Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizeivirus ding..

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.07.2012, 18:43   #1
Arganthos
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



Hello also ich habe diesen Polizei Virus, der mich auffordert 100 euro per paysafecard zu zahlen.. hab nun schon über dieses forum erfahren dass ich diese otlpenet.exe benötige, aber wenn ich das ding mit 0-3000 bytes geschwindigkeit downloade und das bei einer 100k leitung dann weiß ich nicht weiter.

gibt es keine andere möglichkeit das ding zu downloaden? der oldtime server da scheint nicht gerade der beste zu sein.

Edit: nach einer Stunde wartezeit ging es mit dem download auf einmal zackiger, nun bekomme ich aber beim laden der Reatogo-X-PE oder wie das nun heißt permanent einen Bluescreen..

Geändert von Arganthos (16.07.2012 um 19:16 Uhr)

Alt 16.07.2012, 20:19   #2
t'john
/// Helfer-Team
 
Polizeivirus ding.. - Standard

Polizeivirus ding..





kommst du in den abgesicherten Modus?
__________________

__________________

Alt 16.07.2012, 20:49   #3
Arganthos
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



hello, habe inzwischen in den abgesicherten modus wechseln, und sowohl Malwarebytes als auch otl starten können... hat aber etwas gedauert -.-

ist damit mein pc "repariert"? er funktioniert normal bisher

logs kann ich auch posten wenn ich weiß dass es damit getan is
__________________

Alt 16.07.2012, 20:59   #4
t'john
/// Helfer-Team
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



Poste die Logfiles!
Es ist noch garnichts repariert!
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 21:19   #5
Arganthos
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



Malwarebytes:

Zitat:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.10

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
***** :: *****-PC [Administrator]

Schutz: Deaktiviert

17.07.2012 00:05:07
mbam-log-2012-07-17 (00-05-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 413995
Laufzeit: 11 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\*****\AppData\Local\Temp\fest0r_ot.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.07.2012 00:22:55 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,85 Gb Available Physical Memory | 60,75% Memory free
15,97 Gb Paging File | 13,05 Gb Available in Paging File | 81,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 45,47 Gb Free Space | 38,17% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 153,17 Gb Free Space | 32,89% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 495,81 Gb Free Space | 53,23% Space Free | Partition Type: NTFS
Drive G: | 3,72 Gb Total Space | 3,41 Gb Free Space | 91,58% Space Free | Partition Type: FAT32
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (O&O Defrag) -- C:\Windows\SysNative\oodag.exe (O&O Software GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (SearchAnonymizer) -- C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (OO DiskImage) -- C:\Programme\OO Software\DiskImage\oodiag.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MagicTuneEngine) -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (GFI Software)
DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\drivers\sbwtis.sys (GFI Software)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (oodivdh) -- C:\Windows\SysNative\drivers\oodivdh.sys (O&O Software GmbH)
DRV:64bit: - (oodivd) -- C:\Windows\SysNative\drivers\oodivd.sys (O&O Software GmbH)
DRV:64bit: - (oodisrh) -- C:\Windows\SysNative\drivers\oodisrh.sys (O&O Software GmbH)
DRV:64bit: - (oodisr) -- C:\Windows\SysNative\drivers\oodisr.sys (O&O Software GmbH)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinRing0_1_2_0) -- D:\Dateien\Downloads\RealTemp_370\WinRing0x64.sys (OpenLibSys.org)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&k=0
IE - HKCU\..\SearchScopes\{2566957A-16E8-4339-9B91-05DB5F2B7807}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3894EEBA-B6AD-4A8A-9D53-DCEC482328FF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYAT&apn_uid=426d6a37-9c82-4f8f-be79-441591f4f603&apn_sauid=6BF3E96D-0B5D-40C1-BAA6-0F8E2431B95C&
IE - HKCU\..\SearchScopes\{38C40013-F385-460e-B824-A759E977974F}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2666723D6368722D646576696365766D26747970653D494542445356&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&k=0
IE - HKCU\..\SearchScopes\{43F30D83-BA0F-4C01-AE30-FFD1DFE503FA}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{51EA166B-19D1-47a4-B493-838DA2C4468C}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D53504C4252312670633D53504C48&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&k=0
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&k=0
IE - HKCU\..\SearchScopes\{69137DA5-E12D-4A61-A570-226BB4711739}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{69F72CA8-9755-4366-BE99-32AEE2007904}: "URL" = [String data over 1000 bytes]
IE - HKCU\..\SearchScopes\{9CCA4782-13D8-413D-A4B6-FF6A899D4AC2}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{BEDE02D2-021F-443A-8938-AD5A0A9957BB}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{C042E938-E1C9-41EB-903A-84B73995C4C1}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\..\SearchScopes\{FC8733BE-6E86-471D-8763-34ECA48392FF}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "uTorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 11:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.06 08:05:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 11:53:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.06 08:05:51 | 000,000,000 | ---D | M]
 
[2011.08.13 02:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.05.30 14:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\3tpghtf2.default\extensions
[2012.01.14 21:00:06 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\3tpghtf2.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.05.30 14:59:07 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\3tpghtf2.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.05.20 03:32:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\3tpghtf2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.10.02 14:51:51 | 000,002,401 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\searchplugins\askcom.xml
[2012.04.18 01:39:04 | 000,000,931 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\searchplugins\conduit.xml
[2011.08.15 16:20:02 | 000,002,182 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\searchplugins\{29E3C6C9-4DC4-48D9-9C32-6792FDF5CC2E}.xml
[2011.08.15 16:20:30 | 000,001,088 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\searchplugins\{4141EC70-2B94-44B9-B3E2-96E5F65F6A9E}.xml
[2011.08.15 16:20:02 | 000,002,071 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\searchplugins\{DBC6A3C3-6FA3-454E-9A3C-030647D6ED33}.xml
[2011.08.15 16:20:02 | 000,001,864 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\searchplugins\{EB25B1E1-54D9-4AC8-A5E6-75148BDEA92E}.xml
[2012.03.18 12:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.18 11:53:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.09 17:43:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.18 11:53:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 11:53:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 11:53:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 11:53:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 11:53:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 11:53:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Windows\SysNative\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [OODITRAY.EXE] C:\Programme\OO Software\DiskImage\ooditray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3C757E2-63F4-4777-9163-8AFBDA8F2786}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07b0d8b1-c540-11e0-8f9a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{07b0d8b1-c540-11e0-8f9a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 00:21:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.07.17 00:01:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.07.17 00:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 00:01:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 00:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.17 00:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 18:00:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{87084ABA-4A21-45DE-8563-497B6D67916B}
[2012.07.16 18:00:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{836DCB4C-FD1E-4943-B6C8-94279A330CF4}
[2012.07.15 13:06:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{47CDFB93-C72C-4CF3-8D68-FE4512668C2C}
[2012.07.15 13:06:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{280D7A25-A534-430C-AC89-8E8296FDC28E}
[2012.07.15 01:05:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E40D7B9C-2E7C-4A56-B692-842AB7EDB047}
[2012.07.14 13:05:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F66A822F-3DDB-491B-8639-82624B490E29}
[2012.07.14 13:04:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0D8F4FEE-3E30-4ADF-AE29-0EE6E3CF8BFC}
[2012.07.14 01:04:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{D643F09C-A762-4FFC-B4C2-55A8ED814506}
[2012.07.14 00:00:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\mIRC
[2012.07.14 00:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2012.07.14 00:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2012.07.13 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A166A1D5-E8F6-4D13-A89E-017A500F9DC2}
[2012.07.13 13:03:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{238CD2E7-5840-41ED-ABA2-AC604F04FD78}
[2012.07.13 01:03:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E3C7F7FF-4EC5-4900-B4BC-8F9CB6A3BC5E}
[2012.07.12 13:02:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0FABA0A3-2215-48DD-BEF5-6BE9BFED20C5}
[2012.07.12 00:12:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{2517E2A6-AEC7-4ECA-8107-0BB09C84C7D1}
[2012.07.11 12:11:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{C04B28EA-8317-4534-ABF7-987D3C9E586A}
[2012.07.11 00:11:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B69300B8-33EF-4775-943F-F0C3F3AB0B55}
[2012.07.10 12:11:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{8DF0A043-1D5A-43C1-BD62-C688BFA34C00}
[2012.07.10 12:10:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{1E9E79EF-9E0F-4FE1-AF4E-C1B19FA7A15A}
[2012.07.09 23:52:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3A345818-B0FF-4808-A354-88A15F1B9A4C}
[2012.07.09 11:51:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{AE5EA6CC-609F-44CD-B0BF-8689EDED802B}
[2012.07.09 11:51:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{583948B9-F7E5-418F-A80F-6107C07E28FF}
[2012.07.08 23:50:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{9848506E-E550-4333-A029-1D166392CAAA}
[2012.07.08 23:50:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{DD624E29-0774-4AB8-AC62-B3FB1A27FEAC}
[2012.07.08 11:49:54 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B93F204D-5132-4AA0-AAAB-F32E6B873ACD}
[2012.07.08 11:49:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3C68AB65-6FB0-4ADA-9474-A3A5F97ED994}
[2012.07.07 23:48:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{EE706632-AAAE-4F65-BB73-EA7A583DD509}
[2012.07.07 23:48:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{45117582-8A2A-4691-87F7-A4E935F38658}
[2012.07.07 11:48:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0B539BB0-564E-457C-8E86-34457C2D1AE9}
[2012.07.07 11:47:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{DECEDEDF-81C0-45E6-83BB-B67D38993198}
[2012.07.06 12:59:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{46DFBFF4-BA84-43EE-A6D4-AED275235C92}
[2012.07.06 12:58:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F11637E4-0E80-4240-AE08-959DA81C4D51}
[2012.07.06 00:58:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A2AD0C3F-971E-434D-8D8F-126D85FB8C8E}
[2012.07.05 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F0FEB2CF-50D2-4931-9115-957FEBC34191}
[2012.07.05 12:57:29 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B24A90B0-8523-41BC-A66F-52C04A18D4B7}
[2012.07.04 13:16:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{6D86E72F-973B-437A-A765-88812DDFBE52}
[2012.07.04 13:15:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{CD34EE8D-086E-4511-BEDD-AD4D72C1A126}
[2012.07.04 01:15:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{5199728A-96F5-4644-B042-FF061108EC0D}
[2012.07.03 13:14:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{5CD7676E-7943-4C99-B525-03AE543A4831}
[2012.07.03 13:14:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7BA7B961-5235-4463-A9B8-6880D8FDABDD}
[2012.07.02 22:17:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{CDBCF7B6-BCC9-4E2A-811B-2751C87124B8}
[2012.07.02 10:17:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{AA4F7AD0-740C-43AA-B595-EA9597066842}
[2012.07.02 10:17:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{D3AC8B14-85A3-44BD-A40A-11341A686CC4}
[2012.07.01 14:01:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{D2EFC523-9AD4-4E54-A1E2-1A7CB9A04444}
[2012.07.01 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{67E0C843-296B-4D64-A406-F0C9A05A4E81}
[2012.07.01 01:15:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A978998D-32AE-4399-868B-40CC280FC15D}
[2012.06.30 13:14:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{88B2C19F-3EE2-44EA-B33A-6B8EC0248A56}
[2012.06.30 01:14:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0A955F84-251E-47A7-BD8C-54B5CD953897}
[2012.06.29 13:13:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{798B4EB7-CD22-4B0D-9D63-79ED77223C90}
[2012.06.29 13:13:31 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{BCBC40C2-77D5-486F-A871-96C26E1E01E9}
[2012.06.29 01:13:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{2628C219-5A11-43B5-84E7-892CA4B27CA1}
[2012.06.28 13:12:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{05948DA9-D450-4B40-9C8D-F39C7C967CB0}
[2012.06.28 13:12:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{75CBF8F3-A247-4025-8828-819D369D6CA7}
[2012.06.28 01:11:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{54DAC845-396B-4F12-ADC9-F5D730AFDCA4}
[2012.06.27 13:11:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F947639E-0054-498A-8B7B-9F924C97A1F2}
[2012.06.27 13:10:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{741B1843-B0AC-4635-A7BB-D1B3DDD76072}
[2012.06.27 01:10:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{F7CDAEFE-1DD2-41E0-8C03-8F08B37D5DAD}
[2012.06.26 13:09:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{CE102A73-0F5C-41EC-84E8-FD58AB60E7AC}
[2012.06.26 13:09:17 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B598D5D4-7C0E-4CE5-B617-8DCA1E577E64}
[2012.06.26 01:08:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{8D97A98B-C46C-4679-BD7B-3951EFA9B82C}
[2012.06.25 13:08:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0A06ADA4-80F4-477F-95A6-63FD746C55FB}
[2012.06.25 13:07:57 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0E2EB6B7-796D-49FD-A1BF-1E021042D8CE}
[2012.06.25 01:07:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4DC2AF03-C24D-4AB5-9FC5-491B0E068F4E}
[2012.06.24 13:06:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{FF29AAE6-2BE3-4B26-9109-D802E8B9AD07}
[2012.06.24 05:55:47 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.24 05:55:47 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.24 05:55:47 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.24 05:55:46 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.24 05:55:46 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.24 05:55:46 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.24 05:55:45 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.24 05:55:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.24 01:06:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{69644D98-53EF-47EF-B931-85052FEAE599}
[2012.06.23 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{6087CFAF-655E-43DA-AA6F-6B768DD782EC}
[2012.06.23 13:05:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E6126B11-F2EC-4DB4-A439-7CAEEC1BF7D2}
[2012.06.23 01:05:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{90AB0E5C-21A7-4D2E-AA89-DB5C0C8A389E}
[2012.06.23 01:04:43 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{42020BC8-6BBD-4C99-8A8F-A8A06C6A0E42}
[2012.06.22 13:04:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{46AA8B4F-6E91-4104-8A4C-26FA2BAFDA10}
[2012.06.22 13:03:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{33723A9D-7649-49CD-AFBF-2A9B29380CD7}
[2012.06.22 00:11:55 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{34D4A1D8-FE5E-4989-9ECD-60090945B42A}
[2012.06.22 00:11:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3F0AE513-0F4C-4EB6-AC96-5A2DC0E54AC6}
[2012.06.21 12:11:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{244744EA-E366-4625-BA53-6A211E1E94DF}
[2012.06.20 12:36:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{5ED84286-F19C-4ACB-B9BA-58DD077B4FE3}
[2012.06.20 12:36:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E9C55F3E-5AA6-495D-88A4-3FD54FE68B3D}
[2012.06.20 00:36:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{28E03F82-6B26-4B3E-A6C9-C8DA6AA782D4}
[2012.06.19 12:35:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{39C33D73-A2F1-4724-833C-5EF89B9DE2C7}
[2012.06.19 12:35:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{9D801159-DC34-4727-8F02-A7774232C91C}
[2012.06.19 00:34:43 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{149D4DC3-E994-42F6-866C-BC2A5D4B1C86}
[2012.06.18 12:08:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{51F0D3CF-048D-46F6-BA1D-D4319CF2C7F6}
[2012.06.17 12:07:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{C8C09D6A-81F4-434B-8617-7DCD6A954132}
[2012.06.17 00:59:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{DC5212F4-2DE9-4A72-AC27-3D6A2C31A9BE}
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 00:21:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.07.17 00:04:26 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.17 00:04:26 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.17 00:04:26 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.17 00:04:26 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.17 00:04:26 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 00:01:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.16 23:44:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 23:44:47 | 000,443,119 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.07.16 18:53:05 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 18:53:05 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 18:52:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.16 18:48:59 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.07.16 18:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.14 00:00:37 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012.07.12 17:09:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 17:09:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.08 22:41:38 | 000,000,000 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012.07.08 22:41:37 | 000,000,318 | ---- | M] () -- C:\Users\*****\Desktop\Curse Client - 1 .appref-ms
[2012.07.07 01:14:55 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.07.07 01:14:55 | 000,002,094 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.29 18:32:24 | 000,177,894 | ---- | M] () -- C:\Users\*****\Desktop\Foto(3).JPG
[2012.06.29 18:26:34 | 000,175,028 | ---- | M] () -- C:\Users\*****\Desktop\Foto(1).JPG
 
========== Files Created - No Company Name ==========
 
[2012.07.17 00:01:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.16 18:40:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.14 00:00:37 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012.07.08 22:41:38 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012.07.08 22:41:37 | 000,000,318 | ---- | C] () -- C:\Users\*****\Desktop\Curse Client - 1 .appref-ms
[2012.07.07 01:14:35 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.29 18:24:43 | 000,177,894 | ---- | C] () -- C:\Users\*****\Desktop\Foto(3).JPG
[2012.06.29 18:24:34 | 000,175,028 | ---- | C] () -- C:\Users\*****\Desktop\Foto(1).JPG
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.16 21:59:21 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.08.16 21:59:21 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.08.15 16:20:33 | 000,676,864 | ---- | C] () -- C:\Windows\SysWow64\mxMonecSocket.dll
[2011.08.13 22:05:30 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2011.08.13 02:50:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.08.13 02:30:32 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.08.13 02:21:19 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.08.13 02:17:13 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.06.02 09:17:24 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
 
========== LOP Check ==========
 
[2012.06.04 11:12:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ad-Aware Antivirus
[2011.10.08 15:05:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon
[2011.11.01 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Downloaded Installations
[2012.07.16 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2012.02.21 19:53:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Manga Reader
[2011.08.15 16:20:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OCS
[2011.08.15 16:20:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2011.08.13 12:33:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Splashtop
[2012.04.10 21:20:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2012.06.23 14:48:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2012.07.11 23:35:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2012.04.21 14:59:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.07.2012 00:22:55 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 4,85 Gb Available Physical Memory | 60,75% Memory free
15,97 Gb Paging File | 13,05 Gb Available in Paging File | 81,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 45,47 Gb Free Space | 38,17% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 153,17 Gb Free Space | 32,89% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 495,81 Gb Free Space | 53,23% Space Free | Partition Type: NTFS
Drive G: | 3,72 Gb Total Space | 3,41 Gb Free Space | 91,58% Space Free | Partition Type: FAT32
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10F6B332-ED35-4EF0-BB9E-A513791F79E7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2B800FF1-C359-4617-9128-9E25FEDE2F44}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2E4DEFA3-2748-4888-9896-59C1544E14C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{40B6D955-223B-487B-8E7B-8CF936E1CE66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{553BFC79-13C1-4706-BE54-326EB71A931D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6545AE50-CC0E-43BC-82D8-AF4C8C65937D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6943F021-AF2A-4C69-9BB5-B75294D7230F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8F49BC58-2CBB-4872-862D-FF4062D540AE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{900ADBD5-6FF8-44CA-9A92-BF9E9BC44814}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A406AC00-7442-46BA-B2F3-92B69AED37A2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B5AA0F2D-F322-49CF-AEE0-8E5F3051B1FD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BBA1FE80-A088-4241-ADDC-6852A19C805E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E6786BDC-C9D3-4885-9FF3-D22559257236}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E85781B4-8410-4A79-8BF8-3A35442B082F}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0428D92B-7CBB-44E7-A47B-29A5887668EA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{11F36DD1-B0D5-412C-AF44-443AE3FD84D2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{1314E74A-9B09-4607-B13A-112B0FCDA291}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{16AE6238-8114-4C84-B477-69DC4DA1B6C0}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\sonic generations\configurationtool.exe | 
"{271F9067-977E-4DC7-8F3C-DFB0AC832259}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{29974D40-1162-444C-A214-58DB80D5049E}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\sonic generations\configurationtool.exe | 
"{29EEA754-5700-45FD-BA96-222586EED91C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{300BB389-C565-4C59-8459-C271006BDEDA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{3BC71920-3CB9-464F-BF3A-DD32A90101FC}" = protocol=6 | dir=in | app=d:\programme\world of warcraft public test\launcher.patch.exe | 
"{3F9B2D5E-0CBA-4B28-8376-9FE70E947F13}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A798042-9297-43D4-AD7C-D241C9A2B565}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{5AB76E79-9A85-4322-BEE5-B908126B91ED}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe | 
"{5C09D24C-E24E-434E-9C89-933CF07DC6E5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{5ECAB464-ADCC-41A6-9EBD-86C6865E274C}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{61967556-FF01-4610-A4B5-B2B9CCADFD5E}" = protocol=6 | dir=in | app=d:\programme\world of warcraft public test\launcher.exe | 
"{627C459B-8B08-4377-840D-1377CE66D1DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{658F82E7-D063-457B-ABBF-F8612A21B535}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{66822B81-C07D-42A4-9718-CFE9F7DA57C1}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\sonic generations\sonicgenerations.exe | 
"{6D4429E8-3EB8-4B84-8DAC-2F3569A8BB5E}" = protocol=17 | dir=in | app=d:\programme\world of warcraft public test\launcher.exe | 
"{72CF7CBA-A5AA-4065-A3DF-04DAE7DFCD46}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{757F8498-15AA-42CC-ACB0-A6EFA1156E7F}" = protocol=6 | dir=in | app=d:\programme\diablo iii beta\diablo iii.exe | 
"{79AC7223-983B-4EC0-BD92-739F9711E3E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7C0BFA5D-ADF4-40BF-99DF-1768F202888D}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{7F68FE15-7575-497C-BEB8-1088AB207FD8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{842CA450-1131-4AF0-990D-F8A0EA2283DA}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe | 
"{85E3D311-4A60-42F3-9AC5-6FEDFB7515CE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{9C7A2B98-2625-4DA9-8E94-43F35B7F9727}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{A1553DDC-A828-4D0B-832B-A242CDE2B032}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{A954CA7E-E69C-4FF5-BCD4-285E8706F8AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AC0D6BAB-98BB-47FA-918A-D4C5EF9F591D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{B5D9C583-CD2F-437D-8891-EC87523A65A9}" = protocol=17 | dir=in | app=d:\programme\world of warcraft\launcher.patch.exe | 
"{B706DF4B-3AA5-4960-8DE3-9BC32F3E1348}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{BE9E80D4-9CFB-469C-B4EC-CFE49B08A248}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{C076F649-ED99-4E58-A9F8-18F79058ABE9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C30DEA00-D117-47FE-B173-89FEAAC81843}" = protocol=17 | dir=in | app=d:\programme\world of warcraft\launcher.exe | 
"{C3644122-F18B-4B07-AF9A-A2FEBE7ECDF2}" = protocol=17 | dir=in | app=d:\programme\diablo iii beta\diablo iii.exe | 
"{C5FF3614-454F-4E91-A9B5-87A3B71141FA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{C6AECD31-A532-4A21-8908-E92B7E0F844D}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{C8A2BCDC-D07D-4AB2-A88B-1BD4C39C4BC9}" = protocol=6 | dir=in | app=d:\programme\world of warcraft\launcher.exe | 
"{D5F026CB-1103-4989-94E6-B45BE10830AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D5F313F0-1DCC-4B22-AE8F-0394368418A6}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{D7631749-A169-4D6B-890D-C7EDDFE06BDA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{DC37A26D-3006-4C54-B5B5-A7B607F189DB}" = protocol=17 | dir=in | app=d:\programme\world of warcraft public test\launcher.patch.exe | 
"{DE3175B7-42F5-4E9D-A582-B060813BD16B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{DEC658B4-F350-4BE7-A711-B78C87E73B2A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{DF61DECC-3FC5-4FCD-AE1E-2EA5FB2DD0AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E9DF35B1-4E44-4C92-9A9E-53CD5F5C7FF8}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{EA27CA9A-40C4-46CB-BCCE-E476B81AA04F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{EED835A8-F89A-4F54-ACAF-00B0424F0C59}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{F3E87ACD-A64A-4EF1-BE0B-A49A7E22E071}" = protocol=6 | dir=in | app=d:\programme\world of warcraft\launcher.patch.exe | 
"{F5800A48-2F40-4284-9535-501B8ED93913}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{F8575757-B5CB-41B4-BF1A-1C1D0B75673B}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\sonic generations\sonicgenerations.exe | 
"{FA9CEB89-33DC-4C93-8C0A-2E4F0F21C802}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{082E55BD-D597-4554-B378-F2F91291D519}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{0F3B5E00-BA03-48C1-91CE-A81105378872}D:\programme\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=d:\programme\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe | 
"TCP Query User{1CF8990C-C5E3-493F-AF2F-B9850843205B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{1FC4ADCD-86F0-456D-A95C-1DC0EB1072E4}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{316CDD7E-DAD2-4F75-9332-FAC0DD06C9D6}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"TCP Query User{32AC68AE-9F15-473B-91D9-70E41FD7054D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"TCP Query User{396780D0-530E-4123-BB78-3F218763E47D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{418FAA40-1CFE-4D06-8858-A244953C3851}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"TCP Query User{47728403-1CAB-4E66-8CB7-9550949C76E0}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{6B807281-6D96-4DE6-8111-1F7D371E6A8D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{700B0023-8E18-4B43-8DB7-53900013F89C}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"TCP Query User{76DB0396-089F-466F-AE6C-9B05353BFD8A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{78113A87-DE65-462D-8BBB-B8880304BEAC}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{8F970A8A-331A-4C64-8979-FD8B1D23D1A8}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{919519F8-254F-4234-9612-3119AFC72AEB}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"TCP Query User{A2ECF88E-0E4F-4232-9E86-4B77644F766C}D:\dateien\downloads\ptr-installer-de_de(1).exe" = protocol=6 | dir=in | app=d:\dateien\downloads\ptr-installer-de_de(1).exe | 
"TCP Query User{A41198AF-1EA6-44E5-BE0A-4DFE1B896C8B}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{B0CDA5AF-F429-4C27-86BA-FCF56B03731E}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{B374ADDA-CC91-4E49-8CE6-0F40BB3521DB}D:\programme\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\programme\world of warcraft public test\backgrounddownloader.exe | 
"TCP Query User{BC7C8622-66AC-46A4-B0A6-444445BC9018}D:\dateien\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=d:\dateien\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{C2594F94-EF89-4D5C-9ACE-A0286B7C2D6D}D:\programme\tera\tera-launcher.exe" = protocol=6 | dir=in | app=d:\programme\tera\tera-launcher.exe | 
"TCP Query User{C37CE2ED-8DAB-4D9B-BDAF-8F3421B323D1}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"TCP Query User{CF5B2D7B-0021-4DF1-B82F-43878DEC28EE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"TCP Query User{D1577CE9-5FD3-4B55-A74D-00E43C12FD23}D:\programme\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=d:\programme\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe | 
"TCP Query User{D2828033-84F2-4CAD-9BAA-680BACB84F83}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"TCP Query User{E0095E1E-BAA6-46B6-97A6-2EA1895BF55A}D:\dateien\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=d:\dateien\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{E46F948F-0689-41E0-B764-E7EDD7A16BB3}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{E4BE866C-2457-4BA8-834A-A96FB92BBBD1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{F4CBE25F-D318-4614-93FB-E83381D383D8}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{FA2EEEDE-F0AF-4C06-BA45-CC53E19E6AAB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{0063800A-819F-4392-85F2-1A3403BF0B57}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"UDP Query User{040A0B20-5B3D-4FB7-B673-49ED54522513}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{15A1C0E5-2DA2-4C30-8C8B-800E7B822410}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{16CA4A43-2888-4309-826A-D5E623415FA4}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{1B967B4B-F377-4D66-A8D7-70B0D8431AC3}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{3D8880EC-D8CA-452A-BBDA-23314FAAD6BA}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{3F93A179-06CF-4A90-9E3C-2EF916C18383}D:\dateien\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=d:\dateien\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{427474A0-5AD2-4392-BA41-4A5F673D859F}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"UDP Query User{495D8E77-AA7A-47CC-B660-C090AC2DE9ED}D:\programme\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=d:\programme\world of warcraft public test\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe | 
"UDP Query User{53BDA417-836D-4734-9D29-6116C2A07361}D:\programme\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=d:\programme\world of warcraft public test\temp\wow-4.2.1.2588-enus-ptr-tools-downloader.exe | 
"UDP Query User{5DB052DE-2544-4002-AD0F-45583C5D0AE5}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{5E401F9D-2B80-4B55-B7D0-C9EEB5D6AC22}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{63D67ABB-CA84-4757-8D33-83A985DB6597}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"UDP Query User{6A4D1A22-F538-4C14-A327-2DA961627A47}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{6AD85736-A79C-4901-A701-B6D2EA54D5EE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{6F4458F0-7666-4BDE-A0E3-A6A6B0351A8A}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"UDP Query User{724075F6-0324-4772-A4AD-B5710E5569D3}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{78042510-9767-4302-A0CD-709952E6CBC1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{82F5DFD9-D5F1-4D91-907C-06BB3C1D4DFD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"UDP Query User{85E109FF-E75F-4F6D-B4DA-EC0EBC199605}C:\programdata\battle.net\agent\agent.954\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"UDP Query User{975641AB-70E1-48E1-91E3-2DFFF84D2678}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{A0835697-5E4A-4F3A-944D-38F52C15A85A}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{A316C979-86B8-458D-BAEC-EA246A92042C}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{A598B5F3-61E6-4F19-B300-A3916E9D753F}D:\dateien\downloads\ptr-installer-de_de(1).exe" = protocol=17 | dir=in | app=d:\dateien\downloads\ptr-installer-de_de(1).exe | 
"UDP Query User{BD683F49-467D-4457-B39B-D3A498D099E0}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"UDP Query User{C92CEFD0-5654-4D3B-97E9-1674DA3222F6}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{E8767B7A-020E-4CB1-A7CE-7EC1F22C57C6}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{F8F46BAE-C903-4C77-A8B8-5BB6F0DD72C1}D:\programme\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\programme\world of warcraft public test\backgrounddownloader.exe | 
"UDP Query User{FA24B8A2-51B2-4F33-8699-43174AEDC766}D:\dateien\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=d:\dateien\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{FD04B7F8-292E-474B-B751-1DAE9DC9CFDC}D:\programme\tera\tera-launcher.exe" = protocol=17 | dir=in | app=d:\programme\tera\tera-launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{087BEB30-5324-4615-A097-51DB44EC5B71}" = O&O Defrag Professional Edition
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96152E7C-E450-4B6A-96D0-5013C81DDE88}" = O&O DiskImage Professional
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SearchAnonymizer" = SearchAnonymizer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0512.1
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"5513-1208-7298-9440" = JDownloader 0.9
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"avast" = avast! Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.0.2
"Diablo III" = Diablo III
"Diablo III Beta" = Diablo III Beta
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0512.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Messenger Plus!" = Messenger Plus! 5
"mIRC" = mIRC
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MySSID_is1" = EXPERTool 7.20
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SpeedFan" = SpeedFan (remove only)
"Steam App 71340" = Sonic Generations
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft Beta" = World of Warcraft Beta
"World of Warcraft Public Test" = World of Warcraft Public Test
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"101a9f93b8f0bb6f" = Curse Client - 1 
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.07.2012 19:21:19 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d76255d  Name des fehlerhaften Moduls: PriceGongIE.dll_unloaded, 
Version: 0.0.0.0, Zeitstempel: 0x4e8d7e1a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x05b05381
ID
 des fehlerhaften Prozesses: 0x95120  Startzeit der fehlerhaften Anwendung: 0x01cd5bce0ba52509
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: PriceGongIE.dll  Berichtskennung: 4a009fc2-c7c1-11e1-9fff-50e5493d8fcb
 
Error - 07.07.2012 18:50:25 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12fc    Startzeit:
 01cd5c2589bca16f    Endzeit: 46    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 21e9a431-c886-11e1-8af3-50e5493d8fcb  
 
Error - 08.07.2012 16:36:56 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 316e8    Startzeit:
 01cd5d12c46f4f83    Endzeit: 167    Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe

Berichts-ID:
 a70180e9-c93c-11e1-a2e3-50e5493d8fcb  
 
Error - 08.07.2012 16:39:50 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 319a0    Startzeit:
 01cd5d49708b78b9    Endzeit: 132    Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe

Berichts-ID:
 0e1c9936-c93d-11e1-a2e3-50e5493d8fcb  
 
Error - 09.07.2012 12:44:28 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_262.exe,
 Version: 11.3.300.262, Zeitstempel: 0x4fe20fae  Name des fehlerhaften Moduls: unknown,
 Version: 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x6a5ef4e8  ID des fehlerhaften Prozesses: 0xc94  Startzeit der fehlerhaften Anwendung:
 0x01cd5db52b97bb86  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 5905bcab-c9e5-11e1-bda7-50e5493d8fcb
 
Error - 09.07.2012 15:33:36 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_262.exe,
 Version: 11.3.300.262, Zeitstempel: 0x4fe20fae  Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll,
 Version: 11.3.300.262, Zeitstempel: 0x4fe21212  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00066329  ID des fehlerhaften Prozesses: 0x3be0  Startzeit der fehlerhaften Anwendung:
 0x01cd5df2212ac812  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
Berichtskennung:
 f95d7ffc-c9fc-11e1-bda7-50e5493d8fcb
 
Error - 12.07.2012 13:59:53 | Computer Name = *****-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 4.3.4.15595 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1124    Startzeit:
 01cd601e9942912a    Endzeit: 139    Anwendungspfad: C:\Program Files (x86)\World of Warcraft\Wow.exe

Berichts-ID:
 5e0f3f35-cc4b-11e1-bb19-50e5493d8fcb  
 
Error - 13.07.2012 09:33:31 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
 Version: 11.3.300.265, Zeitstempel: 0x4febd5ac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
 Version: 11.3.300.265, Zeitstempel: 0x4febd798  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x004923d1  ID des fehlerhaften Prozesses: 0x149c  Startzeit der fehlerhaften Anwendung:
 0x01cd60e642089012  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
 55fbddca-ccef-11e1-bcb2-50e5493d8fcb
 
Error - 14.07.2012 18:21:12 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
 Version: 11.3.300.265, Zeitstempel: 0x4febd5ac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
 Version: 11.3.300.265, Zeitstempel: 0x4febd798  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d1e2f  ID des fehlerhaften Prozesses: 0x4e2b8  Startzeit der fehlerhaften Anwendung:
 0x01cd61eee89dcec9  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
 37cfa5a1-ce02-11e1-b4aa-50e5493d8fcb
 
Error - 15.07.2012 18:01:36 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
 Version: 11.3.300.265, Zeitstempel: 0x4febd5ac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
 Version: 11.3.300.265, Zeitstempel: 0x4febd798  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d1e2f  ID des fehlerhaften Prozesses: 0x175c  Startzeit der fehlerhaften Anwendung:
 0x01cd626b477c99ec  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
 a53af419-cec8-11e1-b176-50e5493d8fcb
 
[ System Events ]
Error - 11.02.2012 05:10:14 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.02.2012 12:38:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 15.02.2012 12:38:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 24.02.2012 13:00:06 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 24.02.2012 13:00:06 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 12.03.2012 20:35:06 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.03.2012 09:41:25 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 16.03.2012 09:41:25 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.03.2012 12:36:00 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 22.03.2012 12:36:00 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         
--- --- ---


Alt 16.07.2012, 21:26   #6
t'john
/// Helfer-Team
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2851647 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&k=0 
IE - HKCU\..\SearchScopes\{2566957A-16E8-4339-9B91-05DB5F2B7807}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{3894EEBA-B6AD-4A8A-9D53-DCEC482328FF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYAT&apn_uid=426d6a37-9c82-4f8f-be79-441591f4f603&apn_sauid=6BF3E96D-0B5D-40C1-BAA6-0F8E2431B95C& 
IE - HKCU\..\SearchScopes\{38C40013-F385-460e-B824-A759E977974F}: "URL" = http://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2666723D6368722D646576696365766D26747970653D494542445356&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&k=0 
IE - HKCU\..\SearchScopes\{43F30D83-BA0F-4C01-AE30-FFD1DFE503FA}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{51EA166B-19D1-47a4-B493-838DA2C4468C}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D53504C4252312670633D53504C48&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&k=0 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&k=0 
IE - HKCU\..\SearchScopes\{69137DA5-E12D-4A61-A570-226BB4711739}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{69F72CA8-9755-4366-BE99-32AEE2007904}: "URL" = [String data over 1000 bytes] 
IE - HKCU\..\SearchScopes\{9CCA4782-13D8-413D-A4B6-FF6A899D4AC2}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{BEDE02D2-021F-443A-8938-AD5A0A9957BB}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0 
IE - HKCU\..\SearchScopes\{C042E938-E1C9-41EB-903A-84B73995C4C1}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 
IE - HKCU\..\SearchScopes\{FC8733BE-6E86-471D-8763-34ECA48392FF}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=62a06aa6-791a-45db-97eb-ed2c09e570df&pid=murb&mode=bounce&k=0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Ask.com" 
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "uTorrentBar_DE Customized Web Search" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://www.google.at/" 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () 
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{07b0d8b1-c540-11e0-8f9a-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{07b0d8b1-c540-11e0-8f9a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSETUP.EXE 

[2012.07.16 18:52:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad 
[2012.07.16 18:53:05 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 
[2012.07.16 18:53:05 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 
[2012.07.16 18:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.16 18:40:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
--> Polizeivirus ding..

Alt 16.07.2012, 21:47   #7
Arganthos
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2566957A-16E8-4339-9B91-05DB5F2B7807}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2566957A-16E8-4339-9B91-05DB5F2B7807}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3894EEBA-B6AD-4A8A-9D53-DCEC482328FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3894EEBA-B6AD-4A8A-9D53-DCEC482328FF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38C40013-F385-460e-B824-A759E977974F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38C40013-F385-460e-B824-A759E977974F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{43F30D83-BA0F-4C01-AE30-FFD1DFE503FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43F30D83-BA0F-4C01-AE30-FFD1DFE503FA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51EA166B-19D1-47a4-B493-838DA2C4468C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51EA166B-19D1-47a4-B493-838DA2C4468C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69137DA5-E12D-4A61-A570-226BB4711739}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69137DA5-E12D-4A61-A570-226BB4711739}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69F72CA8-9755-4366-BE99-32AEE2007904}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F72CA8-9755-4366-BE99-32AEE2007904}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CCA4782-13D8-413D-A4B6-FF6A899D4AC2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CCA4782-13D8-413D-A4B6-FF6A899D4AC2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BEDE02D2-021F-443A-8938-AD5A0A9957BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEDE02D2-021F-443A-8938-AD5A0A9957BB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C042E938-E1C9-41EB-903A-84B73995C4C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C042E938-E1C9-41EB-903A-84B73995C4C1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC8733BE-6E86-471D-8763-34ECA48392FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC8733BE-6E86-471D-8763-34ECA48392FF}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "uTorrentBar_DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "uTorrentBar_DE Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.at/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07b0d8b1-c540-11e0-8f9a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07b0d8b1-c540-11e0-8f9a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07b0d8b1-c540-11e0-8f9a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07b0d8b1-c540-11e0-8f9a-806e6f6e6963}\ not found.
File E:\CDSETUP.EXE not found.
C:\ProgramData\to_r0tsef.pad moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
File C:\ProgramData\to_r0tsef.pad not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Bakura\Desktop\cmd.bat deleted successfully.
C:\Users\Bakura\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bakura
->Temp folder emptied: 666667549 bytes
->Temporary Internet Files folder emptied: 278965489 bytes
->Java cache emptied: 28319223 bytes
->FireFox cache emptied: 141527860 bytes
->Flash cache emptied: 71394 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30834952 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 512556585 bytes
 
Total Files Cleaned = 1.582,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Bakura
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07172012_014036

Files\Folders moved on Reboot...
C:\Users\Bakura\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXMWTN2G\300x250iframeintlv2[1].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXMWTN2G\AdDisplayTrackerServlet[9].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXMWTN2G\button-flex-blue2[1].png moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXMWTN2G\emily[1].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\AdDisplayTrackerServlet[10].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\api[1].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\background_banner_7_de[1].jpg moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\data_sync[1].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\dppix[1].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\freq[5].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\syncuppixels[1].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\tick-blue[1].png moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M1U5IYE\AdDisplayTrackerServletCA1F5IXS.htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M1U5IYE\addons-tracker-v4[2].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M1U5IYE\api[2].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M1U5IYE\background-banner-right-v9[1].jpg moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5333ZDP9\AdDisplayTrackerServletCAWODYU6.htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5333ZDP9\addons-v4[2].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5333ZDP9\background-banner-middle-v9[1].jpg moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5333ZDP9\ddc[2].htm moved successfully.
C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5333ZDP9\pixel[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Bakura\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXMWTN2G\300x250iframeintlv2[1].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXMWTN2G\AdDisplayTrackerServlet[9].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXMWTN2G\button-flex-blue2[1].png not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXMWTN2G\emily[1].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\AdDisplayTrackerServlet[10].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\api[1].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\background_banner_7_de[1].jpg not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\data_sync[1].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\dppix[1].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\freq[5].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\syncuppixels[1].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABYH980M\tick-blue[1].png not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M1U5IYE\AdDisplayTrackerServletCA1F5IXS.htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M1U5IYE\addons-tracker-v4[2].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M1U5IYE\api[2].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M1U5IYE\background-banner-right-v9[1].jpg not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5333ZDP9\AdDisplayTrackerServletCAWODYU6.htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5333ZDP9\addons-v4[2].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5333ZDP9\background-banner-middle-v9[1].jpg not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5333ZDP9\ddc[2].htm not found!
File C:\Users\Bakura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5333ZDP9\pixel[1].htm not found!

Registry entries deleted on Reboot...
         

Alt 16.07.2012, 21:48   #8
t'john
/// Helfer-Team
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



Sehr gut!

Wie laeuft der Rechner?

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 21:58   #9
Arganthos
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



in all der aufregung hab ich gemerkt dass bei meinem vorletzten code eine externe festplatte nicht dran war... -.- hoff das wirkt sich nicht zu negativ aus.. bin son trottel :X malware und so hat die festplatte aber keine..

bisher rennt der pc super

Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/17/2012 at 01:57:32
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ***** - *****-PC
# Running from : D:\Dateien\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\*****\AppData\Local\Conduit
Folder Found : C:\Users\*****\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\*****\AppData\LocalLow\Conduit
Folder Found : C:\Users\*****\AppData\LocalLow\PriceGong
Folder Found : C:\Users\*****\AppData\LocalLow\uTorrentBar_DE
Folder Found : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\ConduitCommon
Folder Found : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\uTorrentBar_DE
File Found : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\searchplugins\Askcom.xml
File Found : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Key Found : HKLM\SOFTWARE\uTorrentBar_DE
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\prefs.js

Found : user_pref("CT2851647..clientLogIsEnabled", false);
Found : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2851647.CTID", "CT2851647");
Found : user_pref("CT2851647.CurrentServerDate", "6-5-2012");
Found : user_pref("CT2851647.DSInstall", true);
Found : user_pref("CT2851647.DialogsAlignMode", "LTR");
Found : user_pref("CT2851647.DialogsGetterLastCheckTime", "Sat May 05 2012 23:57:02 GMT+0200");
Found : user_pref("CT2851647.DownloadReferralCookieData", "");
Found : user_pref("CT2851647.EMailNotifierPollDate", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.FeedLastCount2532783744689806690", 177);
Found : user_pref("CT2851647.FeedPollDate2429156812186649977", "Sun May 06 2012 00:57:01 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813040823546", "Sun May 06 2012 00:57:03 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813130095866", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813224203613", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813230837251", "Sun May 06 2012 00:57:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813454291735", "Sun May 06 2012 00:57:03 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813729834876", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156813860870021", "Sun May 06 2012 00:57:01 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156814264681793", "Sun May 06 2012 00:57:04 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156814863075366", "Sun May 06 2012 00:57:00 GMT+0200");
Found : user_pref("CT2851647.FeedPollDate2429156815257761081", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2851647.FirstServerDate", "6-5-2012");
Found : user_pref("CT2851647.FirstTime", true);
Found : user_pref("CT2851647.FirstTimeFF3", true);
Found : user_pref("CT2851647.FixPageNotFoundErrors", true);
Found : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2851647.HPInstall", true);
Found : user_pref("CT2851647.HasUserGlobalKeys", true);
Found : user_pref("CT2851647.HomePageProtectorEnabled", true);
Found : user_pref("CT2851647.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=[...]
Found : user_pref("CT2851647.Initialize", true);
Found : user_pref("CT2851647.InitializeCommonPrefs", true);
Found : user_pref("CT2851647.InstallationAndCookieDataSentCount", 2);
Found : user_pref("CT2851647.InstallationId", "fft8A5A.tmp.exe");
Found : user_pref("CT2851647.InstallationType", "XPE");
Found : user_pref("CT2851647.InstalledDate", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.IsGrouping", false);
Found : user_pref("CT2851647.IsInitSetupIni", true);
Found : user_pref("CT2851647.IsMulticommunity", false);
Found : user_pref("CT2851647.IsOpenThankYouPage", true);
Found : user_pref("CT2851647.IsOpenUninstallPage", false);
Found : user_pref("CT2851647.IsProtectorsInit", true);
Found : user_pref("CT2851647.LanguagePackLastCheckTime", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2851647.LastLogin_3.12.0.8", "Sat May 05 2012 23:57:31 GMT+0200");
Found : user_pref("CT2851647.LatestVersion", "3.12.2.3");
Found : user_pref("CT2851647.Locale", "de");
Found : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Found : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Found : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8");
Found : user_pref("CT2851647.SavedHomepage", "www.google.at");
Found : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Found : user_pref("CT2851647.SearchEngineBeforeUnload", "uTorrentBar_DE Customized Web Search");
Found : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Found : user_pref("CT2851647.SearchInNewTabEnabled", true);
Found : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2851647.SearchProtectorEnabled", true);
Found : user_pref("CT2851647.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Found : user_pref("CT2851647.ServiceMapLastCheckTime", "Sat May 05 2012 23:56:59 GMT+0200");
Found : user_pref("CT2851647.SettingsLastCheckTime", "Sat May 05 2012 23:56:59 GMT+0200");
Found : user_pref("CT2851647.SettingsLastUpdate", "1334672272");
Found : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Found : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Sat May 05 2012 23:56:59 GMT+0200");
Found : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2851647.ToolbarDisabled", true);
Found : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Found : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2851647.UserID", "UN02360025128405274");
Found : user_pref("CT2851647.WeatherNetwork", "");
Found : user_pref("CT2851647.WeatherPollDate", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.WeatherUnit", "C");
Found : user_pref("CT2851647.alertChannelId", "1243681");
Found : user_pref("CT2851647.autoDisableScopes", -1);
Found : user_pref("CT2851647.backendstorage.cbcountry_000", "4154");
Found : user_pref("CT2851647.backendstorage.cbfirsttime", "536174204D617920303520323031322032333A35373A30342[...]
Found : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2851647.initDone", true);
Found : user_pref("CT2851647.isAppTrackingManagerOn", true);
Found : user_pref("CT2851647.myStuffEnabled", true);
Found : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2851647.navigateToUrlOnSearch", false);
Found : user_pref("CT2851647.revertSettingsEnabled", true);
Found : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Found : user_pref("CT2851647.testingCtid", "");
Found : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Sat May 05 2012 23:57:00 GMT+0200");
Found : user_pref("CT2851647.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2851647&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar_DE Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9b[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\*****\\AppData\\Roaming\\Mozilla\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Found : user_pref("CommunityToolbar.globalUserId", "e1bcff21-0e4c-4294-ba75-12517c8c3274");
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647");
Found : user_pref("CommunityToolbar.originalHomepage", "www.google.at");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");

*************************

AdwCleaner[R1].txt - [13517 octets] - [17/07/2012 01:57:32]

########## EOF - C:\AdwCleaner[R1].txt - [13646 octets] ##########
         
push und so

Geändert von Arganthos (16.07.2012 um 22:04 Uhr)

Alt 17.07.2012, 16:44   #10
t'john
/// Helfer-Team
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.07.2012, 18:05   #11
Arganthos
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



danke auf jedenfall für die ganze hilfe.. aber die frage hast du mir nicht beantwortet^^ dass meine externe Festplatte kurzzeitig ausgesteckt war - macht das was? war glaub bei einem OTL Test nich dabei - weiß nicht ob das was bedeutet oder nicht..

Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/17/2012 at 18:38:29
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ***** - *****-PC
# Running from : D:\Dateien\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\*****\AppData\Local\Conduit
Folder Deleted : C:\Users\*****\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\*****\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\*****\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\*****\AppData\LocalLow\uTorrentBar_DE
Folder Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\ConduitCommon
Folder Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentBar_DE
File Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\searchplugins\Askcom.xml
File Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Key Deleted : HKLM\SOFTWARE\uTorrentBar_DE

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3tpghtf2.default\prefs.js

Deleted : user_pref("CT2851647..clientLogIsEnabled", false);
Deleted : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2851647.CTID", "CT2851647");
Deleted : user_pref("CT2851647.CurrentServerDate", "6-5-2012");
Deleted : user_pref("CT2851647.DSInstall", true);
Deleted : user_pref("CT2851647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2851647.DialogsGetterLastCheckTime", "Sat May 05 2012 23:57:02 GMT+0200");
Deleted : user_pref("CT2851647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2851647.EMailNotifierPollDate", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.FeedLastCount2532783744689806690", 177);
Deleted : user_pref("CT2851647.FeedPollDate2429156812186649977", "Sun May 06 2012 00:57:01 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813040823546", "Sun May 06 2012 00:57:03 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813130095866", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813224203613", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813230837251", "Sun May 06 2012 00:57:00 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813454291735", "Sun May 06 2012 00:57:03 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813729834876", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813860870021", "Sun May 06 2012 00:57:01 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156814264681793", "Sun May 06 2012 00:57:04 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156814863075366", "Sun May 06 2012 00:57:00 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156815257761081", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2851647.FirstServerDate", "6-5-2012");
Deleted : user_pref("CT2851647.FirstTime", true);
Deleted : user_pref("CT2851647.FirstTimeFF3", true);
Deleted : user_pref("CT2851647.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2851647.HPInstall", true);
Deleted : user_pref("CT2851647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2851647.HomePageProtectorEnabled", true);
Deleted : user_pref("CT2851647.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=[...]
Deleted : user_pref("CT2851647.Initialize", true);
Deleted : user_pref("CT2851647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2851647.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2851647.InstallationId", "fft8A5A.tmp.exe");
Deleted : user_pref("CT2851647.InstallationType", "XPE");
Deleted : user_pref("CT2851647.InstalledDate", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.IsGrouping", false);
Deleted : user_pref("CT2851647.IsInitSetupIni", true);
Deleted : user_pref("CT2851647.IsMulticommunity", false);
Deleted : user_pref("CT2851647.IsOpenThankYouPage", true);
Deleted : user_pref("CT2851647.IsOpenUninstallPage", false);
Deleted : user_pref("CT2851647.IsProtectorsInit", true);
Deleted : user_pref("CT2851647.LanguagePackLastCheckTime", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2851647.LastLogin_3.12.0.8", "Sat May 05 2012 23:57:31 GMT+0200");
Deleted : user_pref("CT2851647.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2851647.Locale", "de");
Deleted : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT2851647.SavedHomepage", "www.google.at");
Deleted : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Deleted : user_pref("CT2851647.SearchEngineBeforeUnload", "uTorrentBar_DE Customized Web Search");
Deleted : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2851647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2851647.SearchProtectorEnabled", true);
Deleted : user_pref("CT2851647.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2851647.ServiceMapLastCheckTime", "Sat May 05 2012 23:56:59 GMT+0200");
Deleted : user_pref("CT2851647.SettingsLastCheckTime", "Sat May 05 2012 23:56:59 GMT+0200");
Deleted : user_pref("CT2851647.SettingsLastUpdate", "1334672272");
Deleted : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Deleted : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Sat May 05 2012 23:56:59 GMT+0200");
Deleted : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2851647.ToolbarDisabled", true);
Deleted : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Deleted : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2851647.UserID", "UN02360025128405274");
Deleted : user_pref("CT2851647.WeatherNetwork", "");
Deleted : user_pref("CT2851647.WeatherPollDate", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.WeatherUnit", "C");
Deleted : user_pref("CT2851647.alertChannelId", "1243681");
Deleted : user_pref("CT2851647.autoDisableScopes", -1);
Deleted : user_pref("CT2851647.backendstorage.cbcountry_000", "4154");
Deleted : user_pref("CT2851647.backendstorage.cbfirsttime", "536174204D617920303520323031322032333A35373A30342[...]
Deleted : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2851647.initDone", true);
Deleted : user_pref("CT2851647.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2851647.myStuffEnabled", true);
Deleted : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2851647.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2851647.revertSettingsEnabled", true);
Deleted : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2851647.testingCtid", "");
Deleted : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Sat May 05 2012 23:57:00 GMT+0200");
Deleted : user_pref("CT2851647.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2851647&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar_DE Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9b[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\*****\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Deleted : user_pref("CommunityToolbar.globalUserId", "e1bcff21-0e4c-4294-ba75-12517c8c3274");
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647");
Deleted : user_pref("CommunityToolbar.originalHomepage", "www.google.at");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");

*************************

AdwCleaner[R1].txt - [13634 octets] - [17/07/2012 01:57:32]
AdwCleaner[S1].txt - [13330 octets] - [17/07/2012 18:38:29]

########## EOF - C:\AdwCleaner[S1].txt - [13459 octets] ##########
         
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 17.07.2012 18:42:51

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	17.07.2012 18:42:59

D:\Dateien\Downloads\USB_MultiBoot2\USB_MultiBoot2\U_CONTENT\wintools\othertools\shman.exe 	gefunden: Riskware.PSWTool.Win32.IEPassView.ah!E1

Gescannt	638172
Gefunden	1

Scan Ende:	17.07.2012 19:03:36
Scan Zeit:	0:20:37
         

Alt 17.07.2012, 19:50   #12
t'john
/// Helfer-Team
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



Sehr gut!

Entferne den Fund.

Zitat:
dass meine externe Festplatte kurzzeitig ausgesteckt war
war sie bei den sonstigen scans dabei? dann kein problem.


Lasse SUPERAntiSpyware laufen: http://www.trojaner-board.de/51871-a...tispyware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.07.2012, 19:57   #13
Arganthos
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



also bei Malwarebytes etc wars dabei, und bei den jetzigen scans auch

Alt 17.07.2012, 20:04   #14
t'john
/// Helfer-Team
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



Gut, melde dich wieder mit dem SUPERAntiSpyware Log - http://www.trojaner-board.de/119659-...tml#post867617
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.07.2012, 20:10   #15
Arganthos
 
Polizeivirus ding.. - Standard

Polizeivirus ding..



soo sorry konnte paar tage nicht

hier die SuperAntySpyware Logs. Paar seltsame Internetseiten und so dabei oO

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/22/2012 at 09:07 PM

Application Version : 5.5.1006

Core Rules Database Version : 8939
Trace Rules Database Version: 6751

Scan type       : Complete Scan
Total Scan Time : 00:50:35

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 651
Memory threats detected   : 0
Registry items scanned    : 69557
Registry threats detected : 0
File items scanned        : 243260
File threats detected     : 534

Adware.Tracking Cookie
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\5WYXXWYF.txt [ /fastclick.net ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\WQD4SYDU.txt [ /bs.serving-sys.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\REY1SNI6.txt [ /ad.360yield.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\9XNP59XC.txt [ /media6degrees.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\WFZJBK8B.txt [ /zanox.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\1B5CVAKX.txt [ /lucidmedia.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\GDMQQE01.txt [ /yieldmanager.net ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\BZHHAVCW.txt [ /mediaplex.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\LZS3F3BK.txt [ /ad.ad-srv.net ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\R8NVANE5.txt [ /imrworldwide.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\XU6K4Z8P.txt [ /serving-sys.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\J3CAYFT6.txt [ /atdmt.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\QTD7UK0T.txt [ /ru4.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\QDF45HHW.txt [ /adbrite.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\LHTF1M4V.txt [ /microsoftwllivemkt.112.2o7.net ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\EHQNTDPF.txt [ /revsci.net ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\OS588CKK.txt [ /doubleclick.net ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\MGTMT3V6.txt [ /advertising.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\XAM7SCGN.txt [ /invitemedia.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\W4K2SV4F.txt [ /adserver.adtechus.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\IE28JWIH.txt [ /ad.zanox.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\480Q4UVA.txt [ /ads.pubmatic.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\OFLCB6DC.txt [ /apmebf.com ]
	C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\FQQKMSAX.txt [ /ad.yieldmanager.com ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\UQP5NLO5.txt [ Cookie:*****@tomtailor.dyntracker.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\037C7QOC.txt [ Cookie:*****@webmasterplan.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\RIP9451H.txt [ Cookie:*****@statcounter.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\3VFQMDRO.txt [ Cookie:*****@lucidmedia.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\ENUW3G7E.txt [ Cookie:*****@mediaplex.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\UI38ZFXQ.txt [ Cookie:*****@a.revenuemax.de/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\QZ2T9U5D.txt [ Cookie:*****@imrworldwide.com/cgi-bin ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\B6QJWDXQ.txt [ Cookie:*****@track.effiliation.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\1NPRTNYI.txt [ Cookie:*****@atdmt.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\JA2A9N1Y.txt [ Cookie:*****@liveperson.net/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\XVAJD0FY.txt [ Cookie:*****@server.lon.liveperson.net/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\AFPE5U14.txt [ Cookie:*****@ad4.adfarm1.adition.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\EZJRAPKV.txt [ Cookie:*****@ru4.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\8XJ7WW12.txt [ Cookie:*****@ad.adnet.de/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\CDFYRSNX.txt [ Cookie:*****@adx.chip.de/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\J21GU0F0.txt [ Cookie:*****@adnetwork.net/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\MXVF63VB.txt [ Cookie:*****@doubleclick.net/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\JZIEYTE5.txt [ Cookie:*****@tracking.quisma.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\7PSXDG61.txt [ Cookie:*****@ad2.adfarm1.adition.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\73TRVKYC.txt [ Cookie:*****@invitemedia.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJBGFPN8.txt [ Cookie:*****@track.effiliation.com/servlet/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\XWB7X0B0.txt [ Cookie:*****@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\64K8J6G2.txt [ Cookie:*****@ad.zanox.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\TN2V77PC.txt [ Cookie:*****@adlegend.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\PIENWMDI.txt [ Cookie:*****@adform.net/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\I7BSCOPF.txt [ Cookie:*****@adfarm1.adition.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\N0NYRSIJ.txt [ Cookie:*****@ad.yieldmanager.com/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\0CKELEI6.txt [ Cookie:*****@eas.apm.emediate.eu/ ]
	C:\USERS\*****\AppData\Roaming\Microsoft\Windows\Cookies\Low\A0Q9QX1O.txt [ Cookie:*****@track.adform.net/ ]
	C:\USERS\*****\Cookies\WQD4SYDU.txt [ Cookie:*****@bs.serving-sys.com/ ]
	C:\USERS\*****\Cookies\1B5CVAKX.txt [ Cookie:*****@lucidmedia.com/ ]
	C:\USERS\*****\Cookies\GDMQQE01.txt [ Cookie:*****@yieldmanager.net/ ]
	C:\USERS\*****\Cookies\BZHHAVCW.txt [ Cookie:*****@mediaplex.com/ ]
	C:\USERS\*****\Cookies\R8NVANE5.txt [ Cookie:*****@imrworldwide.com/cgi-bin ]
	C:\USERS\*****\Cookies\J3CAYFT6.txt [ Cookie:*****@atdmt.com/ ]
	C:\USERS\*****\Cookies\QTD7UK0T.txt [ Cookie:*****@ru4.com/ ]
	C:\USERS\*****\Cookies\LHTF1M4V.txt [ Cookie:*****@microsoftwllivemkt.112.2o7.net/ ]
	C:\USERS\*****\Cookies\OS588CKK.txt [ Cookie:*****@doubleclick.net/ ]
	C:\USERS\*****\Cookies\MGTMT3V6.txt [ Cookie:*****@advertising.com/ ]
	C:\USERS\*****\Cookies\XAM7SCGN.txt [ Cookie:*****@invitemedia.com/ ]
	C:\USERS\*****\Cookies\W4K2SV4F.txt [ Cookie:*****@adserver.adtechus.com/ ]
	C:\USERS\*****\Cookies\IE28JWIH.txt [ Cookie:*****@ad.zanox.com/ ]
	C:\USERS\*****\Cookies\FQQKMSAX.txt [ Cookie:*****@ad.yieldmanager.com/ ]
	s0.2mdn.net [ C:\USERS\*****\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y4QPDY2S ]
	static.eporner.com [ C:\USERS\*****\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y4QPDY2S ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adxpose.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ads.crakmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.game-advertising-online.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.eporner.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	uk.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.harrenmedianetwork.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.googleads.g.doubleclick.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.freaks-toplist.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ads.247activemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ibanner.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.a.revenuemax.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adserver.adtechus.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.mm.chitika.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ads.saymedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ads.saymedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adnet.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	freepornoshop.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.xm.xtendmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.sexad.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pornhub.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pornhub.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.momisnaked.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	uk.sitestat.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track71.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.aim4media.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track1.httptrack.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track2.httptrack.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.shop2market.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.parship.122.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track2.httptrack.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track2.httptrack.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	optimize.indieclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.weborama.fr [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.velux.solution.weborama.fr [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.velux.solution.weborama.fr [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.velux.solution.weborama.fr [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.velux.solution.weborama.fr [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adnetwork.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.teen.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.teen.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.teen.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.teen.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	dk-adserver.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tto2.traffictrack.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track12.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track13.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track1.httptrack.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track1.httptrack.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track12.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track1.httptrack.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track13.solocpm.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track1.httptrack.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	server.adformdsp.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	server.adformdsp.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adformdsp.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.edsa.122.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.mediafire.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.4stats.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	insight.torbit.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	mediaservices-d.openxenterprise.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	adserver.lanxess-arena.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.www.burstnet.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.mmotraffic.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.mmotraffic.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.quartermedia.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	de-fourmedia.videoplaza.tv [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.microsoftsto.112.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	butlers.traffective-tracking.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.retrogamer.dl.mywebsearch.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.mywebsearch.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	zbox.zanox.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.realmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.uk.at.atwola.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.uk.at.atwola.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.evaangelinaxxx.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.evaangelinaxxx.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	pictures.pornskirts.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pictures.pornskirts.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pictures.pornskirts.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.sexkontakt-at.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.sexkontakt-at.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.sexkontakt-at.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pornskirts.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pornskirts.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adxpansion.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.sexypages.at [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.sexypages.at [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	tracking.hostgator.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.yieldmanager.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.flagcounter.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	gr.burstnet.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	account.tera-europe.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adlegend.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.a1.interclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.a1.interclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.a1.interclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.a1.interclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pornofilmpjes.nl [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.pornofilmpjes.nl [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.eporner.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.queerclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.queerclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.queerclick.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	a.clickclicknetwork.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	butlers.traffective-tracking.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	butlers.traffective-tracking.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	butlers.traffective-tracking.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	butlers.traffective-tracking.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	butlers.traffective-tracking.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.c5.zedo.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	tomtailor.dyntracker.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www6.addfreestats.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.zanox-affiliate.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	dc.tremormedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.statsq.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.eporner.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.eporner.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	www.eporner.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.eporner.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.eporner.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.eporner.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.eporner.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ads.crakmedia.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ox-d.secure-clicks.org [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3TPGHTF2.DEFAULT\COOKIES.SQLITE ]
         

Antwort

Themen zu Polizeivirus ding..
.exe, 100 euro, andere, benötige, beste, bytes, downloaden, euro, forum, geschwindigkeit, hello, leitung, möglichkeit, otlpe, otlpenet.exe, paysafecard, polizei, polizei virus, polizeivirus, schei, server, virus



Ähnliche Themen: Polizeivirus ding..


  1. Wie werde ich das Ding wieder los ?
    Plagegeister aller Art und deren Bekämpfung - 22.03.2015 (4)
  2. wie werde ich das Ding wieder los 2
    Log-Analyse und Auswertung - 22.09.2014 (41)
  3. Mysteriöser Ding Ding Sound unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 21.02.2014 (13)
  4. InCrediBar - wie werd ich das Ding wieder los?
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (27)
  5. ein geiles ding :)
    Alles rund um Windows - 20.11.2007 (2)
  6. MSN Ding die xte
    Plagegeister aller Art und deren Bekämpfung - 03.07.2007 (4)
  7. Wie werde ich das Ding los?
    Plagegeister aller Art und deren Bekämpfung - 06.05.2007 (3)
  8. msn ding nochmal
    Mülltonne - 29.04.2007 (0)
  9. Swizzor.A -> wie werde ich das ding los !!!!!!!
    Plagegeister aller Art und deren Bekämpfung - 15.04.2006 (2)
  10. Wieder mal ein komisches Ding eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.02.2006 (6)
  11. Bekomm das Ding net weg
    Log-Analyse und Auswertung - 10.07.2005 (3)
  12. Übles Ding!!
    Plagegeister aller Art und deren Bekämpfung - 20.05.2005 (7)
  13. BDS/AgentAY Wie werde ich das Ding los?
    Log-Analyse und Auswertung - 14.05.2005 (8)
  14. startpage-gw!!! wie werde ich das ding los???
    Log-Analyse und Auswertung - 04.04.2005 (4)
  15. Das fiese Ding will nicht weg!
    Plagegeister aller Art und deren Bekämpfung - 01.02.2005 (9)
  16. TR/Dldr.VBS.Ps.AC.4 Wie kriege ich das Ding weg??
    Plagegeister aller Art und deren Bekämpfung - 20.12.2004 (6)

Zum Thema Polizeivirus ding.. - Hello also ich habe diesen Polizei Virus, der mich auffordert 100 euro per paysafecard zu zahlen.. hab nun schon über dieses forum erfahren dass ich diese otlpenet.exe benötige, aber wenn - Polizeivirus ding.....
Archiv
Du betrachtest: Polizeivirus ding.. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.