Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Problem mit Mediashifting

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.01.2012, 21:46   #1
Marzipan
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



Hallo! Ich habe auch das "Mediashifting" -Problem. Ich habe bereits über das Thema hier im Forum gelesen, jedoch kann ich in diesen Themen nicht "antworten".
So wie ich das bis jetzt verstanden habe, muss ich den Text, der mir nach einem Scan angezeigt wird hier posten. Was habe ich dann zu tun? Ich bitte um eure Hilfe!

Das ist der Text, der mir angezeigt wird, nachdem ich einen Scan mit dem Programm "OTL" durchgeführt habe:

1. Extra.Txt

OTL Extras logfile created on: 11.01.2012 22:28:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\The Killer Flower\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,61% Memory free
6,21 Gb Paging File | 4,69 Gb Available in Paging File | 75,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,91 Gb Total Space | 71,47 Gb Free Space | 51,45% Space Free | Partition Type: NTFS

Computer Name: LUISAS-PC | User Name: The Killer Flower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004840FA-F3ED-482C-B2B4-D56B52889A0E}" = lport=139 | protocol=6 | dir=in | app=system |
"{033BEA0D-8058-4141-84B5-1E6178D33901}" = lport=138 | protocol=17 | dir=in | app=system |
"{05D773DA-6EC1-41A3-B48B-9D40C56FF2E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0AA6F1EE-0845-4F75-B15D-F854EF7B1D56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{195CAE6C-581F-4E8E-932A-57A6F5743C2E}" = rport=138 | protocol=17 | dir=out | app=system |
"{3DB9B721-25C8-44B5-AA0E-FED5B1A859C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FC91C24-A1C7-4281-BC75-3643F392B9EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5353F40F-ECC5-4234-96E5-F5679051BDDA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{539435D7-583F-42D2-8F07-C70AB9433074}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E901BB4-CD70-4628-875B-F8F3E2D60B45}" = lport=10243 | protocol=6 | dir=in | app=system |
"{677465DB-5D1F-4D5B-9538-3A57B78089DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7E673F70-1508-4DB7-B892-747DA99B19F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96B30827-09F7-456D-8B8D-B1506A535BF9}" = rport=445 | protocol=6 | dir=out | app=system |
"{A0D1A508-6B22-4BF7-91FA-4F9F20C97EA8}" = rport=137 | protocol=17 | dir=out | app=system |
"{B2901C74-7BA7-42BC-9B71-0AD5A570D83A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C47E733F-94E4-4599-81A9-C5F6533395D6}" = lport=137 | protocol=17 | dir=in | app=system |
"{C73249EF-0FF6-4E42-8AB4-44E24D769D8F}" = lport=445 | protocol=6 | dir=in | app=system |
"{CB2466CB-4F33-4834-8D82-479E8AD95DE2}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9D42B87-6638-40C1-90BA-3A27F55C95DB}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16B5D002-C457-4B91-B605-D1D04DE788D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{173AA285-9D6D-49A1-8CD5-D060D752BC75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{239BDB82-FA0B-4AEC-97B7-CB5D67488FB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{40942E56-AB64-4D98-A3B6-BFD9A5473A3D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{443F9757-E0BB-4A7D-93E0-6E9EDE453460}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4482F132-D8AE-437D-BF83-227E877997BA}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{47DFB931-ADD3-44E9-B922-AFA7C13C2FE3}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{58159901-CEFE-4090-AD4F-EBC2F7F1C9DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{715BEC0E-65FA-40D5-8C5E-667E7AC6716F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7566EAC5-71B1-4173-ACE6-E06E6B137C6F}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{765415F5-56A0-43CA-8473-C411C93329F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{769DA9BE-E2D2-49ED-9CB2-9DED21BDE8AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7E73C5D1-F12E-490B-97B5-920EEA0A8C50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8E9B8802-C293-4FF3-9BF1-1AF7E54671DE}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{92888759-1C39-44DF-AC38-0C9634EDEB61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A87DD0A-F231-469E-B05C-940104C19565}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{A8551170-6798-4287-8063-085B079E1EEB}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{ACC5FA27-0147-457C-8971-9660E72423AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BCC9C73E-B1A3-42A8-86EA-70225C796E24}" = protocol=6 | dir=out | app=system |
"{C0BF935A-11B3-4856-916A-5FF1FD4D0E95}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C303376B-F082-4A99-87E5-D7E1C6BCF2FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF205E37-6897-48DC-92DF-8E165C1B7AE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6408DEE-FB3E-40D9-A51C-2CA0FB40D9AE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DD500732-C6C4-4D6B-9CBD-E4EB45FEA835}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{ECA6682A-3C80-4C79-96C7-608900DC7504}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F17ECFC0-A10B-4D2F-A971-37CED4AA750E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC00B548-A9FC-443E-82AA-A7867E74B34A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{A129BF5A-1B29-4008-B41F-AB756938D8DA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{AAFF38A5-C90B-4FC7-A8A4-53A48A323924}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{4F1CB385-BDCB-44AF-AAD1-96C1E30D0555}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{D82F42BF-1F1F-43C5-93D7-991C6C32475A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{31bc7344-eae3-4f1a-828a-080ef2dcf4ba}" = Nero 9 Essentials
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{36EC81EE-8A31-C08E-5C9D-904DFD8CB91F}" = myphotobook.de
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{459F8ABE-28DB-4F9E-9F96-3149C332FA83}" = Lernwerkstatt 7
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 10.4f, 2010.09.18
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlueJ_is1" = BlueJ 2.5.3
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"conduitEngine" = Conduit Engine
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"ElsterFormular 12.4.1.7699p" = ElsterFormular
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"GoldWave v5.25" = GoldWave v5.25
"ICQToolbar" = ICQ Toolbar
"InstallShield_{459F8ABE-28DB-4F9E-9F96-3149C332FA83}" = Lernwerkstatt 7
"LastFM Motorokr Screensaver" = LastFM Motorokr Screensaver
"LastFM_is1" = Last.fm 1.5.4.27091
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"LuPO_is1" = LuPO 1.0.2.43
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MinuteMan" = MinuteMan
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MyFreeCodec" = MyFreeCodec
"PDF Editor 3" = PDF Editor 3
"PDF Reader 3" = PDF Reader 3
"RollerCoaster Tycoon Setup" = Roll
"Songbird-release-1959" = Songbird 1.9.3 (Build 1959)
"TIMELEFT3_is1" = TimeLeft
"VLC media player" = VLC media player 1.1.7
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Zoo Tycoon 2" = Zoo Tycoon 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.12.2011 09:10:58 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3276

Error - 30.12.2011 09:10:59 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30.12.2011 09:10:59 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4680

Error - 30.12.2011 09:10:59 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4680

Error - 30.12.2011 10:50:01 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30.12.2011 10:50:01 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5945994

Error - 30.12.2011 10:50:01 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5945994

Error - 30.12.2011 10:50:02 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 30.12.2011 10:50:02 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5947195

Error - 30.12.2011 10:50:02 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5947195

[ Broadcom Wireless LAN Events ]
Error - 25.07.2011 05:54:35 | Computer Name = Luisas-PC | Source = WLAN-Tray | ID = 0
Description = 11:54:34, Mon, Jul 25, 11 Error - Unable to gain access to user store


Error - 30.12.2011 13:31:28 | Computer Name = Luisas-PC | Source = WLAN-Tray | ID = 0
Description = 18:31:27, Fri, Dec 30, 11 Error - Unable to gain access to user store


[ System Events ]
Error - 31.12.2011 11:17:10 | Computer Name = Luisas-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error - 02.01.2012 09:25:03 | Computer Name = Luisas-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 04.01.2012 07:02:47 | Computer Name = Luisas-PC | Source = bowser | ID = 8003
Description =

Error - 05.01.2012 13:35:48 | Computer Name = Luisas-PC | Source = Print | ID = 6161
Description = Das Dokument PDF Editor im Besitz von The Killer Flower konnte nicht
auf dem Drucker HP LaserJet 1200 Series PCL 5 gedruckt werden. Versuchen Sie erneut,
das Dokument zu drucken, oder starten Sie den Druckspooler erneut. Datentyp: NT
EMF 1.008. Größe der Spooldatei in Bytes: 6356992. Anzahl der gedruckten Bytes:
0. Gesamtanzahl der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer:
\\LUISAS-PC. Vom Druckprozessor zurückgegebener Win32-Fehlercode: 259. Es sind
keine Daten mehr verfügbar.

Error - 07.01.2012 08:48:32 | Computer Name = Luisas-PC | Source = DCOM | ID = 10005
Description =

Error - 07.01.2012 08:48:32 | Computer Name = Luisas-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 07.01.2012 08:48:32 | Computer Name = Luisas-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.01.2012 10:20:12 | Computer Name = Luisas-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error - 11.01.2012 15:11:52 | Computer Name = Luisas-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 11.01.2012 15:13:25 | Computer Name = Luisas-PC | Source = WMPNetworkSvc | ID = 866293
Description =

[ TuneUp Events ]
Error - 31.12.2009 08:29:06 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-31 13:29:06', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','1188',0)

Error - 04.01.2010 15:40:03 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-04 20:40:03', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','1808',0)

Error - 04.01.2010 15:40:29 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-04 20:40:29', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','3796',0)

Error - 04.01.2010 16:09:31 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-04 21:09:31', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','472',0)

Error - 12.01.2010 12:37:22 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-12 17:37:22', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','4488',0)

Error - 12.01.2010 12:42:58 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-12 17:42:58', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','5332',0)

Error - 12.01.2010 14:16:28 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-12 19:16:28', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','5560',0)

Error - 13.01.2010 10:10:13 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-13 15:10:13', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','5472',0)

Error - 13.01.2010 10:43:01 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-13 15:43:01', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','5544',0)

Error - 13.01.2010 11:08:38 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-13 16:08:38', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','804',0)


< End of report >






2. OTL.Txt

OTL logfile created on: 11.01.2012 22:28:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\The Killer Flower\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,61% Memory free
6,21 Gb Paging File | 4,69 Gb Available in Paging File | 75,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,91 Gb Total Space | 71,47 Gb Free Space | 51,45% Space Free | Partition Type: NTFS

Computer Name: LUISAS-PC | User Name: The Killer Flower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\The Killer Flower\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\The Killer Flower\Desktop\FSS.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\WinRAR\WinRAR.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2009\DiskDoctor.exe (TuneUp Software GmbH)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\The Killer Flower\Desktop\FSS.exe ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\WinRAR\WinRAR.exe ()
MOD - C:\Programme\Last.fm\srv_rtaudioplayback.dll ()
MOD - C:\Programme\Last.fm\ext_messengernotify.dll ()
MOD - C:\Programme\Last.fm\ext_skypenotify.dll ()
MOD - C:\Programme\Last.fm\srv_madtranscode.dll ()
MOD - C:\Programme\Last.fm\srv_httpinput.dll ()
MOD - C:\Programme\Last.fm\LastFmFingerprint1.dll ()
MOD - C:\Programme\Last.fm\breakpad.dll ()
MOD - C:\Programme\Last.fm\Moose1.dll ()
MOD - C:\Programme\Last.fm\LastFmTools1.dll ()
MOD - C:\Programme\Last.fm\libfftw3f-3.dll ()
MOD - C:\Programme\Last.fm\zlibwapi.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\Last.fm\QtNetwork4.dll ()
MOD - C:\Programme\Last.fm\QtSql4.dll ()
MOD - C:\Programme\Last.fm\QtGui4.dll ()
MOD - C:\Programme\Last.fm\QtXml4.dll ()
MOD - C:\Programme\Last.fm\QtCore4.dll ()
MOD - C:\Programme\Last.fm\imageformats\qmng4.dll ()
MOD - C:\Programme\Last.fm\imageformats\qgif4.dll ()
MOD - C:\Programme\Last.fm\imageformats\qjpeg4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (se27nd5) -- C:\Windows\System32\USBDeviceService.dll (Iomega)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/TheKillerFlower?setlang=de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.25 10:01:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 15:46:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.06.15 20:32:16 | 000,000,000 | ---D | M]

[2011.07.23 14:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Killer Flower\AppData\Roaming\mozilla\Extensions
[2011.07.23 14:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Killer Flower\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.01.06 12:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Killer Flower\AppData\Roaming\mozilla\Firefox\Profiles\wz0c8lqa.default\extensions
[2011.12.23 17:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.23 17:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.12.23 17:13:41 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
() (No name found) -- C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.25 10:01:11 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.12 13:46:36 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.17 02:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34A21CB5-6520-43CF-B31D-CF01BFCBB3E0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4649D5DD-676D-441E-B909-BDD5D590162D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\The Killer Flower\Pictures\favorites2 (2).jpg
O24 - Desktop BackupWallPaper: C:\Users\The Killer Flower\Pictures\favorites2 (2).jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a5f80a43-2e1b-11e1-92a3-002219e3a2aa}\Shell - "" = AutoRun
O33 - MountPoints2\{a5f80a43-2e1b-11e1-92a3-002219e3a2aa}\Shell\AutoRun\command - "" = F:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.11 22:25:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\The Killer Flower\Desktop\OTL.exe
[2012.01.11 20:19:22 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.01.11 19:55:39 | 000,000,000 | -HSD | C] -- C:\Users\The Killer Flower\AppData\Local\d2684af2
[2012.01.11 15:45:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.10 21:00:46 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.10 21:00:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.10 21:00:43 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.10 21:00:16 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.10 21:00:16 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.05 11:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.01.02 14:33:46 | 000,000,000 | ---D | C] -- C:\Users\The Killer Flower\ElsterFormular
[2012.01.02 14:31:26 | 048,115,352 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\The Killer Flower\Desktop\ElsterFormular-10.4.0.0.exe
[2012.01.02 14:29:40 | 000,000,000 | ---D | C] -- C:\Users\The Killer Flower\AppData\Roaming\elsterformular
[2012.01.02 14:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.01.02 14:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.01.02 14:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2011.12.14 22:02:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 22:02:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 22:02:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 22:02:18 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.14 22:02:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 22:02:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 10:11:51 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 10:11:51 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 10:11:49 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 10:11:47 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 10:11:45 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 10:11:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2012.01.11 22:25:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Killer Flower\Desktop\OTL.exe
[2012.01.11 22:20:18 | 001,953,091 | ---- | M] () -- C:\Users\The Killer Flower\Desktop\tdsskiller.zip
[2012.01.11 22:18:45 | 000,334,125 | ---- | M] () -- C:\Users\The Killer Flower\Desktop\FSS.exe
[2012.01.11 22:11:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.11 22:11:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.11 22:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.01.11 20:10:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.11 19:58:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.01.10 22:44:54 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.10 22:44:54 | 000,600,512 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.10 22:44:54 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.10 22:44:54 | 000,108,394 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.09 23:15:06 | 000,055,040 | ---- | M] () -- C:\Users\The Killer Flower\Desktop\Best Of Music.wpl
[2012.01.08 18:21:35 | 000,027,930 | ---- | M] () -- C:\Users\The Killer Flower\Documents\Papa Unterhalt Karolina.odt
[2012.01.08 17:57:26 | 000,003,441 | ---- | M] () -- C:\Users\The Killer Flower\.recently-used.xbel
[2012.01.03 12:07:24 | 000,199,876 | ---- | M] () -- C:\Users\The Killer Flower\Desktop\schaefer.pdf
[2012.01.02 14:33:35 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular 2008-2009.lnk
[2012.01.02 14:32:42 | 048,115,352 | ---- | M] (Landesfinanzdirektion Thüringen) -- C:\Users\The Killer Flower\Desktop\ElsterFormular-10.4.0.0.exe
[2012.01.02 14:28:48 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.01.01 17:31:55 | 000,022,407 | ---- | M] () -- C:\Users\The Killer Flower\Documents\Morrissey Lieder (nicht in meinem Besitz).odt
[2012.01.01 16:46:40 | 000,017,878 | ---- | M] () -- C:\Users\The Killer Flower\Documents\Farbvarianten Viva Pinata.odt
[2011.12.23 19:51:42 | 000,011,720 | ---- | M] () -- C:\Users\The Killer Flower\Desktop\Morrissey, VAST, Saintface, Die Autos.wpl
[2011.12.20 22:39:39 | 000,009,901 | ---- | M] () -- C:\Users\The Killer Flower\Documents\phone songs.odt
[2011.12.18 22:53:43 | 000,022,235 | ---- | M] () -- C:\Windows\System32\TUProgSt_20111218-215341.dmp
[2011.12.15 09:54:37 | 000,305,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012.01.11 22:20:16 | 001,953,091 | ---- | C] () -- C:\Users\The Killer Flower\Desktop\tdsskiller.zip
[2012.01.11 22:18:37 | 000,334,125 | ---- | C] () -- C:\Users\The Killer Flower\Desktop\FSS.exe
[2012.01.08 18:21:34 | 000,027,930 | ---- | C] () -- C:\Users\The Killer Flower\Documents\Papa Unterhalt Karolina.odt
[2012.01.08 17:57:26 | 000,003,441 | ---- | C] () -- C:\Users\The Killer Flower\.recently-used.xbel
[2012.01.05 11:50:00 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.01.03 12:07:23 | 000,199,876 | ---- | C] () -- C:\Users\The Killer Flower\Desktop\schaefer.pdf
[2012.01.02 14:33:35 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular 2008-2009.lnk
[2012.01.02 14:28:48 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.12.20 22:39:38 | 000,009,901 | ---- | C] () -- C:\Users\The Killer Flower\Documents\phone songs.odt
[2011.12.18 22:53:41 | 000,022,235 | ---- | C] () -- C:\Windows\System32\TUProgSt_20111218-215341.dmp
[2011.07.09 12:28:10 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.05.05 23:00:44 | 000,013,573 | ---- | C] () -- C:\Windows\hplj1010.ini
[2011.03.19 14:10:53 | 000,002,092 | ---- | C] () -- C:\Users\The Killer Flower\AppData\Roaming\wklnhst.dat
[2011.03.03 15:51:46 | 000,049,664 | ---- | C] () -- C:\Users\The Killer Flower\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.11 17:39:12 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.09.25 16:05:43 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.09.22 14:44:56 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2010.01.27 19:05:35 | 000,006,367 | ---- | C] () -- C:\Windows\Gwpreset.ini
[2009.08.09 14:55:55 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.20 12:59:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.20 12:59:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.31 13:33:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009.03.31 13:33:25 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009.03.31 13:33:25 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009.03.31 13:33:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2009.03.25 22:38:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.03.25 22:38:47 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.03.25 22:38:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.03.25 22:38:47 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.03.25 22:34:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.25 14:47:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.03.25 14:10:50 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.03.25 14:10:48 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.03.25 14:10:47 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009.03.25 14:06:03 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2009.03.25 14:06:02 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009.03.25 14:06:02 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008.01.21 08:15:58 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,131,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,305,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,600,512 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,394 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.08.29 10:22:35 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BC0B8090

< End of report >


VIELEN DANK schonmal für Eure Hilfe!

Alt 12.01.2012, 06:37   #2
kira
/// Helfer-Team
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Deinstalliere...
wird ungefragt (mit)installiert, kann man nicht brauchen:-> Conduit Engine aus Firefox entfernen
Code:
ATTFilter
Conduit Engine <- Adware 
         
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen

2.
wird meistens ungefragt (mit)installiert. Wenn nicht benötigst bzw absichtlich installiert hast, kannst deinstallieren:
Code:
ATTFilter
Winload Toolbar	 <- Adware -ähnliches Verhalten
         
3.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com/
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.06.15 20:32:16 | 000,000,000 | ---D | M]
[2011.12.23 17:13:41 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2010.04.12 13:46:36 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a5f80a43-2e1b-11e1-92a3-002219e3a2aa}\Shell - "" = AutoRun
O33 - MountPoints2\{a5f80a43-2e1b-11e1-92a3-002219e3a2aa}\Shell\AutoRun\command - "" = F:\launcher.exe
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BC0B8090

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

5.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

6.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 12.01.2012, 14:51   #3
Marzipan
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



Hallo Kira!

Ich habe jetzt die Toolbars von meinem Laptop entfernt.
Beim dritten Punkt verstehe ich nicht ganz, was du mit "Logfile Änderungen" meinst. Gehört da der Administratorname oder der des PCs (Luisas-PC) dazu?

Freue mich sehr, dass du bereit bist mir zu helfen!

Luisa
__________________

Alt 13.01.2012, 07:27   #4
kira
/// Helfer-Team
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



ja, also Realname..usw..falls an deinem Textdatei etwas geändert hast
wenn nix gemacht hast, kannst so belassen. wenn Du mir hier Logs reinkopierst, kannst dein echter Name usw durch "X" ersetzen...aber wenn OTL-Fix verwendet wird, mußt in der Text (wie auf dem PC existiert) wieder ändern
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 13.01.2012, 18:15   #5
Marzipan
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



Achso, verstehe

Hier die Textdatei nach dem Neustart:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox not found.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\search\engine folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\newtab\initial-thumbs folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\homebutton folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\brand folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help\page folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\util folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\tracking folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\search\mcollect folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\hotnews folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\components folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ not found.
File C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWinl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5f80a43-2e1b-11e1-92a3-002219e3a2aa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5f80a43-2e1b-11e1-92a3-002219e3a2aa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5f80a43-2e1b-11e1-92a3-002219e3a2aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5f80a43-2e1b-11e1-92a3-002219e3a2aa}\ not found.
File F:\launcher.exe not found.
ADS C:\ProgramData\TEMP:BC0B8090 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: The Killer Flower
->Temp folder emptied: 61372880 bytes
->Temporary Internet Files folder emptied: 92818788 bytes
->Java cache emptied: 5266626 bytes
->FireFox cache emptied: 56504176 bytes
->Flash cache emptied: 102043 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7904268 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 214,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01132012_161157

Files\Folders moved on Reboot...
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.

Registry entries deleted on Reboot...
         

Erneuter Scan mit OTL

1. OTL.Txt:
Code:
ATTFilter
OTL logfile created on: 13.01.2012 16:20:30 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\The Killer Flower\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 46,20% Memory free
6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,91 Gb Total Space | 70,02 Gb Free Space | 50,40% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,16 Gb Free Space | 41,64% Space Free | Partition Type: NTFS
 
Computer Name: LUISAS-PC | User Name: The Killer Flower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.11 22:25:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Killer Flower\Desktop\OTL.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.25 10:01:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.07.01 16:29:35 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.29 08:51:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.02 17:16:38 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.06 22:48:53 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
PRC - [2009.12.06 21:59:16 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2009.11.16 12:45:38 | 000,552,264 | ---- | M] (TuneUp Software GmbH) -- C:\Programme\TuneUp Utilities 2009\RegistryCleaner.exe
PRC - [2009.11.16 12:45:32 | 000,619,848 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2009\OneClick.exe
PRC - [2009.07.20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.25 14:05:24 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Programme\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008.12.22 10:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008.12.22 10:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008.10.04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.10.04 13:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2008.09.23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.07.17 13:00:36 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.07.17 13:00:18 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.07.17 13:00:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2008.07.17 13:00:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.25 10:01:10 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.11.15 13:17:07 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.10.13 14:01:22 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.13 13:58:47 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.13 13:58:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.04.11 07:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008.11.24 10:16:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.01 16:29:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 08:51:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.06 22:48:53 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Running] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.12.06 21:59:16 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.07.20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.03.25 14:05:24 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008.12.22 10:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008.12.22 10:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008.10.04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008.09.23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 03:23:43 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\System32\USBDeviceService.dll -- (se27nd5)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.01 16:29:36 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 16:29:36 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009.06.20 14:04:58 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 05:45:56 | 000,072,192 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009.03.08 16:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009.03.06 06:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008.12.22 11:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.12.22 10:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.11.24 10:16:10 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.11.24 10:16:10 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.28 10:46:32 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008.07.17 13:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.07.03 09:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008.07.03 09:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.07.03 09:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.05.29 12:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.01.21 03:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.lastfm.de/user/TheKillerFlower?setlang=de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.25 10:01:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 15:46:00 | 000,000,000 | ---D | M]
 
[2011.07.23 14:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Killer Flower\AppData\Roaming\mozilla\Extensions
[2011.07.23 14:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Killer Flower\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.01.06 12:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Killer Flower\AppData\Roaming\mozilla\Firefox\Profiles\wz0c8lqa.default\extensions
[2011.12.23 17:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.23 17:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.25 10:01:11 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34A21CB5-6520-43CF-B31D-CF01BFCBB3E0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4649D5DD-676D-441E-B909-BDD5D590162D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\The Killer Flower\Pictures\favorites2 (2).jpg
O24 - Desktop BackupWallPaper: C:\Users\The Killer Flower\Pictures\favorites2 (2).jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.13 16:11:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.12 16:22:18 | 000,000,000 | ---D | C] -- C:\Users\The Killer Flower\Desktop\alte Texte
[2012.01.12 15:42:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.11 22:25:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\The Killer Flower\Desktop\OTL.exe
[2012.01.11 20:19:22 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.01.11 19:55:39 | 000,000,000 | -HSD | C] -- C:\Users\The Killer Flower\AppData\Local\d2684af2
[2012.01.10 21:00:46 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.10 21:00:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.10 21:00:43 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.10 21:00:16 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.10 21:00:16 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.05 11:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.01.02 14:33:46 | 000,000,000 | ---D | C] -- C:\Users\The Killer Flower\ElsterFormular
[2012.01.02 14:31:26 | 048,115,352 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\The Killer Flower\Desktop\ElsterFormular-10.4.0.0.exe
[2012.01.02 14:29:40 | 000,000,000 | ---D | C] -- C:\Users\The Killer Flower\AppData\Roaming\elsterformular
[2012.01.02 14:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.01.02 14:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.01.02 14:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2011.12.14 22:02:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 22:02:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 22:02:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 22:02:18 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.14 22:02:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 22:02:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.13 16:14:21 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.01.13 16:14:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 16:14:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.13 16:14:09 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.13 16:14:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.11 22:25:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\The Killer Flower\Desktop\OTL.exe
[2012.01.11 22:20:18 | 001,953,091 | ---- | M] () -- C:\Users\The Killer Flower\Desktop\tdsskiller.zip
[2012.01.11 22:18:45 | 000,334,125 | ---- | M] () -- C:\Users\The Killer Flower\Desktop\FSS.exe
[2012.01.11 19:58:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.01.10 22:44:54 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.10 22:44:54 | 000,600,512 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.10 22:44:54 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.10 22:44:54 | 000,108,394 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.09 23:15:06 | 000,055,040 | ---- | M] () -- C:\Users\The Killer Flower\Desktop\Best Of Music.wpl
[2012.01.08 18:21:35 | 000,027,930 | ---- | M] () -- C:\Users\The Killer Flower\Documents\Papa Unterhalt Karolina.odt
[2012.01.08 17:57:26 | 000,003,441 | ---- | M] () -- C:\Users\The Killer Flower\.recently-used.xbel
[2012.01.03 12:07:24 | 000,199,876 | ---- | M] () -- C:\Users\The Killer Flower\Desktop\schaefer.pdf
[2012.01.02 14:33:35 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular 2008-2009.lnk
[2012.01.02 14:32:42 | 048,115,352 | ---- | M] (Landesfinanzdirektion Thüringen) -- C:\Users\The Killer Flower\Desktop\ElsterFormular-10.4.0.0.exe
[2012.01.02 14:28:48 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.01.01 17:31:55 | 000,022,407 | ---- | M] () -- C:\Users\The Killer Flower\Documents\Morrissey Lieder (nicht in meinem Besitz).odt
[2012.01.01 16:46:40 | 000,017,878 | ---- | M] () -- C:\Users\The Killer Flower\Documents\Farbvarianten Viva Pinata.odt
[2011.12.23 19:51:42 | 000,011,720 | ---- | M] () -- C:\Users\The Killer Flower\Desktop\Morrissey, VAST, Saintface, Die Autos.wpl
[2011.12.20 22:39:39 | 000,009,901 | ---- | M] () -- C:\Users\The Killer Flower\Documents\phone songs.odt
[2011.12.18 22:53:43 | 000,022,235 | ---- | M] () -- C:\Windows\System32\TUProgSt_20111218-215341.dmp
[2011.12.15 09:54:37 | 000,305,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.01.13 16:09:10 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012.01.11 22:20:16 | 001,953,091 | ---- | C] () -- C:\Users\The Killer Flower\Desktop\tdsskiller.zip
[2012.01.11 22:18:37 | 000,334,125 | ---- | C] () -- C:\Users\The Killer Flower\Desktop\FSS.exe
[2012.01.08 18:21:34 | 000,027,930 | ---- | C] () -- C:\Users\The Killer Flower\Documents\Papa Unterhalt Karolina.odt
[2012.01.08 17:57:26 | 000,003,441 | ---- | C] () -- C:\Users\The Killer Flower\.recently-used.xbel
[2012.01.05 11:50:00 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.01.03 12:07:23 | 000,199,876 | ---- | C] () -- C:\Users\The Killer Flower\Desktop\schaefer.pdf
[2012.01.02 14:33:35 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular 2008-2009.lnk
[2012.01.02 14:28:48 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.12.20 22:39:38 | 000,009,901 | ---- | C] () -- C:\Users\The Killer Flower\Documents\phone songs.odt
[2011.12.18 22:53:41 | 000,022,235 | ---- | C] () -- C:\Windows\System32\TUProgSt_20111218-215341.dmp
[2011.07.09 12:28:10 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.05.05 23:00:44 | 000,013,573 | ---- | C] () -- C:\Windows\hplj1010.ini
[2011.03.19 14:10:53 | 000,002,092 | ---- | C] () -- C:\Users\The Killer Flower\AppData\Roaming\wklnhst.dat
[2011.03.03 15:51:46 | 000,049,664 | ---- | C] () -- C:\Users\The Killer Flower\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.11 17:39:12 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.09.25 16:05:43 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.09.22 14:44:56 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe
[2010.01.27 19:05:35 | 000,006,367 | ---- | C] () -- C:\Windows\Gwpreset.ini
[2009.08.09 14:55:55 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.20 12:59:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.20 12:59:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.20 12:58:45 | 000,072,192 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2009.03.31 13:33:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009.03.31 13:33:25 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009.03.31 13:33:25 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009.03.31 13:33:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2009.03.25 22:38:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.03.25 22:38:47 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.03.25 22:38:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.03.25 22:38:47 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.03.25 22:34:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.25 14:47:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.03.25 14:10:50 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.03.25 14:10:48 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.03.25 14:10:47 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009.03.25 14:06:03 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2009.03.25 14:06:02 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2009.03.25 14:06:02 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008.01.21 08:15:58 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,131,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,305,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,600,512 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,394 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.08.29 10:22:35 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
 
========== LOP Check ==========
 
[2012.01.11 22:09:20 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\Amazon
[2011.07.14 16:11:48 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\CAD-KAS
[2011.07.26 12:51:06 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.01.02 14:29:40 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\elsterformular
[2011.12.18 14:18:02 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\gtk-2.0
[2011.05.18 13:22:24 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\ICQ
[2011.09.24 10:49:15 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\JavaEditor
[2011.06.15 20:38:32 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\NesterSoft
[2011.03.03 19:54:36 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\OpenOffice.org
[2011.07.23 14:14:28 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\Songbird2
[2011.03.19 14:10:55 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\Template
[2011.03.03 15:24:27 | 000,000,000 | ---D | M] -- C:\Users\The Killer Flower\AppData\Roaming\TuneUp Software
[2012.01.13 16:14:21 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2012.01.13 16:12:52 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.16 18:46:44 | 000,000,454 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F198DFEF-0888-45DF-B18A-88B072E3CAEF}.job
 
========== Purity Check ==========
 
 

< End of report >
         

2.Extras.Txt:

Code:
ATTFilter
OTL Extras logfile created on: 13.01.2012 16:20:30 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\The Killer Flower\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 46,20% Memory free
6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,91 Gb Total Space | 70,02 Gb Free Space | 50,40% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,16 Gb Free Space | 41,64% Space Free | Partition Type: NTFS
 
Computer Name: LUISAS-PC | User Name: The Killer Flower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004840FA-F3ED-482C-B2B4-D56B52889A0E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{033BEA0D-8058-4141-84B5-1E6178D33901}" = lport=138 | protocol=17 | dir=in | app=system | 
"{05D773DA-6EC1-41A3-B48B-9D40C56FF2E7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0AA6F1EE-0845-4F75-B15D-F854EF7B1D56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{195CAE6C-581F-4E8E-932A-57A6F5743C2E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3DB9B721-25C8-44B5-AA0E-FED5B1A859C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4FC91C24-A1C7-4281-BC75-3643F392B9EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5353F40F-ECC5-4234-96E5-F5679051BDDA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{539435D7-583F-42D2-8F07-C70AB9433074}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E901BB4-CD70-4628-875B-F8F3E2D60B45}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{677465DB-5D1F-4D5B-9538-3A57B78089DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7E673F70-1508-4DB7-B892-747DA99B19F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96B30827-09F7-456D-8B8D-B1506A535BF9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A0D1A508-6B22-4BF7-91FA-4F9F20C97EA8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B2901C74-7BA7-42BC-9B71-0AD5A570D83A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C47E733F-94E4-4599-81A9-C5F6533395D6}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C73249EF-0FF6-4E42-8AB4-44E24D769D8F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CB2466CB-4F33-4834-8D82-479E8AD95DE2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E9D42B87-6638-40C1-90BA-3A27F55C95DB}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16B5D002-C457-4B91-B605-D1D04DE788D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{173AA285-9D6D-49A1-8CD5-D060D752BC75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{239BDB82-FA0B-4AEC-97B7-CB5D67488FB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{40942E56-AB64-4D98-A3B6-BFD9A5473A3D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{443F9757-E0BB-4A7D-93E0-6E9EDE453460}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4482F132-D8AE-437D-BF83-227E877997BA}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{47DFB931-ADD3-44E9-B922-AFA7C13C2FE3}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{58159901-CEFE-4090-AD4F-EBC2F7F1C9DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{715BEC0E-65FA-40D5-8C5E-667E7AC6716F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7566EAC5-71B1-4173-ACE6-E06E6B137C6F}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | 
"{765415F5-56A0-43CA-8473-C411C93329F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{769DA9BE-E2D2-49ED-9CB2-9DED21BDE8AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7E73C5D1-F12E-490B-97B5-920EEA0A8C50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8E9B8802-C293-4FF3-9BF1-1AF7E54671DE}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | 
"{92888759-1C39-44DF-AC38-0C9634EDEB61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9A87DD0A-F231-469E-B05C-940104C19565}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe | 
"{A8551170-6798-4287-8063-085B079E1EEB}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe | 
"{ACC5FA27-0147-457C-8971-9660E72423AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BCC9C73E-B1A3-42A8-86EA-70225C796E24}" = protocol=6 | dir=out | app=system | 
"{C0BF935A-11B3-4856-916A-5FF1FD4D0E95}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C303376B-F082-4A99-87E5-D7E1C6BCF2FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CF205E37-6897-48DC-92DF-8E165C1B7AE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6408DEE-FB3E-40D9-A51C-2CA0FB40D9AE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{DD500732-C6C4-4D6B-9CBD-E4EB45FEA835}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{ECA6682A-3C80-4C79-96C7-608900DC7504}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F17ECFC0-A10B-4D2F-A971-37CED4AA750E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC00B548-A9FC-443E-82AA-A7867E74B34A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{A129BF5A-1B29-4008-B41F-AB756938D8DA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{AAFF38A5-C90B-4FC7-A8A4-53A48A323924}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{4F1CB385-BDCB-44AF-AAD1-96C1E30D0555}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{D82F42BF-1F1F-43C5-93D7-991C6C32475A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{31bc7344-eae3-4f1a-828a-080ef2dcf4ba}" = Nero 9 Essentials
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{459F8ABE-28DB-4F9E-9F96-3149C332FA83}" = Lernwerkstatt 7
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 10.4f, 2010.09.18
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlueJ_is1" = BlueJ 2.5.3
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)  
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"ElsterFormular 12.4.1.7699p" = ElsterFormular
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"GoldWave v5.25" = GoldWave v5.25
"InstallShield_{459F8ABE-28DB-4F9E-9F96-3149C332FA83}" = Lernwerkstatt 7
"LastFM_is1" = Last.fm 1.5.4.27091
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"LuPO_is1" = LuPO 1.0.2.43
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MinuteMan" = MinuteMan
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MyFreeCodec" = MyFreeCodec
"PDF Editor 3" = PDF Editor 3
"PDF Reader 3" = PDF Reader 3
"Songbird-release-1959" = Songbird 1.9.3 (Build 1959)
"TIMELEFT3_is1" = TimeLeft
"VLC media player" = VLC media player 1.1.7
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.12.2011 10:50:01 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 30.12.2011 10:50:01 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 30.12.2011 10:50:01 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 30.12.2011 10:50:02 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 30.12.2011 10:50:02 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 30.12.2011 10:50:02 | Computer Name = Luisas-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 30.12.2011 13:31:10 | Computer Name = Luisas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.12.2011 11:18:50 | Computer Name = Luisas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.01.2012 10:26:57 | Computer Name = Luisas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.01.2012 07:09:10 | Computer Name = Luisas-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 25.07.2011 05:54:35 | Computer Name = Luisas-PC | Source = WLAN-Tray | ID = 0
Description = 11:54:34, Mon, Jul 25, 11 Error - Unable to gain access to user store

 
Error - 30.12.2011 13:31:28 | Computer Name = Luisas-PC | Source = WLAN-Tray | ID = 0
Description = 18:31:27, Fri, Dec 30, 11 Error - Unable to gain access to user store

 
[ System Events ]
Error - 11.01.2012 15:13:25 | Computer Name = Luisas-PC | Source = WMPNetworkSvc | ID = 866293
Description = 
 
Error - 11.01.2012 17:58:29 | Computer Name = Luisas-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 12.01.2012 10:28:04 | Computer Name = Luisas-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 12.01.2012 10:28:58 | Computer Name = Luisas-PC | Source = WMPNetworkSvc | ID = 866293
Description = 
 
Error - 13.01.2012 11:06:41 | Computer Name = Luisas-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 13.01.2012 11:09:49 | Computer Name = Luisas-PC | Source = WMPNetworkSvc | ID = 866293
Description = 
 
Error - 13.01.2012 11:11:57 | Computer Name = Luisas-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 13.01.2012 11:13:45 | Computer Name = Luisas-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 13.01.2012 11:15:26 | Computer Name = Luisas-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 13.01.2012 11:16:33 | Computer Name = Luisas-PC | Source = WMPNetworkSvc | ID = 866293
Description = 
 
[ TuneUp Events ]
Error - 31.12.2009 08:29:06 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-31 13:29:06', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
 case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','1188',0)
 
Error - 04.01.2010 15:40:03 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-04 20:40:03', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
 case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','1808',0)
 
Error - 04.01.2010 15:40:29 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-04 20:40:29', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
 case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','3796',0)
 
Error - 04.01.2010 16:09:31 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-04 21:09:31', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
 case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','472',0)
 
Error - 12.01.2010 12:37:22 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-12 17:37:22', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
 case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','4488',0)
 
Error - 12.01.2010 12:42:58 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-12 17:42:58', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
 case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','5332',0)
 
Error - 12.01.2010 14:16:28 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-12 19:16:28', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
 case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','5560',0)
 
Error - 13.01.2010 10:10:13 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-13 15:10:13', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
 case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','5472',0)
 
Error - 13.01.2010 10:43:01 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-13 15:43:01', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
 case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','5544',0)
 
Error - 13.01.2010 11:08:38 | Computer Name = Luisas-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-13 16:08:38', '\device\harddiskvolume3\users\marzipanschweinchen\desktop\luisa\mystery
 case files - dire grove collector's edition v1.0.514 (by big fish games)\mcf6.exe','804',0)
 
 
< End of report >
         

Bericht Malwarebytes Anti-Malware:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.13.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
The Killer Flower :: LUISAS-PC [Administrator]

Schutz: Aktiviert

13.01.2012 16:32:56
mbam-log-2012-01-13 (16-32-56).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 389254
Laufzeit: 2 Stunde(n), 17 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Windows\System32\USBDeviceService.dll (Rootkit.0Access) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\System32\USBDeviceService.dll (Rootkit.0Access) -> Löschen bei Neustart.
C:\Windows\assembly\GAC_MSIL\Desktop.ini (Rootkit.0Access) -> Löschen bei Neustart.

(Ende)
         

Meine istallierten Programme:
Code:
ATTFilter
7-Zip 9.20		24.11.2010	3,54MB	
Adobe AIR	Adobe Systems Incorporated	05.10.2011	37,6MB	3.0.0.4080
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	10.01.2012		11.1.102.55
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	14.11.2011		11.1.102.55
Adobe Reader X (10.1.2) - Deutsch	Adobe Systems Incorporated	10.01.2012	120,8MB	10.1.2
Advanced Audio FX Engine		24.03.2009		
Apple Application Support	Apple Inc.	14.11.2011	61,1MB	2.1.5
Apple Mobile Device Support	Apple Inc.	12.02.2011	21,7MB	3.3.1.3
Apple Software Update	Apple Inc.	18.07.2011	2,38MB	2.1.3.127
ATI Catalyst Control Center		24.03.2009	24,00KB	2.008.0703.2235
Avira AntiVir Personal - Free Antivirus	Avira GmbH	18.10.2011	140,7MB	10.2.0.704
BlueJ 2.5.3	Deakin University	15.11.2010	17,9MB	
CCleaner	Piriform	12.01.2012	4,22MB	3.14
Cisco EAP-FAST Module	Cisco Systems, Inc.	24.03.2009	1,04MB	2.1.6
Cisco LEAP Module	Cisco Systems, Inc.	24.03.2009	1,04MB	1.0.12
Cisco PEAP Module	Cisco Systems, Inc.	24.03.2009	0,85MB	1.0.13
Compatibility Pack für 2007 Office System	Microsoft Corporation	13.12.2011	164,8MB	12.0.6514.5001
Dell Dock	Dell	24.03.2009		1.0.0
Dell Getting Started Guide	Dell Inc.	24.03.2009		1.00.0000
Dell Support Center (Support Software)	Dell	26.03.2009	0,75MB	2.2.08298
Dell Touchpad	Alps Electric	24.03.2009	11,7MB	7.2.101.209
Dell Video Chat	SightSpeed Inc.	24.03.2009	22,1MB	6.0 (6567)
Dell Webcam Central		24.03.2009	31,1MB	
Dell Wireless WLAN Card Utility	Dell Inc.	25.03.2009		5.10.38.30
Dell-eBay	Dell	24.03.2009		1.00.0000
Die Sims 2		04.12.2010	2.747MB	
Die Sims 2: Nightlife		04.12.2010	1.287MB	
Die Sims 2: Open For Business		04.12.2010	698MB	
Die Sims 2: Wilde Campus-Jahre		04.12.2010	925MB	
Die Sims™ 2 Freizeit-Spaß	Electronic Arts	04.12.2010	1.195MB	
Die Sims™ 2 Gute Reise	Electronic Arts	04.12.2010	947MB	
Die Sims™ 2 H&M®-Fashion-Accessoires		04.12.2010	498MB	
Die Sims™ 2 Haustiere		04.12.2010	801MB	
Die Sims™ 2 IKEA® Home-Accessoires	Electronic Arts	04.12.2010	440MB	
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires	Electronic Arts	04.12.2010	473MB	
Die Sims™ 2 Vier Jahreszeiten		04.12.2010	894MB	
Die Sims™ 2: Glamour-Accessoires		04.12.2010	356MB	
Die Sims™ 3	Electronic Arts	19.06.2009	5.640MB	1.0.615
ElsterFormular	Landesfinanzdirektion Thüringen	01.01.2012	264MB	12.4.1.7699p
ElsterFormular 2008 - 2009	Landesfinanzdirektion Thüringen	01.01.2012	125,3MB	2008-2009
G DATA Logox4 Speechengine	G DATA Software AG	11.04.2011		
GIMP 2.6.5		27.03.2009	84,4MB	
GoldWave v5.25		26.01.2010	5,09MB	
Integrated Webcam Driver (1.06.03.0309)	Creative Technology Ltd.	25.03.2009		1.06.03.0309
Java(TM) 6 Update 22	Oracle	10.04.2011	97,1MB	6.0.220
Java(TM) 6 Update 24	Sun Microsystems, Inc.	13.06.2010	94,5MB	6.0.240
Java(TM) SE Development Kit 6 Update 20	Sun Microsystems, Inc.	15.11.2010	150,9MB	1.6.0.200
Java-Editor 10.4f, 2010.09.18	Gerhard Röhner	23.09.2011	8,80MB	
Last.fm 1.5.4.27091	Last.fm	22.07.2011	18,4MB	
Lernwerkstatt 7	Medienwerkstatt Mühlacker Verlagsgesellschaft mbH	11.04.2011	99,4MB	7.00.0000
Logitech Harmony Remote Software 7	Logitech	22.11.2011	88,2MB	7.7.0.0
LuPO 1.0.2.43	Ministerium für Schule, Wissenschaft und Forschung NRW	17.03.2011	14,7MB	
Malwarebytes Anti-Malware Version 1.60.0.1800	Malwarebytes Corporation	12.01.2012	11,5MB	1.60.0.1800
McAfee Security Scan Plus	McAfee, Inc.	11.09.2011	9,34MB	2.0.181.2
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	02.04.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	26.03.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.06.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	24.06.2010	24,5MB	4.0.30319
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	24.03.2009	1,74MB	3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	24.03.2009	0,61MB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	24.03.2009	1,45MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	29.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	14.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	29.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	13.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218	Microsoft Corporation	23.12.2010	0,22MB	9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	01.01.2012	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	24.03.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	27.03.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	14.06.2011	0,58MB	9.0.30729.6161
Microsoft Works	Microsoft Corporation	15.12.2010	334MB	9.7.0621
MinuteMan		14.06.2011	1,17MB	
Mozilla Firefox 9.0.1 (x86 de)	Mozilla	24.12.2011	40,3MB	9.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	01.04.2009	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.11.2009	1,34MB	4.20.9876.0
MyFreeCodec		30.03.2009	9,87MB	
Nero 9 Essentials	Nero AG	03.09.2009		
No23 Recorder	No23	01.03.2011	4,40MB	2.1.0.3
OpenOffice.org 3.2	OpenOffice.org	09.05.2010	371MB	3.2.9483
PDF Editor 3		13.07.2011	15,9MB	
PDF Reader 3		10.11.2010	58,9MB	
QuickSet	Dell Inc.	24.03.2009		9.2.6
QuickTime	Apple Inc.	14.11.2011	73,3MB	7.71.80.42
Remote Control USB Driver		22.11.2011	3,62MB	2.3.2.317
Roxio Creator DE	Roxio	24.03.2009	18,1MB	10.1
Samsung Media Studio 5	Samsung	30.03.2009	74,0MB	5.0
Skype™ 5.3	Skype Technologies S.A.	22.07.2011	16,6MB	5.3.120
Songbird 1.9.3 (Build 1959)		22.07.2011	57,9MB	
Sound Blaster Audigy ADVANCED MB		24.03.2009	11,5MB	1.0
TimeLeft	NesterSoft Inc.	14.06.2011	4,79MB	3.56
TuneUp Utilities 2009	TuneUp Software	05.12.2009	47,0MB	8.0.3310.3
VLC media player 1.1.7	VideoLAN	12.02.2011	80,2MB	1.1.7
Windows Live Anmelde-Assistent	Microsoft Corporation	01.04.2009	1,93MB	5.000.818.6
Windows Live Essentials	Microsoft Corporation	24.03.2009	94,4MB	14.0.8050.1202
Windows Live-Uploadtool	Microsoft Corporation	24.03.2009	0,22MB	14.0.8014.1029
WinRAR 4.01 (32-Bit)	win.rar GmbH	05.09.2011	4,03MB	4.01.0
         
So, das ist abgearbeitet Ich hoffe, es ist auch alles richtig so.


Alt 13.01.2012, 18:50   #6
Marzipan
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



Irgendwie kommt jetzt auch nichts mehr. Ist das Problem jetzt schon gelöst?

Alt 14.01.2012, 06:05   #7
kira
/// Helfer-Team
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



1.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!
deinstalliere:
Zitat:
Java(TM) 6 Update 24
2.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:
Code:
ATTFilter
McAfee Security Scan Plus
         
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.


3.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
[2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

3.
reinige dein System mit CCleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 14.01.2012, 12:14   #8
Marzipan
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



Fixen mit OTL:
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: The Killer Flower
->Temp folder emptied: 1893723 bytes
->Temporary Internet Files folder emptied: 700382 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47007646 bytes
->Flash cache emptied: 1385 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3596 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 47,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01142012_115030

Files\Folders moved on Reboot...
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.

Registry entries deleted on Reboot...
         
SuperAntiSpyware Bericht:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/14/2012 at 12:29 PM

Application Version : 5.0.1142

Core Rules Database Version : 8134
Trace Rules Database Version: 5946

Scan type       : Quick Scan
Total Scan Time : 00:05:50

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 632
Memory threats detected   : 0
Registry items scanned    : 30123
Registry threats detected : 0
File items scanned        : 7045
File threats detected     : 314

Adware.Tracking Cookie
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\the_killer_flower@2o7[1].txt [ /2o7 ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\the_killer_flower@adx.chip[2].txt [ /adx.chip ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\the_killer_flower@free-countdown-timer.softonic[1].txt [ /free-countdown-timer.softonic ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\the_killer_flower@maxis.112.2o7[1].txt [ /maxis.112.2o7 ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\the_killer_flower@smartadserver[1].txt [ /smartadserver ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\the_killer_flower@www.windowsmedia[1].txt [ /www.windowsmedia ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\3Y8G60YP.txt [ /msnportal.112.2o7.net ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\1RYCROKA.txt [ /doubleclick.net ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\8V0EW6OD.txt [ /imrworldwide.com ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\K9DNJDUF.txt [ /c.atdmt.com ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\M8X5Y162.txt [ /mediaplex.com ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\9IN2HTF5.txt [ /specificclick.net ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\TZM53QCR.txt [ /atdmt.com ]
	C:\Users\The Killer Flower\AppData\Roaming\Microsoft\Windows\Cookies\8CHHPD3W.txt [ /apmebf.com ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\N832ZDIJ.txt [ Cookie:the killer flower@im.banner.t-online.de/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_killer_flower@traffictrack[1].txt [ Cookie:the killer flower@traffictrack.de/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\MOBZJ0NU.txt [ Cookie:the killer flower@ad2.adfarm1.adition.com/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\20HYNLAI.txt [ Cookie:the killer flower@msnportal.112.2o7.net/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\UDKI0CXS.txt [ Cookie:the killer flower@ad3.adfarm1.adition.com/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\7MS6GPFK.txt [ Cookie:the killer flower@ad.yieldmanager.com/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_killer_flower@ice.112.2o7[1].txt [ Cookie:the killer flower@ice.112.2o7.net/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_killer_flower@adsrv1.admediate[1].txt [ Cookie:the killer flower@adsrv1.admediate.com/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\XP24HKTI.txt [ Cookie:the killer flower@eas.apm.emediate.eu/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\18Y0N4E3.txt [ Cookie:the killer flower@c.atdmt.com/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\0WBTZ14V.txt [ Cookie:the killer flower@ad.zanox.com/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\A0F3EHIK.txt [ Cookie:the killer flower@specificclick.net/ ]
	C:\USERS\THE KILLER FLOWER\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6TK5T3H.txt [ Cookie:the killer flower@atdmt.com/ ]
	C:\USERS\THE KILLER FLOWER\Cookies\3Y8G60YP.txt [ Cookie:the killer flower@msnportal.112.2o7.net/ ]
	C:\USERS\THE KILLER FLOWER\Cookies\the_killer_flower@free-countdown-timer.softonic[1].txt [ Cookie:the killer flower@free-countdown-timer.softonic.de/ ]
	C:\USERS\THE KILLER FLOWER\Cookies\K9DNJDUF.txt [ Cookie:the killer flower@c.atdmt.com/ ]
	C:\USERS\THE KILLER FLOWER\Cookies\the_killer_flower@adx.chip[2].txt [ Cookie:the killer flower@adx.chip.de/ ]
	C:\USERS\THE KILLER FLOWER\Cookies\M8X5Y162.txt [ Cookie:the killer flower@mediaplex.com/ ]
	C:\USERS\THE KILLER FLOWER\Cookies\9IN2HTF5.txt [ Cookie:the killer flower@specificclick.net/ ]
	C:\USERS\THE KILLER FLOWER\Cookies\TZM53QCR.txt [ Cookie:the killer flower@atdmt.com/ ]
	C:\USERS\THE KILLER FLOWER\Cookies\8CHHPD3W.txt [ Cookie:the killer flower@apmebf.com/ ]
	.adtech.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	lastfmstats.livefrombmore.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	lastfmstats.livefrombmore.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.autoscout24.112.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.lastfmstats.livefrombmore.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	data.coremetrics.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.webstats4u.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	stat.dealtime.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.sevenoneintermedia.112.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.linksynergy.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.linksynergy.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.linksynergy.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.tns-counter.ru [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s01.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s08.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s08.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	2.s08.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s08.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s05.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s04.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s04.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s07.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s08.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s02.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s05.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	2.s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s02.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s02.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.ipcmedia.122.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.cunda.122.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.shopping-pfadfinder.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.shopping-pfadfinder.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.tracking.3gnet.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	media1.comnos.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.a.revenuemax.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	ext.trackingwiz.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	ext.trackingwiz.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	tracking.sim-technik.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.webstats4u.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.msnportal.112.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	counters.gigya.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s04.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wdl4qpcziep.stats.esomniture.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.mediamere.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.mediamere.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.opodo.122.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6whmiukdzeho.stats.esomniture.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wfkyklcpkbo.stats.esomniture.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.discounto.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.discounto.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.lokalportal24de.112.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.dealtime.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	clicks.pangora.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	clicks.pangora.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s05.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s05.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	dc.tremormedia.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.ad6media.fr [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.ad6media.fr [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wnk4oiczgap.stats.esomniture.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s06.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s04.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s06.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	canada.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	canada.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s08.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	canada.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.stats.paypal.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	tracking.mobile.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s01.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	canada.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	canada.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	canada.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s08.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s06.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s08.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s06.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	2.s06.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	2.s06.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	2.s04.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s09.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	2.s02.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	canada.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s01.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s01.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s06.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s09.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s06.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s02.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	2.s06.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	canada.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s07.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	states.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	canada.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	2.s05.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s08.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s01.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s07.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s09.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	tracking.purpular.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.affiliates.commissionaccount.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.affiliates.commissionaccount.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	stats.justhost.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	2.s01.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s07.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s09.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s07.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s09.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s03.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wnkokjcpsdq.stats.esomniture.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.microsoftsto.112.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.moviepilot.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.moviepilot.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.3dstats.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.openstat.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.spylog.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	kursnet-finden.arbeitsagentur.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s06.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.loyaltypartner.122.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wbkoumazwbo.stats.esomniture.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.webstats4u.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	af.2.cqcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.rambler.ru [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.rambler.ru [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.rambler.ru [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.rambler.ru [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.rambler.ru [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	nova.rambler.ru [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	spenden.wikimedia.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	spenden.wikimedia.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.philips.112.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.generaltracking.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s10.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s07.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	s04.flagcounter.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.twctsg.122.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	tracking1.aleadpay.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.adscendmedia.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	traffic-pimp.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.counter.sexsuche.tv [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	traffic-pimp.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.warnerbrosads.112.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\THE KILLER FLOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZ0C8LQA.DEFAULT\COOKIES.SQLITE ]
         
Also da ist immer noch das Problem mit dem Tab, wo eine mediashifting-Seite ladet.
Als ich die alte Version von Java deinstalliert habe, kam auf einmal ein bluescreen. Nach einem Neustart, ist das dann aber nicht mehr vorgekommen.

Alt 16.01.2012, 05:09   #9
kira
/// Helfer-Team
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



1.
Schritte 5. und 6. fehlen noch!

2.
Was verbirgt sich dahinter, Dir bekannt?:
Zitat:
C:\Users\The Killer Flower\AppData\Local\d2684af2
3.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
ATTFilter
TDSSKiller
(alle vorhandenen Protokolle!)
         
4.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 17.01.2012, 15:20   #10
Marzipan
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



Gestern habe ich diesen Scan durchgeführt. Dann wurde ein Neustart verlangt und jetzt fährt der Laptop gar nicht mehr hoch, vor dem Anmeldebildschirm bleibt es einfach schwarz...

Alt 19.01.2012, 14:51   #11
kira
/// Helfer-Team
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



► Wie ist den aktuellen Zustand des Rechners? Hast du die Probleme immer noch?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 20.01.2012, 09:04   #12
Marzipan
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



Mein Bruder hat den Laptop wieder anbekommen. Das Internet funktioniert noch nicht, aber das kriegen wir am Wochenende bestimmt auch wieder zum Laufen. Mal sehen, wie das dann mit dem Laden von Google Seiten etc. aussieht. Dieses Anti Malware hat auch öfters Viren in Quarantäne gesteckt. Seit das Internet nicht funktioniert passiert das nicht mehr. Kann sich aber wieder ändern, wenn wieder Internetseiten aufgerufen werden...

Alt 21.01.2012, 08:40   #13
kira
/// Helfer-Team
 
Problem mit Mediashifting - Standard

Problem mit Mediashifting



OK, dann melde dich erneut

1.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
lade Dir HijackThis 2.0.4 von *von hier* herunter
Rechtsklick drauf-> "Als Administrator ausführen" wählen
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Problem mit Mediashifting
7-zip, alternate, autorun, avira, bho, bingbar, bonjour, error, fehler, flash player, frage, google, helper, home, install.exe, logfile, mozilla, problem, programm, registry, remote control, scan, security, security scan, server, software, starten, studio, svchost.exe, usb, vista, winload toolbar



Ähnliche Themen: Problem mit Mediashifting


  1. mediashifting.com Virus / TR
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (18)
  2. Mediashifting.com und tr/PSW.karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (1)
  3. mediashifting.com problem
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (2)
  4. Mediashifting / WinXP / SP3
    Plagegeister aller Art und deren Bekämpfung - 29.01.2012 (7)
  5. Virus mediashifting
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (25)
  6. Mediashifting, Problem
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (14)
  7. mediashifting.com Problem
    Log-Analyse und Auswertung - 23.01.2012 (26)
  8. Mediashifting-Problem -mediashifting.com/?search=A123&subid=73&key=aa72a328fb1b718e9e62&p=1
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (13)
  9. Mediashifting p95
    Log-Analyse und Auswertung - 11.01.2012 (1)
  10. mediashifting.com / 95p.com
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (2)
  11. 95p.com/mediashifting.com
    Log-Analyse und Auswertung - 04.01.2012 (18)
  12. mediashifting.com und OTL
    Log-Analyse und Auswertung - 04.01.2012 (8)
  13. 95p.com/mediashifting
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (9)
  14. 95p.com/mediashifting Problem
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (1)
  15. mediashifting 95p ...
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (7)
  16. Mediashifting/p95 - Automatisches Öffnen von mediashifting.com+kein Öffnen von Suchergebniss möglich
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (8)
  17. mediashifting
    Log-Analyse und Auswertung - 29.12.2011 (10)

Zum Thema Problem mit Mediashifting - Hallo! Ich habe auch das "Mediashifting" -Problem. Ich habe bereits über das Thema hier im Forum gelesen, jedoch kann ich in diesen Themen nicht "antworten". So wie ich das bis - Problem mit Mediashifting...
Archiv
Du betrachtest: Problem mit Mediashifting auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.