061,378 | ---- | M] () -- C:\Users\ASUS\Desktop\bit_Technik.hta ========== Files Created - No Company Name ========== [2012.09.09 14:43:44 | 000,000,000 | ---- | C] () -- C:\Users\ASUS\defogger_reenable [2012.09.09 14:37:38 | 000,050,477 | ---- | C] () -- C:\Users\ASUS\Desktop\Defogger(1).exe [2012.08.17 19:35:23 | 000,002,128 | ---- | C] () -- C:\{8016EA34-C4D5-4761-9FA8-392FAC8DD901} [2012.08.14 17:28:30 | 000,061,378 | ---- | C] () -- C:\Users\ASUS\Desktop\bit_Technik.hta [2012.07.30 00:10:32 | 000,006,466 | ---- | C] () -- C:\Users\ASUS\AppData\Local\recently-used.xbel [2011.04.10 18:49:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.04.10 18:49:10 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.04.10 18:49:10 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.04.10 18:18:24 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll ========== LOP Check ========== [2012.06.27 23:21:12 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\AliceHilfe [2012.07.28 12:18:01 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Spotify [2011.07.13 20:24:13 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Telefónica [2012.05.28 12:24:47 | 000,000,000 | ---D | M] -- C:\Users\ASUS\AppData\Roaming\Tific [2012.07.18 10:39:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.09.2012 16:08:45 - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\ASUS\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,79 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 56,80% Memory free
7,58 Gb Paging File | 5,34 Gb Available in Paging File | 70,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 101,66 Gb Free Space | 68,21% Space Free | Partition Type: NTFS
Drive D: | 435,41 Gb Total Space | 435,30 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Computer Name: ASUS-PC | User Name: ASUS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4062554738-4053094353-3407602840-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{054B0A93-1AA0-43A8-AC94-AA781EE4A948}" = lport=138 | protocol=17 | dir=in | app=system |
"{211D3A23-7B5D-4F88-B6CB-83FE9634C305}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{21283D37-9957-48CC-8F44-88A9FEF39B62}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28FAA4F1-7030-49D3-AF5D-851680651C91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2E1F0A3D-8D80-49EC-8340-07595DB64A2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30BE3E98-CC9C-42BB-8C52-ECA88302C3F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32D28E2A-1A96-4A0F-871B-E1A8D64881E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{34DE6F16-DF68-42C3-A0F4-0B12796BB783}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{384E8BCE-A7F0-443A-92E9-C45BCEDA9FBB}" = lport=137 | protocol=17 | dir=in | app=system |
"{391C8D48-0E5E-4F3E-8016-BF5F66308BE7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3C03A008-036C-4ADF-9B0C-5CF4B9401DBF}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C19C00D-CC21-4D0D-9FB7-1E589CD2BC34}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7AF4095C-0B5C-4DC6-AFBC-AB7442FFBE69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9915F976-100F-483D-9056-2116385EC4F5}" = lport=445 | protocol=6 | dir=in | app=system |
"{A7AE31AC-60C5-4F21-8E6F-31816D15AB32}" = rport=137 | protocol=17 | dir=out | app=system |
"{AA636C90-DFDB-476B-B11B-1CB7E00E7C7B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF357A34-F881-4B76-83CD-65A7CEE2ED9A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4E6870E-A372-4D02-8D80-A4A83B9ADBD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8D727E2-3F68-4ACB-93D8-78670A789B97}" = rport=138 | protocol=17 | dir=out | app=system |
"{E0693682-0204-4A7C-A0ED-F782A5B2D936}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E18781AA-57AC-4DC2-991F-4A571A574915}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E91EE311-C6DD-4638-B15D-C63DA0AE3854}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FAC667FB-581A-4C70-906B-3F4391398558}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A2111-ADBD-4737-9B95-FC45AD7EC7C4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C5A0E60-07F4-4DB4-9C11-1B7A1013BFF4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D672E5F-1C1D-414D-BFB0-F6EAFC3F12E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{200AA81D-40A3-4224-A663-406E67C56AC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A188C65-58A8-4C55-976C-CAC75490E79A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A3B1739-FD22-4CD6-B394-D882A93D9C39}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2E3D2258-22EC-418A-BFCD-1D83D9C99D9A}" = protocol=6 | dir=in | app=e:\alicecd.exe |
"{2F6E2CEA-BBC7-44B4-B92C-F9581DA52288}" = protocol=6 | dir=out | app=system |
"{3D925D77-043A-42D6-8137-EFC11F5D7B0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{436FED1F-E89A-4FD9-B060-33BCB3A8A7AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4CF711D9-2906-4C77-8363-D3086D7066F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F015AC0-6A26-424A-B3F5-BB9D8C953CE7}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{6C8967B5-5CF9-4F49-92BD-1B3CAF39DABA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{78834AC3-0819-4462-9924-BBBF1F4AF62A}" = protocol=17 | dir=in | app=e:\alicecd.exe |
"{7AC7F4E9-9AE6-4CD8-9316-1B01EE17406D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8134311F-1D61-41EA-BCC4-61AD13D09695}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{8378F52E-D3A0-4B74-B90D-F87877F29976}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84452941-77DD-4523-A036-FC38BF686EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{864AA413-74DC-466C-8B43-95119A0BD908}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B002D5F-5DC0-4941-A975-6B472D58685B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A392464B-058E-4593-B477-93F3EFE5A676}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A89C18E2-B72D-48C9-AC3B-7806BA9EB0C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AEB70BA2-A42E-4413-A20A-359274C010A3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B986C873-0435-4ABF-AAEB-40A0837223C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BB00FBFF-811C-4E11-9435-0E462876A967}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{BDE83F05-17D4-4ABB-89B4-7B851C02535E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF28E8F2-E568-4DD9-B1B8-CF735B8A7980}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CA6278A6-7629-43D1-9BB0-4324063955D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E9D5CF4B-D7A0-4F9C-A6E7-D7B63984351E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EFB0949B-A0B9-4605-B2EE-336F5E8D60B0}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{F6740C6C-4B51-41F3-8FDE-AED44B6C4B18}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FB650B4C-020F-45EA-9855-1AF185CC55E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE81427B-0AC3-4C0B-AAC6-2B4C611C1E83}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"TCP Query User{1CAB48F3-F502-4EF9-8FB0-5EA0ACBB56CD}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{211A05CD-6F66-492C-8D17-973DBE7A0D6B}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel(R) Wireless Display
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.13_WHQL
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"ZTE USB Driver" = ZTE USB Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AliceHilfe 1.0.0.1" = AliceHilfe
"ASUS_N3_Series" = ASUS_N3_Series
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"o2DE" = Mobile Connection Manager
"Office14.SingleImage" = Microsoft Office Home and Student 2010
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4062554738-4053094353-3407602840-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.01.2012 18:01:41 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x3c2e726f ID des fehlerhaften
Prozesses: 0x15d0 Startzeit der fehlerhaften Anwendung: 0x01ccde994b0bde38 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: d2c0adbb-4ac4-11e1-9a27-485b399b3c06
Error - 29.01.2012 18:04:13 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: Flash10r.ocx_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ddc5b70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1057ea97
ID
des fehlerhaften Prozesses: 0x29c Startzeit der fehlerhaften Anwendung: 0x01ccde99790b0a87
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
des fehlerhaften Moduls: Flash10r.ocx Berichtskennung: 2d02929d-4ac5-11e1-9a27-485b399b3c06
Error - 29.01.2012 18:08:55 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: Flash10r.ocx, Version: 10.3.181.16,
Zeitstempel: 0x4ddc5b70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0042a1b4 ID des fehlerhaften
Prozesses: 0x778 Startzeit der fehlerhaften Anwendung: 0x01ccded1f4eca2c1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash10r.ocx Berichtskennung:
d500c05f-4ac5-11e1-9a27-485b399b3c06
Error - 31.01.2012 09:09:42 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: Flash10r.ocx, Version: 10.3.181.16,
Zeitstempel: 0x4ddc5b70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0013feeb ID des fehlerhaften
Prozesses: 0x16b4 Startzeit der fehlerhaften Anwendung: 0x01cce00e23179dd5 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash10r.ocx Berichtskennung:
d5f241ed-4c0c-11e1-98a9-485b399b3c06
Error - 01.02.2012 08:48:10 | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 01.02.2012 08:49:25 | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 01.02.2012 08:54:40 | Computer Name = ASUS-PC | Source = System Restore | ID = 8193
Description =
Error - 01.02.2012 17:27:13 | Computer Name = ASUS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16912,
Zeitstempel: 0x4eb4a5ea Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038df9 ID des fehlerhaften
Prozesses: 0x11dc Startzeit der fehlerhaften Anwendung: 0x01cce0c7bf5a9af6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 8141d9f2-4d1b-11e1-a9a0-485b399b3c06
Error - 04.02.2012 13:40:40 | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.02.2012 13:41:50 | Computer Name = ASUS-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 14.08.2012 01:50:03 | Computer Name = ASUS-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error - 14.08.2012 11:14:51 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 14.08.2012 11:27:03 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 16.08.2012 02:43:44 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 16.08.2012 02:44:17 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 16.08.2012 02:56:11 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 16.08.2012 02:56:53 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 16.08.2012 03:01:26 | Computer Name = ASUS-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 07.09.2012 12:54:30 | Computer Name = ASUS-PC | Source = DCOM | ID = 10010
Description =
Error - 08.09.2012 08:04:46 | Computer Name = ASUS-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?09.?2012 um 13:55:39 unerwartet heruntergefahren.
< End of report >
Super Anti Spyware Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/26/2012 at 08:41 PM
Application Version : 5.5.1012
Core Rules Database Version : 9124
Trace Rules Database Version: 6936
Scan type : Complete Scan
Total Scan Time : 00:58:04
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 656
Memory threats detected : 0
Registry items scanned : 69054
Registry threats detected : 0
File items scanned : 56011
File threats detected : 169
Adware.Tracking Cookie
C:\USERS\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\R07YQ2US.txt [ Cookie:asus@yadro.ru/ ]
media.viversum.de [ C:\USERS\ASUS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QV69FUM7 ]
serving-sys.com [ C:\USERS\ASUS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QV69FUM7 ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
adserver.tattooscout.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
track.zalando.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
eas8.emediate.eu [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.quartermedia.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
server.adform.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
adserver.mvg-werbung.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
tomtailor.dyntracker.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
eas8.emediate.eu [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
eas8.emediate.eu [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.tradetracker.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
ad4.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
www4.smartadserver.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
www4.smartadserver.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
studivz.adfarm1.adition.com [ C:\USERS\ASUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTL0F7R6.DEFAULT\COOKIES.SQLITE ]
delivery.ibanner.de [ C:\USERS\STANDARDBENUTZER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AU8DYAPW ]
media.mtvnservices.com [ C:\USERS\STANDARDBENUTZER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AU8DYAPW ]
serving-sys.com [ C:\USERS\STANDARDBENUTZER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AU8DYAPW ]
Trojan.Agent/Gen-Downloader
C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE
C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\8BAE0517\UPDATUS.10017796_RUNASUSER.EXE
|
|
11.09.2012, 20:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA Zitate und meine Kommentare dazu auch bitte im Zusammenhang beachten Wenn ich dich zu einer Aussage von Norton zitierte und dazu nach Logs frage, was meinst du wohl welches Log ich dann sehen möchte? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2012, 20:41
| #5 |
| | Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA Oh, OK. Dann muss ich aber noch mal fragen was genau du meinst, und wie ich das zu Dir kriege -.-. Den Verlauf? Die D. |
|
11.09.2012, 23:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA Verlauf, Log etc. wie auch immer Norton das nennt - allgemein wollte ich das Protokoll von Norton sehen - also das Logfile in Textform, in dem die von dir beschriebenen Funde von Norton protokolliert sind.
__________________ --> Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA |
|
12.09.2012, 17:16
| #7 |
| | Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA Was ich machen muss um das zu bekommen weiß ich jetzt. Wie´s aussieht wurde die Firewall zurückgesetzt, als der Laptop zum prüfen war - alle Meldungen von vorher sind weg... Das letzte was ich noch finden konnte ist das hier: Norton-Log 14.08.12 Code:
ATTFilter Kategorie:Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion
14.08.2012 17:20:47,Hoch,eject.exe (Trojan.ADH.2) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich
14.08.2012 17:20:43,Hoch,eject.exe (Trojan.ADH.2) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich
Kategorie:Intrusion Prevention
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Kategorie,Standardaktionen,Durchgeführte Aktion
14.08.2012 17:14:58,Infos,Intrusion Prevention wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich
14.08.2012 17:14:58,Infos,Intrusion Prevention überwacht 2144 Signaturen. Treiberversion: 11.0.0.243,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich
14.08.2012 17:14:58,Infos,Version der Intrusion Prevention-Engine: 5.0.0.126 Version des Definitionssatzes: 20120728.001,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich
14.08.2012 08:16:10,Infos,Intrusion Prevention wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich
14.08.2012 08:16:10,Infos,Intrusion Prevention überwacht 2144 Signaturen. Treiberversion: 11.0.0.243,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich
14.08.2012 08:16:10,Infos,Version der Intrusion Prevention-Engine: 5.0.0.126 Version des Definitionssatzes: 20120728.001,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich
14.08.2012 07:47:19,Infos,Intrusion Prevention überwacht 2144 Signaturen. Treiberversion: 11.0.0.243,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich
14.08.2012 07:47:19,Infos,Intrusion Prevention wurde aktiviert.,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich
14.08.2012 07:47:19,Infos,Version der Intrusion Prevention-Engine: 5.0.0.126 Version des Definitionssatzes: 20120728.001,Erkannt,Keine Aktion erforderlich,Intrusion Prevention,Keine Aktion erforderlich,Keine Aktion erforderlich
Kategorie:Norton-Produktmanipulationsschutz
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Datum,Quelle,Quell-PID,Ziel,Ziel-PID,Aktion,Reaktion
14.08.2012 17:19:53,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,14.08.2012 17:19:53,C:\WINDOWS\SYSTEM32\CONHOST.EXE,2828,C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\cltLMH.exe,2632,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert
14.08.2012 08:54:49,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,14.08.2012 08:54:49,C:\WINDOWS\SYSTEM32\CONHOST.EXE,1016,C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\cltLMH.exe,1760,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert
14.08.2012 08:21:07,Mittel,Nicht autorisierter Zugriff blockiert (Zugriff auf Prozessdaten),Blockiert,Keine Aktion erforderlich,14.08.2012 08:21:07,C:\WINDOWS\SYSTEM32\CONHOST.EXE,1276,C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\cltLMH.exe,3760,Zugriff auf Prozessdaten,Nicht autorisierter Zugriff blockiert
Kategorie:Leistungswarnmeldung
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion
14.08.2012 17:31:36,Infos,"Hohe Von Datenträger lesen, Auf Datenträger schreiben-Auslastung durch: Core Service ",Erkannt,Keine Aktion erforderlich
|
|
12.09.2012, 20:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA Typisch hysterische Funde von Norton. Ich mochte die Virenscanner von Symantec noch nie, erst recht solche fetten angeblichen Alleskönner wie Norton360 oder gar Norton InternetSecurity sind der reinste Unsinn. Ich würde da eher zu einem reinen Virenscanner plus Windows-Firewall raten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2012, 13:48
| #9 |
| | Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA Welchen Scanner würdest du mir denn empfehlen ? Und muss ich mir noch Gedanken machen wegen Fund von Antispy?Die D. |
|
13.09.2012, 20:38
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA Also ich weiß nicht wie oft ich das schon gepostet hab, das steht hier auch schon zuhauf in vielen Diskussionen - es ist eigentlich immer wieder das gleiche Fazit => Es gibt nicht den besten Virenscanner! Die Frage - welcher Virenscanner oder ob der installierte reicht - taucht ständig auf. Der Virenscanner - egal welcher - kann und wird niemals 100% Schutz bieten können. Neue/unbekannte Schädlinge können immer durch die Lappen gehen. Geld ausgeben muss man nicht für einen Scanner, sowas wie Avast oder Microsoft Security Essentials sind für die privaten Gebrauch völlig ausreichend. Abgesehen davon nutzen verschiedene Virenscanner unterschiedliche Signaturen und Techniken, das führt dazu, dass zB Scanner1 Schädling X entdeckt, aber Schädling Y übersieht. Scanner2 erkennt Schädling Y, dafür aber Schädling X nicht... Wichtiger ist, dass du dich an Regeln hälst. Der beste Virenscanner bringt nichts, wenn du dich falsch verhälst und fahrlässig/unvorsichtig bist. Airbag und Sicherheitsgurt im Auto sind ja auch keine Gründe dafür auf die Verkehrsregeln zu pfeifen. Halte Dich am besten grob an diese Regeln:
Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.09.2012, 13:01
| #11 |
| | Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA Danke dann, für die Hilfe und die Infos |
|
| Themen zu Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA |
| avira, bewusst, cloud, cookies, edition, ergebnis, free, gestartet, geändert, interne, internet, isass.exe, kaspersky, kurze, lastet, nvidia, problem, quarantäne, scan, seite, spybot, trojan, vergleich, vermehrt, verschieben, wissen, zusätzlich |
Linear-Darstellung
