Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.08.2012, 20:42   #1
sukai
 
Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) - Ausrufezeichen

Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)



Hallo erstmal.

Also zu meinen Problem; es ist so ich habe heute in der früh in Facebook von einer Freundin eine Nachricht mit einen Bildschirmschoner als Anhang bekommen und alles ich ihn dann aufmachen wollte hat er nicht funktioniert und ich habe mir nichts weiter dabei gedacht und habe ihn gelöscht. Als ich dann den Laptop wenige Stunden später wieder eingeschalten habe hat mir McAfee gesagt, das ich einen Trojaner auf dem PC habe und wenn ich einen Neu-Start mache, das das Problem dann behoben sei, war es aber nicht weil die Meldung immer wieder gekommen ist. Ich habe ungefähr 5 Mal einen Neu-Start gemacht, aber ohne eine Veränderung. Ich habe dann ein wenig gegoogelt, und habe dann gelesen, das es verschiedene Trojaner Remover gibt, also habe ich da zwei ausprobiert ohne Erfolg, und zwar einer hieß Trojan Remover und der andere war McAfee-Stinger und beide waren auf einen Stand vom 17.08.12. Bei beiden hieß es bei Funde: Master Boot Records: 1; Boot Secotor: 1. Ich habe den Stinger auch auf delete gestellt, das hat auch nichts geholfen, weil der Virus danach immer noch auffindbar war. Jetzt hoffe ich das ihr mir weiter helfen könnt,

Also das sind die zwei Trojaner:

Desktop.ini (C:\\Windows\assembly\GAC_64\Desktop.ini)
Desktop.ini (C:\\Windows\assembly\GAC_32\Desktop.ini)

Und das Logfile (mit OTL erstellt) ist hier, ich konnte es leider nicht hochladen, da es zu groß war. Ich weiß leider nicht was ich mit dem Anfange soll, also wenn es da etwas gibt, was ich tun kann, schreibt es mir bitte.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.08.2012 20:23:09 - Run 2
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Saskia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 45,77% Memory free
7,80 Gb Paging File | 5,31 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,63 Gb Total Space | 398,46 Gb Free Space | 88,82% Space Free | Partition Type: NTFS
 
Computer Name: SASKIA-VAIO | User Name: Saskia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Saskia\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\libglesv2.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\libegl.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll ()
MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV - (McODS) -- C:\Programme\McAfee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (DCDhcpService) -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe (Atheros Communication Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (MOBK649backup) -- C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe (McAfee, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (McAWFwk) -- c:\Programme\McAfee\MSC\McAWFwk.exe (McAfee, Inc.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_VDP) -- C:\Windows\SysNative\drivers\btath_vdp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MOBK649Filter) -- C:\Windows\SysNative\drivers\MOBK649.sys (Mozy, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{C5260BA0-983F-44BA-995E-0C3189EBBF55}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.08 20:41:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.08 20:05:13 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.searchcanvas.com/?ot=6
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.searchcanvas.com/?ot=6
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_222.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\
CHR - Extension: Auf den Amazon-Wunschzettel = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\
CHR - Extension: SiteAdvisor = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\
CHR - Extension: Dolce&Gabbana = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\
CHR - Extension: YouTube to MP3 Converter = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\
CHR - Extension: Webcam Toy = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.3.5_0\
CHR - Extension: Qtube = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\systemcore\ScriptSn.20120808134733.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120808134734.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [McAfeeWrapperApplication] C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BD1628F-DBBC-4511-9909-604C66370048}: DhcpNameServer = 192.54.112.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEF2AEF0-23A1-4B0E-BA0E-D09424F4A880}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\Shell - "" = AutoRun
O33 - MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.20 19:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.08.20 19:18:38 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.08.20 19:07:38 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.08.20 19:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012.08.20 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Simply Super Software
[2012.08.20 18:54:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.08.20 18:54:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Simply Super Software
[2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.08.20 18:47:46 | 010,488,608 | ---- | C] (Simply Super Software                                       ) -- C:\Users\Saskia\Desktop\trjsetup682.exe
[2012.08.20 09:30:56 | 000,000,000 | RHSD | C] -- C:\Users\Saskia\M-10-6897-8685-3464
[2012.08.19 01:03:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.18 00:17:19 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\PhotoScape
[2012.08.18 00:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.08.18 00:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2012.08.17 23:49:09 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Programs
[2012.08.17 23:45:45 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\SoftGrid Client
[2012.08.17 23:45:41 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\SoftGrid Client
[2012.08.17 23:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012.08.17 23:45:00 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\WebCam Media
[2012.08.17 23:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.08.17 23:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.08.17 23:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012.08.17 23:43:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\TP
[2012.08.16 12:59:22 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\CrashDumps
[2012.08.15 23:50:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 23:50:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 23:50:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 23:50:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 23:50:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 23:50:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.15 23:50:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.15 23:50:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.15 23:50:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 23:50:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.15 23:50:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.15 23:50:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 23:50:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 21:44:45 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Windows Live
[2012.08.15 21:43:19 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\{F7FE94E3-298B-4C11-8E1C-E9F37E0AF4A1}
[2012.08.15 20:29:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Apple Computer
[2012.08.15 20:29:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Apple Computer
[2012.08.15 20:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.08.15 20:28:50 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.08.15 20:28:50 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012.08.15 20:28:50 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.08.15 20:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.08.15 20:24:51 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Apple
[2012.08.15 20:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.08.15 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.08.15 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.08.15 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.08.15 20:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.08.15 20:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.08.15 16:13:09 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 16:12:17 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 16:12:16 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 16:12:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 16:06:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 16:06:58 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 16:06:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 16:06:37 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.13 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\ArcSoft
[2012.08.13 19:35:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\ArcSoft
[2012.08.12 18:46:23 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Microsoft Games
[2012.08.08 17:51:45 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.08.08 17:39:57 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.08.08 17:39:57 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.08.08 17:39:56 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.08.08 14:13:19 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.08.08 14:13:17 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.08.08 14:13:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.08.08 13:48:29 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.08.08 13:48:14 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012.08.08 13:48:11 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012.08.08 13:48:02 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.08.08 13:47:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.08.08 13:47:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.08.08 12:29:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.08.08 12:29:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.08.08 12:29:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.08.08 12:27:55 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.08.08 12:27:54 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.08.08 12:16:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.08.08 11:11:33 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.08.08 11:11:31 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.08.08 10:01:07 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.08.08 10:01:00 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.08.08 10:00:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.08.08 09:53:40 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.08.08 09:53:11 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.08.08 09:53:08 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.08.08 08:23:48 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.08.08 08:23:48 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.08.08 08:21:03 | 000,000,000 | ---D | C] -- C:\VAIO Entertainment
[2012.08.08 08:17:12 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.08.08 08:17:12 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.08.08 08:17:12 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.08.08 08:16:52 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.08.08 08:16:52 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.08.08 08:16:52 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.08.08 08:16:38 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.08.08 08:16:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.08.08 08:06:48 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Skype
[2012.08.07 18:45:56 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.08.07 18:11:09 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Sony PMB
[2012.08.07 18:07:44 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Google
[2012.08.07 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Apps
[2012.08.07 18:06:28 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Deployment
[2012.08.07 18:03:06 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Adobe
[2012.08.07 18:02:49 | 000,000,000 | ---D | C] -- C:\Update
[2012.08.07 18:01:22 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Sony Corporation
[2012.08.07 17:59:39 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Atheros
[2012.08.07 17:59:04 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Intel Corporation
[2012.08.07 17:59:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool
[2012.08.07 17:58:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.08.07 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\BMExplorer
[2012.08.07 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Bluetooth Folder
[2012.08.07 17:58:47 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Atheros
[2012.08.07 17:58:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Sony Corporation
[2012.08.07 17:58:12 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.07 17:58:12 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Searches
[2012.08.07 17:58:12 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.07 17:57:58 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Identities
[2012.08.07 17:57:56 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Contacts
[2012.08.07 17:57:54 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\VirtualStore
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Vorlagen
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Verlauf
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Temporary Internet Files
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Startmenü
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\SendTo
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Recent
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Netzwerkumgebung
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Lokale Einstellungen
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Videos
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Musik
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Eigene Dateien
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Bilder
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Druckumgebung
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Cookies
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Anwendungsdaten
[2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Anwendungsdaten
[2012.08.07 17:56:16 | 000,000,000 | --SD | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Videos
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Saved Games
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Pictures
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Music
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Links
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Favorites
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Downloads
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Documents
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Desktop
[2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.07 17:56:16 | 000,000,000 | -H-D | C] -- C:\Users\Saskia\AppData
[2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Temp
[2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Microsoft
[2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Media Center Programs
[2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Macromedia
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.08.07 16:52:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.20 20:23:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000UA.job
[2012.08.20 20:13:59 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.08.20 20:02:41 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 20:02:41 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 19:54:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.20 19:54:41 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.20 18:54:13 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.08.20 18:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.20 18:53:47 | 010,488,608 | ---- | M] (Simply Super Software                                       ) -- C:\Users\Saskia\Desktop\trjsetup682.exe
[2012.08.19 01:03:34 | 001,642,498 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.19 01:03:34 | 000,697,532 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.19 01:03:34 | 000,652,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.19 01:03:34 | 000,148,538 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.19 01:03:34 | 000,121,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.18 00:22:51 | 000,005,120 | -H-- | M] () -- C:\Users\Saskia\Desktop\photothumb.db
[2012.08.18 00:14:15 | 000,001,035 | ---- | M] () -- C:\Users\Saskia\Desktop\PhotoScape.lnk
[2012.08.17 23:58:48 | 000,016,279 | ---- | M] () -- C:\Users\Saskia\AppData\Local\recently-used.xbel
[2012.08.16 12:58:10 | 000,300,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 20:28:57 | 000,001,801 | ---- | M] () -- C:\Users\Saskia\Desktop\iTunes.lnk
[2012.08.15 19:05:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 19:05:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 16:52:38 | 000,002,461 | ---- | M] () -- C:\Users\Saskia\Desktop\Google Chrome.lnk
[2012.08.14 15:55:18 | 000,000,393 | ---- | M] () -- C:\Users\Saskia\AppData\Local\HamsterVideoConverterSettings.cfg
[2012.08.13 22:15:09 | 000,007,195 | ---- | M] () -- C:\Windows\SysWow64\SystemData.xml
[2012.08.10 18:26:41 | 001,613,328 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.08 08:23:08 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000Core.job
[2012.08.07 17:57:51 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_SVE1711F1EW.mrk
[2012.08.07 17:57:51 | 000,000,000 | RH-- | M] () -- C:\Windows\SysNative\drivers\104D_Sony_SVE1711F1EW.mrk
[2012.08.07 16:54:09 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.08.07 16:54:09 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.20 18:54:13 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.08.20 18:54:09 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012.08.20 18:54:09 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.08.20 18:54:09 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012.08.20 18:54:09 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.08.20 16:57:10 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\L\00000004.@
[2012.08.18 00:17:35 | 000,005,120 | -H-- | C] () -- C:\Users\Saskia\Desktop\photothumb.db
[2012.08.18 00:14:15 | 000,001,035 | ---- | C] () -- C:\Users\Saskia\Desktop\PhotoScape.lnk
[2012.08.17 23:58:48 | 000,016,279 | ---- | C] () -- C:\Users\Saskia\AppData\Local\recently-used.xbel
[2012.08.15 20:28:57 | 000,001,801 | ---- | C] () -- C:\Users\Saskia\Desktop\iTunes.lnk
[2012.08.15 20:24:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.08.14 15:55:17 | 000,000,393 | ---- | C] () -- C:\Users\Saskia\AppData\Local\HamsterVideoConverterSettings.cfg
[2012.08.13 22:15:09 | 000,007,195 | ---- | C] () -- C:\Windows\SysWow64\SystemData.xml
[2012.08.07 19:10:40 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012.08.07 18:45:58 | 000,002,461 | ---- | C] () -- C:\Users\Saskia\Desktop\Google Chrome.lnk
[2012.08.07 18:07:46 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000UA.job
[2012.08.07 18:07:46 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000Core.job
[2012.08.07 17:58:29 | 000,001,409 | ---- | C] () -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.08.07 17:58:19 | 000,001,443 | ---- | C] () -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.07 17:57:51 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_SVE1711F1EW.mrk
[2012.08.07 17:57:51 | 000,000,000 | RH-- | C] () -- C:\Windows\SysNative\drivers\104D_Sony_SVE1711F1EW.mrk
[2012.08.07 17:57:45 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited.lnk
[2012.08.07 16:52:07 | 3142,864,896 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.09 18:28:10 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.03.15 21:57:54 | 013,206,016 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.15 21:57:54 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.15 21:57:54 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.15 21:57:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.15 21:57:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.24 02:27:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@
[2012.02.24 02:27:20 | 000,002,048 | -HS- | C] () -- C:\Users\Saskia\AppData\Local\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.02.11 01:03:27 | 001,642,498 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.08.18 00:20:45 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\PhotoScape
[2012.08.20 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\Simply Super Software
[2012.08.18 01:21:50 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\SoftGrid Client
[2012.08.17 23:46:02 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\TP
[2009.07.14 07:08:49 | 000,011,710 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
         
--- --- ---


Ich hoffe ihr könnt mir helfen, ich weiß nicht mehr weiter^^
Neu installieren kann ich ihn nicht, weil ich kein Betriebssystem auf CD habe.
'tschuldiung, wenns so einen Ähnlichen Theat schon gibt, ich habe nämlich keinen gefunden.



Mfg~
Sukai

Geändert von sukai (20.08.2012 um 20:52 Uhr)

Alt 20.08.2012, 21:54   #2
t'john
/// Helfer-Team
 
Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) - Standard

Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox 
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{C5260BA0-983F-44BA-995E-0C3189EBBF55}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=http://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) 
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) 
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\Shell - "" = AutoRun 
O33 - MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true 
[2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software 
[2012.08.20 18:47:46 | 010,488,608 | ---- | C] (Simply Super Software ) -- C:\Users\Saskia\Desktop\trjsetup682.exe 

 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9 
[2012.08.20 20:23:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000UA.job 
[2012.08.19 01:03:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi 
[2012.08.08 08:23:08 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000Core.job 
[2012.08.20 16:57:10 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\L\00000004.@ 
[2012.08.07 18:07:44 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Google 
[2012.02.24 02:27:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@ 
[2012.02.24 02:27:20 | 000,002,048 | -HS- | C] () -- C:\Users\Saskia\AppData\Local\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@ 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________

Alt 21.08.2012, 00:35   #3
sukai
 
Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) - Standard

Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)



danke, ich hoffe das war das richtige Logfile, das hat sich einfach geöffnet gehabt, nach dem neu Start

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
File move failed. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll scheduled to be moved on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C5260BA0-983F-44BA-995E-0C3189EBBF55}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5260BA0-983F-44BA-995E-0C3189EBBF55}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\ not found.
File "D:\WD SmartWare.exe" autoplay=true not found.
C:\ProgramData\Simply Super Software\Trojan Remover\Data folder moved successfully.
C:\ProgramData\Simply Super Software\Trojan Remover folder moved successfully.
C:\ProgramData\Simply Super Software folder moved successfully.
C:\Users\Saskia\Desktop\trjsetup682.exe moved successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000UA.job moved successfully.
C:\Config.Msi folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000Core.job moved successfully.
C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\L\00000004.@ moved successfully.
C:\Users\Saskia\AppData\Local\Google\Update\Install folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96} folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\21.0.1180.79 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D} folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D} folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Update\Download folder moved successfully.
Folder move failed. C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115 scheduled to be moved on reboot.
C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.111 folder moved successfully.
Folder move failed. C:\Users\Saskia\AppData\Local\Google\Update scheduled to be moved on reboot.
C:\Users\Saskia\AppData\Local\Google\CrashReports folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Temp folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\SwiftShader folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Sync Data folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.uploadc.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.supersonicads.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.samplicio.us folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.novamov.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.mcgame.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.filebox.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.disorlike.tv folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.das-automagazin.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.dailymotion.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.bet365.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.baur.de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#videoplayer.ru folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#va1de.sftcdn.net folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#track.webgains.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#static.putlocker.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#ssl.hurra.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#rutube.ru folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#res.brandwire.tv folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#relevantid.imperium.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#randomc.net folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#portal.myview.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#p.kiwi.kz folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#mr1mr.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#members.bet365.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#lads.myspace.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#images.mefeedia.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#iframe.sponsorpay.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#hwcdn.veevr.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#heias.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#embed.videoweed.es folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#embed.novamov.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#delivery.ibanner.de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#de-castaclip.cdn.videoplaza.tv folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#chatango.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#cdn.visiblemeasures.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#ads.heias.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#aa.online-metrix.net folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\##\www.auxmoney-partnerprogramm.de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\##\images-na.ssl-images-amazon.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\## folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.videozer.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.uploadc.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.supersonicads.com\delivery\flash\cookies.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.supersonicads.com\delivery\flash folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.supersonicads.com\delivery folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.supersonicads.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.samplicio.us folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.novamov.com\player\novaplayerv3.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.novamov.com\player folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.novamov.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.mcgame.com\assets\flowplayer\flowplayer.commercial-3.2.7.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.mcgame.com\assets\flowplayer folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.mcgame.com\assets folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.mcgame.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.filebox.com\flowplayer.commercial-3.2.7.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.filebox.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.dailymotion.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.bet365.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.baur.de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.auxmoney-partnerprogramm.de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\vox-static.liverail.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\videoplayer.ru folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\va1de.sftcdn.net\shared\flash\rs\storage.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\va1de.sftcdn.net\shared\flash\rs folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\va1de.sftcdn.net\shared\flash folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\va1de.sftcdn.net\shared folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\va1de.sftcdn.net folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\track.webgains.com\wg.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\track.webgains.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\static.putlocker.com\video_player.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\static.putlocker.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\ssl.hurra.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\s.ytimg.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\rutube.ru\player.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\rutube.ru folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\res.brandwire.tv\scdn\content\brandwire\PublishingContainer.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\res.brandwire.tv\scdn\content\brandwire folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\res.brandwire.tv\scdn\content folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\res.brandwire.tv\scdn folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\res.brandwire.tv folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\relevantid.imperium.com\dedupe.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\relevantid.imperium.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\randomc.net folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\portal.myview.com\MyView\flash folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\portal.myview.com\MyView folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\portal.myview.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\p.kiwi.kz folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\mr1mr.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\members.bet365.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\lads.myspace.com\videos\MSVideoPlayer.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\lads.myspace.com\videos folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\lads.myspace.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\images.mefeedia.com\flowplayer.commercial-3.2.7.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\images.mefeedia.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\images-na.ssl-images-amazon.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\iframe.sponsorpay.com\flash\flashcookie.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\iframe.sponsorpay.com\flash folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\iframe.sponsorpay.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com\q4z7c2x6\cds\swf\f#\lowplayer.commercial-3.2.12.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com\q4z7c2x6\cds\swf\f# folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com\q4z7c2x6\cds\swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com\q4z7c2x6\cds folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com\q4z7c2x6 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\heias.com\x\heias_sc.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\heias.com\x folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\heias.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.videoweed.es\player\weedplayerv3.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.videoweed.es\player folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.videoweed.es folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.novamov.com\player\novaplayerv5.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.novamov.com\player folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.novamov.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\delivery.ibanner.de\ibanner\snacktv\STVPlayer_beta.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\delivery.ibanner.de\ibanner\snacktv folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\delivery.ibanner.de\ibanner folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\delivery.ibanner.de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\de-castaclip.cdn.videoplaza.tv folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\chatango.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\cdn.visiblemeasures.com\swf\as3\AS3SOHandler.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\cdn.visiblemeasures.com\swf\as3 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\cdn.visiblemeasures.com\swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\cdn.visiblemeasures.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\cdn-static.liverail.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\ads.heias.com\images\tmp\7928 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\ads.heias.com\images\tmp folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\ads.heias.com\images folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\ads.heias.com folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\aa.online-metrix.net\fpc.swf folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\aa.online-metrix.net folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\DXREGD63 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Media Cache folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.3.5_0\__MACOSX folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.3.5_0 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\zh_TW folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\zh_HK folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\zh_CN folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\vi folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\uk folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\tr folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\th folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\te folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ta folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\sv folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\sr folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\sl folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\sk folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ru folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ro folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\pt_PT folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\pt_BR folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\pl folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\or folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\no folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\nl folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\mr folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ml folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\lv folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\lt folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ko folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\kn folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ja folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\iw folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\it folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\id folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\hu folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\hr folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\hi folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\gu folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\fr folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\fil folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\fi folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\et folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\es_419 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\es folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\en_GB folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\en folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\el folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\da folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\cs folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ca folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\bn folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\bg folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ar folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\i folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\Resources folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\zh folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\ja folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\it folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\fr folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\en_GB folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\en folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\zh folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\us folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\uk folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\jp folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\ja folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\it folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\fr folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\en folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\cn folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\ca folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\images folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\contentScripts folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\backgroundScripts folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\zh folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\ja folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\it folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\fr folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\es folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\en_GB folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\en folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\zh folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\us folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\uk folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\jp folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\ja folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\it folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\fr folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\es folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\en folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\de folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\cn folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\ca folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\images folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\contentScripts folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\backgroundScripts folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\_locales\en folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\_locales folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\w1 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\w0 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\t1 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\t0 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\i\f folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\i folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extension State folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.playworld.de_0 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\databases folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Cache folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Application Cache folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\User Data folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\Dictionaries folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\VisualElements folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\Locales folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\Installer folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\Extensions folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\default_apps folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\VisualElements folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\PepperFlash folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\Locales folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\Installer folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\Extensions folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\default_apps folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome\Application folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Chrome folder moved successfully.
Folder move failed. C:\Users\Saskia\AppData\Local\Google scheduled to be moved on reboot.
C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@ moved successfully.
C:\Users\Saskia\AppData\Local\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Saskia\Desktop\cmd.bat deleted successfully.
C:\Users\Saskia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Saskia
->Temp folder emptied: 47672215 bytes
->Temporary Internet Files folder emptied: 70691904 bytes
->Flash cache emptied: 57510 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 656752016 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68864 bytes
RecycleBin emptied: 15642408 bytes
 
Total Files Cleaned = 754,00 mb
 
 
OTL by OldTimer - Version 3.2.58.1 log created on 08212012_002706

Files\Folders moved on Reboot...
File move failed. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll scheduled to be moved on reboot.
C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115 folder moved successfully.
C:\Users\Saskia\AppData\Local\Google\Update folder moved successfully.
C:\Users\Saskia\AppData\Local\Google folder moved successfully.
C:\Users\Saskia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Saskia\AppData\Local\Temp\trayicon-2520-20120820-195521.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/21/2012 at 01:53:22
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Saskia - SASKIA-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Saskia\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :          "urls_to_restore_on_startup": [ "hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731" ]
Found :       "urls_to_restore_on_startup": [ "hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731" ]

*************************

AdwCleaner[R1].txt - [1045 octets] - [21/08/2012 01:53:22]

########## EOF - C:\AdwCleaner[R1].txt - [1173 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/21/2012 at 01:55:06
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Saskia - SASKIA-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Saskia\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :          "urls_to_restore_on_startup": [ "hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731" ]
Deleted :       "urls_to_restore_on_startup": [ "hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731" ]

*************************

AdwCleaner[R1].txt - [1172 octets] - [21/08/2012 01:53:22]
AdwCleaner[S1].txt - [1069 octets] - [21/08/2012 01:55:06]

########## EOF - C:\AdwCleaner[S1].txt - [1197 octets] ##########
         
so ich habe jetzt alles gemacht wie es in den Schritten stand. bin ich jetzt Trojaner frei?
__________________

Alt 21.08.2012, 04:23   #4
t'john
/// Helfer-Team
 
Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) - Standard

Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)



Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.08.2012, 10:25   #5
sukai
 
Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) - Standard

Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)



ich habe gerade noch ein mal McAfee durchlaufen lassen, und es heißt ich habe immer noch zwei Viren infizierte Dateien auf dem PC. Der Emsisoft AnitMaleware wird gerade heruntergeladen, wird er die zwei Dateien löschen oder so?


Alt 21.08.2012, 16:41   #6
t'john
/// Helfer-Team
 
Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) - Standard

Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)



werden wir sehen.
__________________
--> Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)

Alt 05.10.2012, 03:34   #7
t'john
/// Helfer-Team
 
Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) - Standard

Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)
80-100, autorun, bho, bildschirmschoner, bingbar, bonjour, converter, desktop.ini, downloader, explorer, firefox, flash player, format, google, home, homepage, logfile, mp3, problem, realtek, registry, scan, siteadvisor, super, trojaner, trojaner zero access, usb, usb 3.0, virus, wildtangent games, windows, wlan



Ähnliche Themen: Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)


  1. Habe Trojaner: Trojan.Zeroaccess.C, Trojan.Zeroaccess.B,Trojan.Gen.2
    Log-Analyse und Auswertung - 10.11.2013 (3)
  2. facebook.vbs auf Digitalkamera/USB (Desktop-PC: XP)
    Log-Analyse und Auswertung - 21.10.2013 (29)
  3. da warens nur noch 3: "assembly\GAC_32(64)\Desktop.ini" & "Fehlercode 0x80070424"
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (17)
  4. McAfee Viren,Trojaner Isolieren Fehlgeschlagen Löschen ist nicht möglich C:Windows\assembly\GAC_32\Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (6)
  5. Trojaner ZeroAccess.hi in Desktop.ini nicht löschbar von McAfee Internet Security
    Log-Analyse und Auswertung - 02.11.2012 (9)
  6. ZeroAccess Trojaner in der Desktop.ini gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (11)
  7. Zeroaccess Trojaner in c:\windows\sassembly\GAC\Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (11)
  8. c:/windows/assembly/GAC_64 Trojaner: Dropper.Generic28.ANIC
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (5)
  9. G Date meldet Virus in GAC_32 + GAC_64
    Log-Analyse und Auswertung - 13.07.2012 (7)
  10. "C:\Windows\assembly\GAC_MSIL\Desktop.ini" kann nicht entfernt werden!
    Log-Analyse und Auswertung - 11.04.2012 (2)
  11. Win32/Sirefef.DN Trojaner im Arbeitsspeicher c:\windows\assembly\GAC_32\Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (3)
  12. Mehrere Trojaner gefunden in windows/assembly/tmp/u vermutlich nach OTR Benutzung
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (47)
  13. Generic Backdoor!dxf Trojaner in C:\Windows\assembly\GAC_MSIL\Desktop.ini
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (37)
  14. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  15. Trojan:win64/sirefef.b in file:C:\Windows\assembly\tmp\U\800000cb.@
    Plagegeister aller Art und deren Bekämpfung - 29.08.2011 (13)
  16. Facebook Trojaner/Virus Windows Vista
    Mülltonne - 28.08.2011 (2)
  17. TR/ATRAPS.Gen2 (Troianer) in 'C:\Windows\assembly\tmp\U\800000cf.@'
    Plagegeister aller Art und deren Bekämpfung - 19.08.2011 (28)

Zum Thema Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) - Hallo erstmal. Also zu meinen Problem; es ist so ich habe heute in der früh in Facebook von einer Freundin eine Nachricht mit einen Bildschirmschoner als Anhang bekommen und alles - Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)...
Archiv
Du betrachtest: Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.