| |
| |||||||
Log-Analyse und Auswertung: "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötigWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.12.2012, 22:47
| #1 |
 |  "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig Hallo, bei mir kam beim Googlen häufig die bekannte "Ungewöhnlicher Datenverkehr aus Ihrem Netzwerk"-Meldung, obwohl ich den Rechner alleine und ohne WLAN benutze. Außerdem brauchten viele Websites einen zweiten Anlauf, um geladen zu werden. Ich habe daraufhin Spybot und Malwarebytes je einen vollständigen Scan machen lassen - Spybot fand und entfernte 191 Bedrohungen der Stufe 5, Malwarebytes fand danach keine infizierten Dateien. Ich habe das Updaten bisher immer automatisch von Windows 7 beim Runterfahren erledigen lassen, das war offenbar nicht ausreichend, denn heute morgen habe ich mal selber auf Updaten geklickt, was zur erstmaligen Installation des SP 1 führte. Meine Festplatte ist vollständig mit Truecrypt verschlüsselt. aswMBR.exe (nach Anleitung aus diesem Forum) brachte mir gerade eben folgendes Ergebnis: --- aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-17 22:25:59 ----------------------------- 22:25:59.529 OS Version: Windows x64 6.1.7601 Service Pack 1 22:25:59.529 Number of processors: 2 586 0x602 22:25:59.529 ComputerName: **** UserName: **** 22:26:04.771 Initialize success 22:27:58.806 AVAST engine defs: 12121702 22:38:10.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 22:38:10.608 Disk 0 Vendor: STM3500418AS CC38 Size: 476940MB BusType: 3 22:38:10.608 Disk 0 MBR read successfully 22:38:10.624 Disk 0 MBR scan 22:38:10.640 Disk 0 unknown MBR code 22:38:10.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 100 MB offset 2048 22:38:10.671 Disk 0 Partition 2 00 07 HPFS/NTFS 476838 MB offset 206848 22:38:10.686 Disk 0 scanning C:\Windows\system32\drivers 22:38:10.702 Service scanning 22:38:45.724 Modules scanning 22:38:45.740 Disk 0 trace - called modules: 22:38:45.755 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80043c92c0]<<spdt.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 22:38:45.755 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800465b060] 22:38:45.771 3 CLASSPNP.SYS[fffff88001bc643f] -> nt!IofCallDriver -> [0xfffffa800463d580] 22:38:45.786 5 ACPI.sys[fffff880010437a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004635060] 22:38:45.802 \Driver\atapi[0xfffffa800445be70] -> IRP_MJ_CREATE -> 0xfffffa80043c92c0 22:38:48.657 AVAST engine scan C:\Windows 22:38:48.672 AVAST engine scan C:\Windows\system32 22:38:48.688 AVAST engine scan C:\Windows\system32\drivers 22:38:48.704 AVAST engine scan C:\Users\**** 22:38:48.735 AVAST engine scan C:\ProgramData 22:38:48.750 Scan finished successfully 22:39:13.960 Disk 0 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat" 22:39:13.960 The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR2.txt" --- Kann mir jemand helfen? Versteckt sich ein Rootkit auf dem Rechner? edit: Habe noch einen aktuellen OTL-QuickScan durchgeführt. Hier das Log: Code:
ATTFilter OTL logfile created on: 17.12.2012 23:03:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 71,29% Memory free 7,50 Gb Paging File | 6,17 Gb Available in Paging File | 82,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 6,25 Gb Free Space | 1,34% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.16 21:58:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2012.12.11 17:43:56 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 17:43:39 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.11 17:43:38 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010.03.16 19:14:47 | 001,415,632 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe PRC - [2009.06.24 22:24:08 | 005,782,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ========== Modules (No Company Name) ========== MOD - [2009.06.24 22:24:08 | 005,782,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe MOD - [2009.03.25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll MOD - [2006.01.10 09:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.02.03 05:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.12.12 14:19:10 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.11 20:18:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.11 17:43:56 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 17:43:39 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.07 19:21:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.02.02 12:27:36 | 000,324,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 17:44:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 17:44:02 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.14 01:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2011.02.14 01:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2011.02.14 01:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.04 20:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.05.05 16:36:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.04.08 12:52:24 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.04.08 12:52:24 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.02.03 05:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.02.03 05:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.02.03 04:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.24 11:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.14 02:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.05.05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 41 77 20 DA DB CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=EAC&o=102388&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=QE&apn_dtid=&apn_uid=933E722D-05F3-45CE-8945-9F030576B5B7&apn_sauid=4707CA0A-B9FD-4DBF-BDDC-8C3780262386 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.6 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.67 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=EAC&o=102388&locale=de_DE&apn_uid=933E722D-05F3-45CE-8945-9F030576B5B7&apn_ptnrs=QE&apn_sauid=4707CA0A-B9FD-4DBF-BDDC-8C3780262386&apn_dtid=&q=" FF - prefs.js..network.proxy.http: "41.89.211.5" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.socks: "85.131.163.219" FF - prefs.js..network.proxy.socks_port: 3128 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\****\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 19:21:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 19:21:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.03 14:17:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 19:21:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 19:21:43 | 000,000,000 | ---D | M] [2011.06.28 16:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2011.06.28 16:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.16 13:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\06h5jpt2.default\extensions [2012.12.16 13:03:57 | 000,689,618 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\06h5jpt2.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2012.11.24 11:22:24 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\06h5jpt2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.05.15 09:33:25 | 000,002,387 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\06h5jpt2.default\searchplugins\askcom.xml [2012.12.07 19:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.07 19:21:47 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.29 12:41:02 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2012.02.14 10:33:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 20:50:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.14 10:33:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.14 10:33:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.14 10:33:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.14 10:33:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [TrueCrypt] C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3209BDA-3FD1-4A19-9A87-D77FDBC87E0B}: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6b57dd28-585c-11df-bdb7-90e6ba0759c7}\Shell - "" = AutoRun O33 - MountPoints2\{6b57dd28-585c-11df-bdb7-90e6ba0759c7}\Shell\AutoRun\command - "" = E:\autorun_setup.bat O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.17 22:17:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe [2012.12.17 11:38:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.12.17 11:29:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.12.16 21:58:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.12.16 21:54:23 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.12.16 20:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.12.16 20:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2012.12.16 20:42:52 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2012.12.16 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2012.12.16 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Programs [2012.12.16 20:39:50 | 055,454,464 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\****\Desktop\SpybotSD2_2.0.12.exe [2012.12.16 20:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.16 20:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.16 20:28:30 | 004,077,368 | ---- | C] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup325.exe [2012.12.16 19:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.12.16 19:51:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.12.16 19:39:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Wireshark [2012.12.16 19:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2012.12.16 19:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2012.12.16 19:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark [2012.12.16 19:29:03 | 026,641,872 | ---- | C] (Wireshark development team) -- C:\Users\****\Desktop\Wireshark-win64-1.8.4.exe [2012.12.14 12:47:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\musik [2012.12.07 19:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.04 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Apple Computer [2012.12.03 14:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.03 14:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.12.03 14:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.12.03 14:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.12.03 14:15:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple [2012.12.03 14:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.12.03 14:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.11.24 13:47:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\To the Moon - Freebird Games [2012.11.18 11:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2011.11.07 11:22:48 | 005,082,084 | ---- | C] (The Public) -- C:\Users\****\AppData\Roaming\Avisynth.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.17 22:56:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.17 22:39:13 | 000,000,512 | ---- | M] () -- C:\Users\****\Desktop\MBR.dat [2012.12.17 22:37:30 | 000,013,767 | ---- | M] () -- C:\Users\****\Desktop\Unbenannt 1.odt [2012.12.17 22:18:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe [2012.12.17 22:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.17 22:12:22 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\0srsw8jz.exe [2012.12.17 21:16:19 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 21:16:19 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 21:15:34 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.17 21:15:34 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.17 21:15:34 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.17 21:15:34 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.17 21:15:34 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.17 21:09:14 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.17 21:08:44 | 000,303,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.17 21:08:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.17 21:08:18 | 3019,227,136 | -HS- | M] () -- C:\hiberfil.sys [2012.12.16 22:02:17 | 000,089,088 | ---- | M] () -- C:\Windows\SysNative\mbr.exe [2012.12.16 21:58:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.12.16 20:42:57 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012.12.16 20:42:06 | 055,454,464 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\****\Desktop\SpybotSD2_2.0.12.exe [2012.12.16 20:28:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.16 20:28:38 | 004,077,368 | ---- | M] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup325.exe [2012.12.16 19:51:16 | 000,002,971 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis.lnk [2012.12.16 19:50:20 | 001,402,880 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis.msi [2012.12.16 19:30:27 | 026,641,872 | ---- | M] (Wireshark development team) -- C:\Users\****\Desktop\Wireshark-win64-1.8.4.exe [2012.12.14 14:13:19 | 000,024,321 | ---- | M] () -- C:\Users\****\Desktop\top10_2011.odt [2012.12.14 12:11:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.13 21:58:43 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.11 17:44:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 17:44:02 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.09 19:03:39 | 000,024,610 | ---- | M] () -- C:\Users\****\Desktop\OpenDocument Text (neu).odt [2012.12.07 19:24:56 | 000,006,437 | ---- | M] () -- C:\Users\****\Desktop\parada.(4618777).nfo [2012.11.30 11:03:25 | 057,611,821 | ---- | M] () -- C:\Users\****\Desktop\20121124-1700.mp3 [2012.11.18 11:48:40 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.17 22:37:27 | 000,013,767 | ---- | C] () -- C:\Users\****\Desktop\Unbenannt 1.odt [2012.12.17 22:25:43 | 000,000,512 | ---- | C] () -- C:\Users\****\Desktop\MBR.dat [2012.12.17 22:12:18 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\0srsw8jz.exe [2012.12.16 22:02:12 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\mbr.exe [2012.12.16 20:42:57 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2012.12.16 20:42:57 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012.12.16 20:28:58 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.16 19:51:16 | 000,002,971 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis.lnk [2012.12.16 19:50:17 | 001,402,880 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis.msi [2012.12.16 19:32:03 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2012.12.14 12:11:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.07 19:25:16 | 000,006,437 | ---- | C] () -- C:\Users\****\Desktop\parada.(4618777).nfo [2012.12.03 14:15:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.30 10:44:02 | 057,611,821 | ---- | C] () -- C:\Users\****\Desktop\20121124-1700.mp3 [2012.11.18 11:48:40 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011.11.07 11:24:03 | 000,034,936 | ---- | C] () -- C:\Windows\SysWow64\uninstHelixYUV.exe [2011.11.07 11:23:08 | 005,243,208 | ---- | C] ( ) -- C:\Users\****\AppData\Roaming\AvsP.exe [2011.08.11 16:32:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.08.11 16:32:43 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.05.14 12:34:07 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2011.05.14 12:34:07 | 000,002,315 | ---- | C] () -- C:\Windows\unins000.dat [2010.06.23 18:09:40 | 000,002,049 | ---- | C] () -- C:\Users\****\.recently-used.xbel ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.04.23 12:56:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASCOMP Software [2010.05.05 16:44:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Big Fish Games [2011.07.31 21:39:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\calibre [2010.04.19 06:58:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2010.05.05 16:41:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2010.06.08 14:13:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Downloaded Installations [2011.11.05 16:47:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EAC [2012.03.08 13:29:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\elsterformular [2010.03.16 19:04:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Exodus [2012.12.17 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\foobar2000 [2010.06.23 18:09:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2010.05.26 15:12:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Jubler [2012.02.01 13:50:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LibreOffice [2011.01.25 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LucasArts [2010.06.08 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro PDF [2010.03.16 20:11:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org [2010.11.11 13:43:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PixelPlanet [2010.12.01 18:10:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ProtectDISC [2011.06.28 16:25:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2012.11.24 14:38:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\To the Moon - Freebird Games [2010.03.20 17:56:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TrueCrypt [2012.03.24 22:26:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2012.12.16 19:39:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Wireshark [2012.12.17 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\X-Chat 2 ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:F84B8DB5 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:48C30809 < End of report > Geändert von s_V (17.12.2012 um 23:22 Uhr) |
|
20.12.2012, 17:41
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig Hallo und
__________________ Zitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
21.12.2012, 17:24
| #3 |
| | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig Hallo cosinus,
__________________danke für die Antwort. Code:
ATTFilter Search results from Spybot - Search & Destroy
16.12.2012 21:13:02
Scan took 00:28:56.
250 items found.
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\31.7.62.214\com.jeroenwijering.sol
Properties.size=71
Properties.md5=6258C02849F8169B7C5EC203419BCB8B
Properties.filedate=1336225867
Properties.filedatetext=2012-05-05 14:51:06
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\46.19.143.122\com.jeroenwijering.sol
Properties.size=71
Properties.md5=D4479DE6DC868A49A812BE8AF0ED4715
Properties.filedate=1351020617
Properties.filedatetext=2012-10-23 20:30:17
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.blip.tv\com.conviva.livePass.sol
Properties.size=123
Properties.md5=25F1D586DA5E3F0FF914C40D863EF331
Properties.filedate=1348059839
Properties.filedatetext=2012-09-19 14:03:59
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.blip.tv\neighborLoadingStart.sol
Properties.size=54
Properties.md5=93ACA674E318D469B4569E6AAC823EC3
Properties.filedate=1348059838
Properties.filedatetext=2012-09-19 14:03:58
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.vimeocdn.com\com.conviva.livePass.sol
Properties.size=220
Properties.md5=603BAAF76F3F3BF98880BB79C7D6B840
Properties.filedate=1353686615
Properties.filedatetext=2012-11-23 17:03:35
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a248.e.akamai.net\analytics.sol
Properties.size=511
Properties.md5=93391EF66F08C68A4F7279143ED8E50A
Properties.filedate=1355330843
Properties.filedatetext=2012-12-12 17:47:23
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\admin.brightcove.com\analytics.sol
Properties.size=442
Properties.md5=E9563B8FFCBE0163F1A5446038426A86
Properties.filedate=1353164027
Properties.filedatetext=2012-11-17 15:53:46
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\api.zippyshare.com\zippyShare.sol
Properties.size=55
Properties.md5=8193498F9F019CE2E1BE98771F97B4AE
Properties.filedate=1351343758
Properties.filedatetext=2012-10-27 14:15:58
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\assets.mixpod.com\com.quantserve.sol
Properties.size=72
Properties.md5=1588690F02E743BB5FABEF1493DB76CB
Properties.filedate=1331070008
Properties.filedatetext=2012-03-06 22:40:07
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cache.reverbnation.com\com.reverbnation.prowidgets.player.sol
Properties.size=266
Properties.md5=F3EC2E6D01E36C6518B5C17E1CAFD6C6
Properties.filedate=1317400337
Properties.filedatetext=2011-09-30 17:32:17
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cache.spreadshirt.net\sprd_c7_264433.sol
Properties.size=583
Properties.md5=8CE1B256BA5E9C1B37C54CCDE7C4606B
Properties.filedate=1352926803
Properties.filedatetext=2012-11-14 22:00:02
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\analytics.sol
Properties.size=445
Properties.md5=83817D99BE3E5AF93F61CF943DA1167E
Properties.filedate=1355682126
Properties.filedatetext=2012-12-16 19:22:06
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.complexmedianetwork.com\analytics.sol
Properties.size=419
Properties.md5=00CCED78B490B4CC0F74889FFBF567EE
Properties.filedate=1351532241
Properties.filedatetext=2012-10-29 18:37:21
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.pitchfork.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=1DEBD11D564E9E85DAA76EB2061B9653
Properties.filedate=1324224965
Properties.filedatetext=2011-12-18 17:16:05
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\com.quantserve.sol
Properties.size=72
Properties.md5=9CBE44BF89F82BD4F0FD38560B33BF59
Properties.filedate=1327952873
Properties.filedatetext=2012-01-30 20:47:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\configData.sol
Properties.size=313
Properties.md5=5AB617056C97420BFAA7723DABAA3775
Properties.filedate=1318199798
Properties.filedatetext=2011-10-09 23:36:37
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\sessionData.sol
Properties.size=137
Properties.md5=2CE7914FE3283F6EAEA427779E9F0BB8
Properties.filedate=1343587292
Properties.filedatetext=2012-07-29 19:41:31
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\userData.sol
Properties.size=97
Properties.md5=1B21E89E47E7EA5BE4A485493BB35EC3
Properties.filedate=1343589222
Properties.filedatetext=2012-07-29 20:13:41
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.widgetserver.com\wbx_cookie.sol
Properties.size=42
Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134
Properties.filedate=1326401886
Properties.filedatetext=2012-01-12 21:58:06
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ch.mediaplanet.streamingbolaget.se\analytics.sol
Properties.size=450
Properties.md5=3CEFA015A07DB93ABA0512663ACC4511
Properties.filedate=1316797531
Properties.filedatetext=2011-09-23 18:05:31
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\chatango.com\fixed_id.sol
Properties.size=54
Properties.md5=53471B287DEA80178697F0518026FB87
Properties.filedate=1323617971
Properties.filedatetext=2011-12-11 16:39:30
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\chatango.com\mini_login.sol
Properties.size=48
Properties.md5=24D469038E947632F5BA50468F0384C0
Properties.filedate=1332010829
Properties.filedatetext=2012-03-17 20:00:28
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\core.mochibot.com\com.mochibot.sol
Properties.size=105
Properties.md5=9E6FFE8897AC244F9FE650746BCC2876
Properties.filedate=1325154662
Properties.filedatetext=2011-12-29 11:31:01
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\d2ciznq2rtdp7k.cloudfront.net\analytics.sol
Properties.size=442
Properties.md5=70885F797C6AF34F57610528455B7828
Properties.filedate=1334401844
Properties.filedatetext=2012-04-14 12:10:43
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\d2ciznq2rtdp7k.cloudfront.net\com.jeroenwijering.sol
Properties.size=54
Properties.md5=C2E7D33B00591C23E877776C9FE882F2
Properties.filedate=1334401087
Properties.filedatetext=2012-04-14 11:58:07
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\download.liveweb.arte.tv\arteLiveWebVolume.sol
Properties.size=56
Properties.md5=D50306567A6B9A9A4586E8BD94ADF5F4
Properties.filedate=1336168268
Properties.filedatetext=2012-05-04 22:51:08
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\edge.liveleak.com\com.jeroenwijering.sol
Properties.size=61
Properties.md5=0092E422110FC214D072D65DCED601A7
Properties.filedate=1334084808
Properties.filedatetext=2012-04-10 20:06:48
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\effectivemeasure.net\EM_APP.sol
Properties.size=100
Properties.md5=893122AD53BD1E5666B79B5A40808E5C
Properties.filedate=1349426439
Properties.filedatetext=2012-10-05 09:40:39
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\einestages.spiegel.de\BandwidthCache.sol
Properties.size=70
Properties.md5=7D858C59030AD0EF1DD9DE82EBDC5F7A
Properties.filedate=1340630976
Properties.filedatetext=2012-06-25 14:29:35
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\com.jeroenwijerin.players.sol
Properties.size=65
Properties.md5=CBB704DB2110BD6069FDEC5D5EEC853D
Properties.filedate=1318502991
Properties.filedatetext=2011-10-13 11:49:51
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\files.leton.tv\com.jeroenwijering.sol
Properties.size=61
Properties.md5=CE8D542110281FF64046460C0D099227
Properties.filedate=1332001191
Properties.filedatetext=2012-03-17 17:19:51
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\franznicolay.com\sound.sol
Properties.size=167
Properties.md5=E348A76FF987CCD2B16EFAEBE1D29A44
Properties.filedate=1346605830
Properties.filedatetext=2012-09-02 18:10:30
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\freebirdgames.com\com.jeroenwijering.sol
Properties.size=57
Properties.md5=1366968615D695A3BF4DE88D6D613497
Properties.filedate=1348507321
Properties.filedatetext=2012-09-24 18:22:01
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\g-ecx.images-amazon.com\AlbumSampler.sol
Properties.size=52
Properties.md5=2BDD87C44F54C3BB84B60B16E0903D32
Properties.filedate=1320258962
Properties.filedatetext=2011-11-02 19:36:02
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\gp1.wac.edgecastcdn.net\com.reverbnation.prowidgets.player.sol
Properties.size=265
Properties.md5=8A853703643FE0F81F23FEB976C18E58
Properties.filedate=1341516011
Properties.filedatetext=2012-07-05 20:20:10
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ia.media-imdb.com\IMDBTEST.sol
Properties.size=63
Properties.md5=6E61C04D24E93354486B4943E2F22261
Properties.filedate=1355506544
Properties.filedatetext=2012-12-14 18:35:44
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\images-na.ssl-images-amazon.com\mercury.sol
Properties.size=69
Properties.md5=182E729E43AB00E4E416214CC328EAC9
Properties.filedate=1320260482
Properties.filedatetext=2011-11-02 20:01:21
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\images.allocine.fr\AcV_Config.sol
Properties.size=64
Properties.md5=AFD7FF1D5676FF4F952C92C4CA2CF9D9
Properties.filedate=1342108277
Properties.filedatetext=2012-07-12 16:51:17
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\img.ofdb.de\analytics.sol
Properties.size=419
Properties.md5=619FB94A89ABE79B13D721D319D6F47A
Properties.filedate=1354561551
Properties.filedatetext=2012-12-03 20:05:51
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\inwmedia.net\com.jeroenwijering.sol
Properties.size=54
Properties.md5=CA07D7C3078773C3D5671BFDA2EE8BCF
Properties.filedate=1346671987
Properties.filedatetext=2012-09-03 12:33:06
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\is3.myvideo.de\com.conviva.livePass.sol
Properties.size=224
Properties.md5=AF26F9F1BF5062C43FF8AC8CA6288504
Properties.filedate=1352911680
Properties.filedatetext=2012-11-14 17:47:59
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\is5.myvideo.de\com.conviva.livePass.sol
Properties.size=211
Properties.md5=8D3BB96998EE42142224686296367221
Properties.filedate=1351547349
Properties.filedatetext=2012-10-29 22:49:08
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\kiks.yandex.ru\fuid01.sol
Properties.size=188
Properties.md5=81B788EE6EAA69BE2D67EE1E449EC695
Properties.filedate=1341486895
Properties.filedatetext=2012-07-05 12:14:55
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lds.megom.tv\com.jeroenwijering.sol
Properties.size=61
Properties.md5=DC24290810DAB55758C7217C535E9DD2
Properties.filedate=1322924047
Properties.filedatetext=2011-12-03 15:54:06
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\live.castamp.com\com.jeroenwijering.sol
Properties.size=64
Properties.md5=93F0004B2FFB6D3C609E2612B228E72B
Properties.filedate=1322923728
Properties.filedatetext=2011-12-03 15:48:47
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\localhost\FLVPlayerdata.Settings.sol
Properties.size=315
Properties.md5=BE7694098101C55D2967BFC734AD4F12
Properties.filedate=1341395830
Properties.filedatetext=2012-07-04 10:57:10
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\com.conviva.livePass.sol
Properties.size=119
Properties.md5=E3228D899E005FCBBE4C1EEC6210268C
Properties.filedate=1323556647
Properties.filedatetext=2011-12-10 23:37:27
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\com.mtvnservices.media.as3player.model.user.SavedPreferencesVO.sol
Properties.size=184
Properties.md5=3D0BDE718F64E12E8E006306C340C1BC
Properties.filedate=1317331347
Properties.filedatetext=2011-09-29 22:22:26
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\com.quantserve.sol
Properties.size=72
Properties.md5=B160130CAF70278D49264412BC219E65
Properties.filedate=1323556647
Properties.filedatetext=2011-12-10 23:37:27
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\MetadataHistory.sol
Properties.size=3484
Properties.md5=5870943D4CA193A8A30A3E13401161C7
Properties.filedate=1347908042
Properties.filedatetext=2012-09-17 19:54:02
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\OVPMetricsProvider.sol
Properties.size=64
Properties.md5=721858CC1ED3204FDD71832E41A5C1D3
Properties.filedate=1347908042
Properties.filedatetext=2012-09-17 19:54:02
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\playerCounter.sol
Properties.size=294
Properties.md5=874B0029932710FA6CB2CF5EA6D6680F
Properties.filedate=1347908033
Properties.filedatetext=2012-09-17 19:53:53
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\userPrefs4.sol
Properties.size=327
Properties.md5=9928E60891B4EBBD3BC05ACBA2910CEA
Properties.filedate=1347908042
Properties.filedatetext=2012-09-17 19:54:02
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media1.break.com\break.com.sol
Properties.size=60
Properties.md5=A95011595DA284346E6F9CBA4ABD25C5
Properties.filedate=1322136143
Properties.filedatetext=2011-11-24 13:02:22
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mochiads.com\com.mochiads.sol
Properties.size=88
Properties.md5=34FD2743BD723E6A0DAFF75073CE08E8
Properties.filedate=1327511137
Properties.filedatetext=2012-01-25 18:05:37
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mochiads.com\services.mochiads.com.sol
Properties.size=313
Properties.md5=09EC360AAC6EBCE5D32CF7DBE680B5A4
Properties.filedate=1327511138
Properties.filedatetext=2012-01-25 18:05:38
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\omnitureSampleId.sol
Properties.size=55
Properties.md5=E4D5A6AC6C61D567DA27128897CB74C7
Properties.filedate=1330291236
Properties.filedatetext=2012-02-26 22:20:35
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\playerV2.sol
Properties.size=47
Properties.md5=F866CD0B1EF3FD3DF1141E1F9DB1B571
Properties.filedate=1330291246
Properties.filedatetext=2012-02-26 22:20:46
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\s_br.sol
Properties.size=35
Properties.md5=760FCA2DC2B18E30543493B04290322A
Properties.filedate=1330291237
Properties.filedatetext=2012-02-26 22:20:37
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\varo_varoDefault.sol
Properties.size=71
Properties.md5=87EF178F39EDB80D57FA418D57CE93DF
Properties.filedate=1330291237
Properties.filedatetext=2012-02-26 22:20:37
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\nimg.joyclub.de\fupvid.sol
Properties.size=67
Properties.md5=60E0E61EE4218E29AF6B4D106CFBF26C
Properties.filedate=1331333236
Properties.filedatetext=2012-03-09 23:47:15
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\p1.soundcloud.com\analytics.sol
Properties.size=490
Properties.md5=D2161BD96A0D4E1E8796329BD91B57A1
Properties.filedate=1355433129
Properties.filedatetext=2012-12-13 22:12:09
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\play.sawlive.tv\com.jeroenwijering.sol
Properties.size=61
Properties.md5=97F9869DF2E41C65B77E9DFC5F6B8ECC
Properties.filedate=1332012009
Properties.filedatetext=2012-03-17 20:20:08
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\auth.sol
Properties.size=70
Properties.md5=415793D0ED99FF6C7BC441C81EB067B7
Properties.filedate=1324047960
Properties.filedatetext=2011-12-16 16:06:00
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\auth2.sol
Properties.size=152
Properties.md5=38E895BB005F09E557B3775D249C5655
Properties.filedate=1324050129
Properties.filedatetext=2011-12-16 16:42:08
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\perf.sol
Properties.size=125
Properties.md5=1846AF8D18549099D176B7952BC31D80
Properties.filedate=1324050070
Properties.filedatetext=2011-12-16 16:41:09
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\pub.widgetbox.com\wbx_cookie.sol
Properties.size=42
Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134
Properties.filedate=1326401895
Properties.filedatetext=2012-01-12 21:58:15
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\reverbnation.com\com.quantserve.sol
Properties.size=73
Properties.md5=1F20979ACE4021197CE0AA744FED6265
Properties.filedate=1351809877
Properties.filedatetext=2012-11-01 23:44:37
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\reverbnation.com\ReverbNationAllowSpace.sol
Properties.size=72
Properties.md5=619022739B3626091BE5647F5B902170
Properties.filedate=1322927460
Properties.filedatetext=2011-12-03 16:50:59
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s-static.ak.fbcdn.net\www.myspace.com.sol
Properties.size=85
Properties.md5=D9DD9D9E757300DB5BAC82D03E52053E
Properties.filedate=1325241491
Properties.filedatetext=2011-12-30 11:38:11
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.mcstatic.com\analytics.sol
Properties.size=563
Properties.md5=B98DFC63276D3D8CBB92B3FBB53E7D48
Properties.filedate=1335132348
Properties.filedatetext=2012-04-22 23:05:48
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.mcstatic.com\vpPrefs.sol
Properties.size=40
Properties.md5=0F551541154188563496B48BF16BA8AB
Properties.filedate=1335132087
Properties.filedatetext=2012-04-22 23:01:27
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\restore.sol
Properties.size=62
Properties.md5=FD7C8DD87D962EA1D7A45D4A0C46C52C
Properties.filedate=1355504599
Properties.filedatetext=2012-12-14 18:03:18
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\soundData.sol
Properties.size=80
Properties.md5=2004A09C24D7EF04FF2F3FDE9332594F
Properties.filedate=1355688043
Properties.filedatetext=2012-12-16 21:00:42
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\subtitlesModuleData.sol
Properties.size=180
Properties.md5=6B908CDF537928A266784CE9A038AE65
Properties.filedate=1331407479
Properties.filedatetext=2012-03-10 20:24:39
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\videostats.sol
Properties.size=275
Properties.md5=ED193D8F573A733B143CF523AD58FFFC
Properties.filedate=1355688166
Properties.filedatetext=2012-12-16 21:02:45
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\_ggCvar.sol
Properties.size=72
Properties.md5=F7579149B88F955582FCA9AD872E23E4
Properties.filedate=1329493964
Properties.filedatetext=2012-02-17 16:52:44
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\_ggCvar_temp.sol
Properties.size=77
Properties.md5=C249B04FBE2B7DE9C3FE7E3C8AAF8DDE
Properties.filedate=1329493964
Properties.filedatetext=2012-02-17 16:52:44
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\_ggMCvar_1.sol
Properties.size=183
Properties.md5=516B9B9716BAAC22485CEA8660994AE1
Properties.filedate=1329493974
Properties.filedatetext=2012-02-17 16:52:54
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\_ggCvar.sol
Properties.size=74
Properties.md5=C3B72B63BE443AE6539350A2EE25B86F
Properties.filedate=1322136146
Properties.filedatetext=2011-11-24 13:02:25
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\_ggCvar_temp.sol
Properties.size=79
Properties.md5=ECA03D04D5D5AAC911E5F4B255EABE86
Properties.filedate=1322136146
Properties.filedatetext=2011-11-24 13:02:25
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\_ggMCvar_1.sol
Properties.size=74
Properties.md5=F1E605F2631186755D09DC6D23F91067
Properties.filedate=1328123615
Properties.filedatetext=2012-02-01 20:13:35
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secureinclude.ebaystatic.com\ebayLSO.sol
Properties.size=131
Properties.md5=66A38848242B51077AC8660837AD48A7
Properties.filedate=1322060949
Properties.filedatetext=2011-11-23 16:09:09
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secureinclude.ebaystatic.com\ebayT.sol
Properties.size=39
Properties.md5=B43F43445AA3414DDC22EC80FBB22871
Properties.filedate=1322060949
Properties.filedatetext=2011-11-23 16:09:09
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ssl.hurra.com\restore.hurra.com.sol
Properties.size=178
Properties.md5=67D4410AB35B8F7DE8CA5392400C3B4E
Properties.filedate=1347907029
Properties.filedatetext=2012-09-17 19:37:09
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static-cdn1.ustream.tv\com.conviva.livePass.sol
Properties.size=220
Properties.md5=048754E44EDAA54022AB367EE94F7C33
Properties.filedate=1341395033
Properties.filedatetext=2012-07-04 10:43:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static-cdn1.ustream.tv\flash.viewer.sol
Properties.size=14834
Properties.md5=ED04AD17C971754885F03B87E0F95F02
Properties.filedate=1341395028
Properties.filedatetext=2012-07-04 10:43:47
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.castalba.tv\com.jeroenwijering.sol
Properties.size=71
Properties.md5=4DE84B8C06728A110FB5F888383605BA
Properties.filedate=1348684136
Properties.filedatetext=2012-09-26 19:28:55
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.issuu.com\analytics.sol
Properties.size=419
Properties.md5=171E21EBDFAFFD06E1159FF628E37182
Properties.filedate=1353241037
Properties.filedatetext=2012-11-18 13:17:16
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.issuu.com\com.quantserve.sol
Properties.size=72
Properties.md5=8E58A22D0AC1C19B6D7A5E1AD2043082
Properties.filedate=1319116244
Properties.filedatetext=2011-10-20 14:10:43
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.vipi.tv\com.jeroenwijering.sol
Properties.size=61
Properties.md5=92E85CEA0E6B96BB41248A647E0EA9F2
Properties.filedate=1334084750
Properties.filedatetext=2012-04-10 20:05:49
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.wix.com\WixComputerID.sol
Properties.size=153
Properties.md5=BB9F92B9E2067110E8EB5E2F500E063D
Properties.filedate=1319217016
Properties.filedatetext=2011-10-21 18:10:15
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.youku.com\YOUKU_FSO_PROXY.sol
Properties.size=4850
Properties.md5=A37E265DC8F02DC71356CF89624334EE
Properties.filedate=1335642019
Properties.filedatetext=2012-04-28 20:40:18
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static1.4players.de\analytics.sol
Properties.size=419
Properties.md5=6E634EB2769B29CF0DF5DC99D3FC819B
Properties.filedate=1353273114
Properties.filedatetext=2012-11-18 22:11:54
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static1.dmcdn.net\com.dm.player.sol
Properties.size=207
Properties.md5=611E7DB2EE2F9B0021B97EDFE9476A7F
Properties.filedate=1351167596
Properties.filedatetext=2012-10-25 13:19:56
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static2.4players.de\analytics.sol
Properties.size=419
Properties.md5=69AAF2E9B7A3920C5702C555AE2D3732
Properties.filedate=1353357919
Properties.filedatetext=2012-11-19 21:45:18
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static2.4players.de\com.jeroenwijering.sol
Properties.size=54
Properties.md5=55EC6844BFD8A93E673A801E8D0FD254
Properties.filedate=1348688812
Properties.filedatetext=2012-09-26 20:46:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\streami.tv\analytics.sol
Properties.size=452
Properties.md5=EF63C8580DA4F6B03D330BF110A267C3
Properties.filedate=1351020473
Properties.filedatetext=2012-10-23 20:27:53
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video.google.com\videostats.sol
Properties.size=85
Properties.md5=9D4A3744D3C9FA89B62EA6DD1F72D845
Properties.filedate=1335131410
Properties.filedatetext=2012-04-22 22:50:10
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video3.hidemyass.com\com.jeroenwijering.sol
Properties.size=50
Properties.md5=568E8E9B9C9FD7B473D201BD0638FBFB
Properties.filedate=1322058853
Properties.filedatetext=2011-11-23 15:34:12
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\village-plingaplay.s3.amazonaws.com\de-DE_netlog_psgn16191599_zoomlevel_key.sol
Properties.size=104
Properties.md5=53D964AA88B2851C2CAF80518337C0F3
Properties.filedate=1355089240
Properties.filedatetext=2012-12-09 22:40:40
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\village-plingaplay.s3.amazonaws.com\TestFile.sol
Properties.size=39
Properties.md5=D95A82B4AF2AAFE46A5DFB646FC06163
Properties.filedate=1355089239
Properties.filedatetext=2012-12-09 22:40:39
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\web.de\PF_LSOConnector.sol
Properties.size=56
Properties.md5=4B3D38B315AC41D53E60BD5E08B0982F
Properties.filedate=1325350913
Properties.filedatetext=2011-12-31 18:01:53
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.007stream.com\com.jeroenwijering.sol
Properties.size=71
Properties.md5=0CFE195CC7A24AA0F642917B3B275D06
Properties.filedate=1329673398
Properties.filedatetext=2012-02-19 18:43:17
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.arte.tv\analytics.sol
Properties.size=419
Properties.md5=4EAB06AC8548515DC07BEFBDB0A54BC2
Properties.filedate=1327703054
Properties.filedatetext=2012-01-27 23:24:13
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.bangbus.com\com.jeroenwijering.sol
Properties.size=54
Properties.md5=EBFF76DC12D4C60772D2847D3E066287
Properties.filedate=1338990578
Properties.filedatetext=2012-06-06 14:49:37
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.channel4.com\channel4.com.sol
Properties.size=61
Properties.md5=72D101440569CF496F75DF3EC2DF394C
Properties.filedate=1329493962
Properties.filedatetext=2012-02-17 16:52:41
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.chilloutzone.net\analytics.sol
Properties.size=419
Properties.md5=1EBE59C39534A9A1FFBA08E0D1EBE0DD
Properties.filedate=1346925617
Properties.filedatetext=2012-09-06 11:00:17
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.chilloutzone.net\chill.videoplayer.models.UserSettingsModel.sol
Properties.size=104
Properties.md5=2B1FEC2179E543486E12BDA77A054B2C
Properties.filedate=1346925617
Properties.filedatetext=2012-09-06 11:00:17
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.do1.tv\com.jeroenwijering.sol
Properties.size=71
Properties.md5=F19CF249E1C2D95B7AD8B47F5FC41488
Properties.filedate=1337550951
Properties.filedatetext=2012-05-20 22:55:50
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.hardwareclips.com\analytics.sol
Properties.size=473
Properties.md5=E13F85A86A32D1DEE2C035FA20BDE382
Properties.filedate=1352153271
Properties.filedatetext=2012-11-05 23:07:50
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.hofer.at\com.jeroenwijering.sol
Properties.size=54
Properties.md5=300A0DDA65C00B91A04A5FC74870E05D
Properties.filedate=1326485639
Properties.filedatetext=2012-01-13 21:13:59
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.launchlive.tv\com.jeroenwijering.sol
Properties.size=54
Properties.md5=0E08BDC0843A2D3F0B261A8BF95EBEFB
Properties.filedate=1343848654
Properties.filedatetext=2012-08-01 20:17:34
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.mixcloud.com\analytics.sol
Properties.size=456
Properties.md5=178F01BF672DFFA3A24BBACA50E5D2CC
Properties.filedate=1355330772
Properties.filedatetext=2012-12-12 17:46:11
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.ofdb.de\analytics.sol
Properties.size=442
Properties.md5=9E606288F0E23B9A7F222A5A40AFA861
Properties.filedate=1354561551
Properties.filedatetext=2012-12-03 20:05:51
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\IxoSO.sol
Properties.size=38
Properties.md5=4C00D8274E240534CEF5895C4FC413B6
Properties.filedate=1323709912
Properties.filedatetext=2011-12-12 18:11:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\paypalLSO.sol
Properties.size=111
Properties.md5=9783FC84E945348F84269B891511E87F
Properties.filedate=1323709912
Properties.filedatetext=2011-12-12 18:11:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\ppLsoTest.sol
Properties.size=48
Properties.md5=74EE4375686A2069414EEF13E7B62789
Properties.filedate=1322061072
Properties.filedatetext=2011-11-23 16:11:12
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.playlist.com\ppl6.sol
Properties.size=245
Properties.md5=D274AF49725AEC522DD83461E6C80852
Properties.filedate=1325009224
Properties.filedatetext=2011-12-27 19:07:03
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.plimus.com\plimus_user_data.sol
Properties.size=53
Properties.md5=EFF98F98688F7CA88E590DBF98B9B73B
Properties.filedate=1348507374
Properties.filedatetext=2012-09-24 18:22:54
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\acudeoSession.sol
Properties.size=121
Properties.md5=1BB0E440942A955E45A98F070DF99BFF
Properties.filedate=1325103542
Properties.filedatetext=2011-12-28 21:19:02
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\com.quantserve.sol
Properties.size=72
Properties.md5=B58FA731D4DC7D6B2423744AB62A6BAD
Properties.filedate=1325100611
Properties.filedatetext=2011-12-28 20:30:10
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\SS_ARE_Override.sol
Properties.size=57
Properties.md5=26FD3BC015241B0A5DF955E7606041FF
Properties.filedate=1325100608
Properties.filedatetext=2011-12-28 20:30:07
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.sadistic.pl\com.jeroenwijering.sol
Properties.size=54
Properties.md5=192A0A9819728FD0A252C6DA94602762
Properties.filedate=1350576986
Properties.filedatetext=2012-10-18 17:16:25
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.spiegel.de\BandwidthCache.sol
Properties.size=70
Properties.md5=B755828078A2A8BE3925DD98C0AED48E
Properties.filedate=1355567561
Properties.filedatetext=2012-12-15 11:32:41
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.spiegel.de\spon_fussball.sol
Properties.size=50
Properties.md5=D9C34BF5E48714B1D6FA07A8909D1B71
Properties.filedate=1319390944
Properties.filedatetext=2011-10-23 18:29:03
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.streamiton.tv\analytics.sol
Properties.size=453
Properties.md5=0F35CA32441C0960C4D32FECFF6BB460
Properties.filedate=1336232941
Properties.filedatetext=2012-05-05 16:49:00
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.streamiton.tv\com.jeroenwijering.sol
Properties.size=71
Properties.md5=FDE2CC0295BE56038E3560332EEEC816
Properties.filedate=1336232940
Properties.filedatetext=2012-05-05 16:49:00
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.super8-movie.com\analytics.sol
Properties.size=436
Properties.md5=EB78BAC2707B408AD0B89D20DFA8A874
Properties.filedate=1321452383
Properties.filedatetext=2011-11-16 15:06:23
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\analytics.sol
Properties.size=526
Properties.md5=78086EAEBA126F5838817499EBA9F4E6
Properties.filedate=1348577382
Properties.filedatetext=2012-09-25 13:49:42
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\OVPMetricsProvider.sol
Properties.size=64
Properties.md5=1BC17E9100EA5085F971F006A7EDC38A
Properties.filedate=1339239042
Properties.filedatetext=2012-06-09 11:50:42
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.vuvox.com\analytics.sol
Properties.size=419
Properties.md5=678F3B2234C1854B05AE666943A24989
Properties.filedate=1341501068
Properties.filedatetext=2012-07-05 16:11:08
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.zdf.de\com.conviva.livePass.sol
Properties.size=229
Properties.md5=EB88D900E68513D2B0CDD10C4B7217C1
Properties.filedate=1353586757
Properties.filedatetext=2012-11-22 13:19:16
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\megaservicesuser.sol
Properties.size=113
Properties.md5=3F283A71DB5125EF8E17F762AB12F6B8
Properties.filedate=1326181830
Properties.filedatetext=2012-01-10 08:50:29
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\megavideoads.sol
Properties.size=42
Properties.md5=CB994F6C1994CD4AABDA68907E4E695B
Properties.filedate=1326124695
Properties.filedatetext=2012-01-09 16:58:15
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\megavideouser.sol
Properties.size=83
Properties.md5=5C07525AF4634571E4FB57035215DFE9
Properties.filedate=1320790320
Properties.filedatetext=2011-11-08 23:12:00
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\usersettings.sol
Properties.size=48
Properties.md5=FBAB78203096F8D4688CBC9655315F5E
Properties.filedate=1320786620
Properties.filedatetext=2011-11-08 22:10:19
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\x.myspacecdn.com\SpaceMusic.sol
Properties.size=82
Properties.md5=5B60394A8A241AE1E26C242D1FD9BBF7
Properties.filedate=1320165038
Properties.filedatetext=2011-11-01 17:30:37
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\aa.online-metrix.net\fpc.swf\session.sol
Properties.size=76
Properties.md5=D9B26D9A0A719A6B3816B2CC09DC6345
Properties.filedate=1329573292
Properties.filedatetext=2012-02-18 14:54:52
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cheshire.cat.xmlrequest.info\homepage.swf\1166483_0_en.sol
Properties.size=5832
Properties.md5=B614F5A974F0B0EE492B8D5A6243F072
Properties.filedate=1351020618
Properties.filedatetext=2012-10-23 20:30:17
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\dl.edge-cdn.net\#sParkFolder\ID.sol
Properties.size=105
Properties.md5=D6D13A3902F167F5C9402862378765C7
Properties.filedate=1321471230
Properties.filedatetext=2011-11-16 20:20:30
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\videoplayer.swf\dat.sol
Properties.size=34
Properties.md5=9C83FB1711F7D3526B09F96667E7F030
Properties.filedate=1354650262
Properties.filedatetext=2012-12-04 20:44:21
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\videoplayer3.swf\dat.sol
Properties.size=41
Properties.md5=7AE4D08BD39421BD91447586C254E74C
Properties.filedate=1355665067
Properties.filedatetext=2012-12-16 14:37:47
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xembed5.swf\dat.sol
Properties.size=41
Properties.md5=B7F8A1A0103AC26FF7CF0415A0AB18A9
Properties.filedate=1346428320
Properties.filedatetext=2012-08-31 16:52:00
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer.swf\dat.sol
Properties.size=34
Properties.md5=9C83FB1711F7D3526B09F96667E7F030
Properties.filedate=1319104346
Properties.filedatetext=2011-10-20 10:52:25
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer2.swf\dat.sol
Properties.size=34
Properties.md5=9C83FB1711F7D3526B09F96667E7F030
Properties.filedate=1353935816
Properties.filedatetext=2012-11-26 14:16:56
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer3.swf\dat.sol
Properties.size=41
Properties.md5=E7E612969BC317B02D7CDF7EEB5A5065
Properties.filedate=1353934824
Properties.filedatetext=2012-11-26 14:00:24
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ftp.banners-service.info\scroller.swf\1162251_0_en.sol
Properties.size=5537
Properties.md5=A07EAB85B41733B8D1C99D5EF5503837
Properties.filedate=1351020618
Properties.filedatetext=2012-10-23 20:30:18
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\grooveshark.com\facebookWidget.swf\gsGlobal.sol
Properties.size=102
Properties.md5=46E15104F5A5F8C62CDBE13890F8E6A0
Properties.filedate=1317392738
Properties.filedatetext=2011-09-30 15:25:38
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\grooveshark.com\widget.swf\gsGlobal.sol
Properties.size=103
Properties.md5=3FC35B72F9C6E62EB1754160E8FC8CA1
Properties.filedate=1322665033
Properties.filedatetext=2011-11-30 15:57:12
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\p1.soundcloud.com\player.swf\SCPlayer.sol
Properties.size=72
Properties.md5=024EE16099712EED1792A9861903B8FB
Properties.filedate=1341688379
Properties.filedatetext=2012-07-07 20:12:58
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-126-homad.swf\sptv-shared.sol
Properties.size=47
Properties.md5=C910C88A2146EFDDC7932B44BB3E5AFD
Properties.filedate=1325950072
Properties.filedatetext=2012-01-07 16:27:52
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-165-homad.swf\sptv-shared.sol
Properties.size=48
Properties.md5=B99B9A94838BE3FCE4D1F0F5755EA491
Properties.filedate=1329933531
Properties.filedatetext=2012-02-22 18:58:50
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-191-homad.swf\sptv-shared.sol
Properties.size=48
Properties.md5=1DF3472C491EF825C1FF698E11A5E07B
Properties.filedate=1335467034
Properties.filedatetext=2012-04-26 20:03:54
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-198-homad.swf\sptv-shared.sol
Properties.size=61
Properties.md5=B3985DBECBF26E3DC79CB6D8834F7873
Properties.filedate=1337266572
Properties.filedatetext=2012-05-17 15:56:11
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-218-homad.swf\sptv-shared.sol
Properties.size=49
Properties.md5=5BA29E9EEB0660F7B623ED15EB72B7B6
Properties.filedate=1346098119
Properties.filedatetext=2012-08-27 21:08:39
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-96.swf\sptv-shared.sol
Properties.size=47
Properties.md5=0CEE0741B9834B881D5B92E20FBD7919
Properties.filedate=1318517993
Properties.filedatetext=2011-10-13 15:59:52
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\rapidgator.net\storage.swf\dp.sol
Properties.size=107
Properties.md5=74AA36BCFED87638A52FC7431E9341BB
Properties.filedate=1335466815
Properties.filedatetext=2012-04-26 20:00:15
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\track.webgains.com\wg.swf\1425.sol
Properties.size=310
Properties.md5=E14022A099B587F85C883CA4AEAE04CF
Properties.filedate=1348948546
Properties.filedatetext=2012-09-29 20:55:46
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol
Properties.size=94
Properties.md5=A5B71A46809D655E111DEAE472E3BFFA
Properties.filedate=1317064333
Properties.filedatetext=2011-09-26 20:12:13
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.clipfish.de\videoplayer.swf\ClipfishVideoPlayer.sol
Properties.size=78
Properties.md5=EB9889D6828341A8F1C5E25D51479B1A
Properties.filedate=1325341894
Properties.filedatetext=2011-12-31 15:31:33
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\embed-20120228.swf\tapeTvStats.sol
Properties.size=94
Properties.md5=55F4034E615132D62D0A1E3C5716D2C9
Properties.filedate=1336215100
Properties.filedatetext=2012-05-05 11:51:39
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\embed-20120803.swf\tapeTvStats.sol
Properties.size=94
Properties.md5=C12BFA770EBB36F3553C6C1B9FF00391
Properties.filedate=1348577245
Properties.filedatetext=2012-09-25 13:47:24
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20111219.swf\tapeTvStats.sol
Properties.size=94
Properties.md5=C12BFA770EBB36F3553C6C1B9FF00391
Properties.filedate=1326040481
Properties.filedatetext=2012-01-08 17:34:40
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120118.swf\tapeTvSound.sol
Properties.size=56
Properties.md5=80C00E3289BF30AB9BBF7AFFB1545308
Properties.filedate=1329685159
Properties.filedatetext=2012-02-19 21:59:18
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120118.swf\tapeTvStats.sol
Properties.size=94
Properties.md5=55F4034E615132D62D0A1E3C5716D2C9
Properties.filedate=1329684900
Properties.filedatetext=2012-02-19 21:55:00
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120228.swf\tapeTvStats.sol
Properties.size=94
Properties.md5=E300151CE20D5B32CD4D7F3F65DB606B
Properties.filedate=1339238981
Properties.filedatetext=2012-06-09 11:49:40
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.wolfgangthust.net\website.swf\volumeStatus.sol
Properties.size=44
Properties.md5=21EEC96950F847E2CA0A351073098CAC
Properties.filedate=1325670230
Properties.filedatetext=2012-01-04 10:43:50
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a248.e.akamai.net\swf.soundcloud.com\player.swf\SCPlayer.sol
Properties.size=72
Properties.md5=6C5BF01FB3DEBF9B1ADA2B4A6EAD7ED0
Properties.filedate=1349973591
Properties.filedatetext=2012-10-11 17:39:51
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\babystrology.com\tickers\baby-ticker-glass.swf\babyCounterState.sol
Properties.size=62
Properties.md5=7F144997F841EE5FE2CB70BD5BAD7416
Properties.filedate=1321272292
Properties.filedatetext=2011-11-14 13:04:51
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\bilder.rtl.de\flash\david09_player.swf\rtl.sol
Properties.size=35
Properties.md5=F240BC8ED3BD00819E900DB730F278F4
Properties.filedate=1319489595
Properties.filedatetext=2011-10-24 21:53:15
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\bilder.rtl.de\flash\david09_player.swf\userinfo6.sol
Properties.size=51
Properties.md5=F866E0C8D6F02E1676850739D8C36DE0
Properties.filedate=1327389165
Properties.filedatetext=2012-01-24 08:12:45
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\embedV2-13392.swf\tapeTvStats.sol
Properties.size=94
Properties.md5=6B44D1F3FE34DF5BE019F0798C16AE2C
Properties.filedate=1352317199
Properties.filedatetext=2012-11-07 20:39:59
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13326.swf\tapeAdblockerCheckC.sol
Properties.size=68
Properties.md5=F8A714DF40786CF5CE7BDEF79D0BF845
Properties.filedate=1351343651
Properties.filedatetext=2012-10-27 14:14:11
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13326.swf\tapeTvStats.sol
Properties.size=94
Properties.md5=6B44D1F3FE34DF5BE019F0798C16AE2C
Properties.filedate=1351343655
Properties.filedatetext=2012-10-27 14:14:14
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13862.swf\tapeAdblockerCheckC.sol
Properties.size=68
Properties.md5=EA89A75B93DC3C4278E523D5F13354EE
Properties.filedate=1355666604
Properties.filedatetext=2012-12-16 15:03:24
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13862.swf\tapeTvStats.sol
Properties.size=94
Properties.md5=55F4034E615132D62D0A1E3C5716D2C9
Properties.filedate=1355666634
Properties.filedatetext=2012-12-16 15:03:54
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.livestream.com\grid\LSPlayer.swf\PlayerCookie.sol
Properties.size=44
Properties.md5=B6F9A54DA5326B4E5C6F86EBF2E2DA74
Properties.filedate=1325536862
Properties.filedatetext=2012-01-02 21:41:02
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\embed.wistia.com\flash\embed_player_v2.0.swf\settings.sol
Properties.size=141
Properties.md5=EFC98BCC47FA941D1E46B371219D5946
Properties.filedate=1339447779
Properties.filedatetext=2012-06-11 21:49:38
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lads.myspace.com\videos\MSVideoPlayer.swf\preferences.sol
Properties.size=160
Properties.md5=74E3FD2180741DDB07B3C54F09EC79BB
Properties.filedate=1333654774
Properties.filedatetext=2012-04-05 20:39:33
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lads.myspace.com\videos\vplayer.swf\preferences.sol
Properties.size=153
Properties.md5=FBAE814E469BB2B155236A0125759F2E
Properties.filedate=1343587162
Properties.filedatetext=2012-07-29 19:39:22
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mojnet.com\player\player_v4.swf\mojvideoPlayer.sol
Properties.size=70
Properties.md5=ABD8D7C0EF69E1C7EC05907530AD921A
Properties.filedate=1325092264
Properties.filedatetext=2011-12-28 18:11:03
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\standard.webfreetv.com\videos\derstandard.swf\webfreetv.sol
Properties.size=45
Properties.md5=3E789EF84ABA619335225F6DE731DFE5
Properties.filedate=1348930180
Properties.filedatetext=2012-09-29 15:49:39
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\streami.tv\fp\flowplayer.commercial-3.2.15.swf\org.flowplayer.sol
Properties.size=60
Properties.md5=9153E20A5722A50577265DCD47CA5C43
Properties.filedate=1351019828
Properties.filedatetext=2012-10-23 20:17:07
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\tv.sport1.de\player\sport1player10228.swf\akamaiflashplayer.sol
Properties.size=49
Properties.md5=B58EEB979917ADB702A5977D35861453
Properties.filedate=1326030459
Properties.filedatetext=2012-01-08 14:47:38
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\twitter.com\flash\twitter_badge.swf\OdeoPodcastPlayerColors.sol
Properties.size=64
Properties.md5=65627E809506705BDA290746E3B89EFC
Properties.filedate=1351531442
Properties.filedatetext=2012-10-29 18:24:02
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.divshare.com\flash\audio_embed\divShareAudioPlayer_v3.sol
Properties.size=61
Properties.md5=CBA7357087B27AD0B45BADB6BE95DED6
Properties.filedate=1331410687
Properties.filedatetext=2012-03-10 21:18:06
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.ersties.com\flowplayer\flowplayer.commercial-3.2.5.swf\org.flowplayer.sol
Properties.size=60
Properties.md5=180B425B659ECE264684E4F035E572BF
Properties.filedate=1337029522
Properties.filedatetext=2012-05-14 22:05:21
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.musicline.de\player_flash_banner\player.swf\userPrefs.sol
Properties.size=54
Properties.md5=0A09874BC558DC13F12F90FB3DFE49FC
Properties.filedate=1349974087
Properties.filedatetext=2012-10-11 17:48:06
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.trinkgut.de\handzettel\geniesser.swf\megazine3.sol
Properties.size=76
Properties.md5=738F8794A836559017AB904832F5063F
Properties.filedate=1348504419
Properties.filedatetext=2012-09-24 17:33:38
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.unsigned.com\swf\base_player_new_mp_narrow.swf\TestMovie_Config_Info.sol
Properties.size=341
Properties.md5=BF789E25C85AA3A0621A8C653BC448E5
Properties.filedate=1317836690
Properties.filedatetext=2011-10-05 18:44:49
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.youtubeunblocker.org\plugins\flowplayer-3.2.0.swf\org.flowplayer.sol
Properties.size=60
Properties.md5=180B425B659ECE264684E4F035E572BF
Properties.filedate=1335133519
Properties.filedatetext=2012-04-22 23:25:18
MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
DoubleClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
FastClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
Zedo: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
Right Media: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: *** (default)) (Browser: Cookie, nothing done)
Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: *** (default)) (Browser: Cookie, nothing done)
Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: *** (default)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: *** (default)) (Browser: Cookie, nothing done)
WebTrends live: [SBI $8E73A7FB] Tracking cookie (Firefox: *** (default)) (Browser: Cookie, nothing done)
Log: [SBI $8E73A7FB] Install: comsetup.log (File, nothing done)
C:\Windows\comsetup.log
Properties.size=6167
Properties.md5=C93454C2F19E7A4271AC99F7025F2E4A
Properties.filedate=1268754465
Properties.filedatetext=2010-03-16 16:47:44
Log: [SBI $8E73A7FB] Install: Directx.log (File, nothing done)
C:\Windows\Directx.log
Properties.size=82751
Properties.md5=988315F17EC67A995A397239551AEF96
Properties.filedate=1289229850
Properties.filedatetext=2010-11-08 16:24:10
Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=91640129
Properties.md5=DFB4828A15E50FDAF65536C3C3E5E3EB
Properties.filedate=1355686433
Properties.filedatetext=2012-12-16 20:33:52
Log: [SBI $8E73A7FB] Install: DtcInstall.log (File, nothing done)
C:\Windows\DtcInstall.log
Properties.size=4141
Properties.md5=0224BE350CEA6CA4734B2278A293CE63
Properties.filedate=1268754332
Properties.filedatetext=2010-03-16 16:45:32
Gabest Media Player Classic: [SBI $E81D76E1] Last captured file (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Capture\FileName
Gabest Media Player Classic: [SBI $A8B11633] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Recent File List
Gabest Media Player Classic: [SBI $82DC324C] Recent dub list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Recent Dub List
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $787DC1A1] Open with list - .001 extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList
Windows.OpenWith: [SBI $09B2DC6B] Open with list - .002 extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList
Windows.OpenWith: [SBI $26F7D72D] Open with list - .003 extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList
Windows.OpenWith: [SBI $EA2CE7FF] Open with list - .004 extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.004\OpenWithList
Windows.OpenWith: [SBI $C569ECB9] Open with list - .005 extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList
Windows.OpenWith: [SBI $B4A6F173] Open with list - .006 extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $9130BCC8] Open with list - .AVS extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVS\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Windows.OpenWith: [SBI $F34FE1D0] Open with list - .CUE extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\ArcHistory
WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\General\LastFolder
WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\DialogEditHistory\ExtrPath
Cookie: [SBI $49804B54] Browser: Cookie (130) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (1693) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (544) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (3273) (Browser: Cookie, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---
2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2012-12-16 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
|
|
21.12.2012, 17:29
| #4 |
| | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig und noch eins, "SDCleaner.txt". Das andere war das vom Check. Code:
ATTFilter [i] 2012-12-16 21:15:54 :
[i] 2012-12-16 21:15:54 Processing: 121216-204405.xml
[i] 2012-12-16 21:15:54 :
[i] 2012-12-16 21:15:54 Product: Macromedia.FlashPlayer.Cookies
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\31.7.62.214\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\46.19.143.122\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.blip.tv\ com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.blip.tv\ neighborLoadingStart.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.vimeocdn.com\ com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a248.e.akamai.net\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\admin.brightcove.com\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\api.zippyshare.com\ zippyShare.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\assets.mixpod.com\ com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cache.reverbnation.com\ com.reverbnation.prowidgets.player.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cache.spreadshirt.net\ sprd_c7_264433.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.complexmedianetwork.com\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.pitchfork.com\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\ com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\ configData.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\ sessionData.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\ userData.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.widgetserver.com\ wbx_cookie.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ch.mediaplanet.streamingbolaget.se\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\chatango.com\ fixed_id.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\chatango.com\ mini_login.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\core.mochibot.com\ com.mochibot.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\d2ciznq2rtdp7k.cloudfront.net\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\d2ciznq2rtdp7k.cloudfront.net\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\download.liveweb.arte.tv\ arteLiveWebVolume.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\edge.liveleak.com\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\effectivemeasure.net\ EM_APP.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\einestages.spiegel.de\ BandwidthCache.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\ com.jeroenwijerin.players.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\files.leton.tv\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\franznicolay.com\ sound.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\freebirdgames.com\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\g-ecx.images-amazon.com\ AlbumSampler.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\gp1.wac.edgecastcdn.net\ com.reverbnation.prowidgets.player.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ia.media-imdb.com\ IMDBTEST.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\images-na.ssl-images-amazon.com\ mercury.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\images.allocine.fr\ AcV_Config.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\img.ofdb.de\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\inwmedia.net\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\is3.myvideo.de\ com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\is5.myvideo.de\ com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\kiks.yandex.ru\ fuid01.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lds.megom.tv\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\live.castamp.com\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\localhost\ FLVPlayerdata.Settings.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\ com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\ com.mtvnservices.media.as3player.model.user.SavedPreferencesVO.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\ com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\ MetadataHistory.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\ OVPMetricsProvider.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\ playerCounter.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\ userPrefs4.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media1.break.com\ break.com.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mochiads.com\ com.mochiads.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mochiads.com\ services.mochiads.com.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\ omnitureSampleId.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\ playerV2.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\ s_br.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\ varo_varoDefault.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\nimg.joyclub.de\ fupvid.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\p1.soundcloud.com\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\play.sawlive.tv\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\ auth.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\ auth2.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\ perf.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\pub.widgetbox.com\ wbx_cookie.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\reverbnation.com\ com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\reverbnation.com\ ReverbNationAllowSpace.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s-static.ak.fbcdn.net\ www.myspace.com.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.mcstatic.com\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.mcstatic.com\ vpPrefs.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\ restore.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\ soundData.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\ subtitlesModuleData.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\ videostats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\ _ggCvar.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\ _ggCvar_temp.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\ _ggMCvar_1.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\ _ggCvar.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\ _ggCvar_temp.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\ _ggMCvar_1.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secureinclude.ebaystatic.com\ ebayLSO.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secureinclude.ebaystatic.com\ ebayT.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ssl.hurra.com\ restore.hurra.com.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static-cdn1.ustream.tv\ com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static-cdn1.ustream.tv\ flash.viewer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.castalba.tv\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.issuu.com\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.issuu.com\ com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.vipi.tv\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.wix.com\ WixComputerID.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.youku.com\ YOUKU_FSO_PROXY.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static1.4players.de\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static1.dmcdn.net\ com.dm.player.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static2.4players.de\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static2.4players.de\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\streami.tv\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video.google.com\ videostats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video3.hidemyass.com\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\village-plingaplay.s3.amazonaws.com\ de-DE_netlog_psgn16191599_zoomlevel_key.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\village-plingaplay.s3.amazonaws.com\ TestFile.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\web.de\ PF_LSOConnector.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.007stream.com\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.arte.tv\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.bangbus.com\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.channel4.com\ channel4.com.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.chilloutzone.net\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.chilloutzone.net\ chill.videoplayer.models.UserSettingsModel.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.do1.tv\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.hardwareclips.com\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.hofer.at\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.launchlive.tv\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.mixcloud.com\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.ofdb.de\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\ IxoSO.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\ paypalLSO.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\ ppLsoTest.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.playlist.com\ ppl6.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.plimus.com\ plimus_user_data.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\ acudeoSession.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\ com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\ SS_ARE_Override.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.sadistic.pl\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.spiegel.de\ BandwidthCache.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.spiegel.de\ spon_fussball.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.streamiton.tv\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.streamiton.tv\ com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.super8-movie.com\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\ OVPMetricsProvider.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.vuvox.com\ analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.zdf.de\ com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\ megaservicesuser.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\ megavideoads.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\ megavideouser.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\ usersettings.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\x.myspacecdn.com\ SpaceMusic.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\aa.online-metrix.net\fpc.swf\ session.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cheshire.cat.xmlrequest.info\homepage.swf\ 1166483_0_en.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\dl.edge-cdn.net\#sParkFolder\ ID.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\videoplayer.swf\ dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\videoplayer3.swf\ dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xembed5.swf\ dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer.swf\ dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer2.swf\ dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer3.swf\ dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ftp.banners-service.info\scroller.swf\ 1162251_0_en.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\grooveshark.com\facebookWidget.swf\ gsGlobal.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\grooveshark.com\widget.swf\ gsGlobal.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\p1.soundcloud.com\player.swf\ SCPlayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-126-homad.swf\ sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-165-homad.swf\ sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-191-homad.swf\ sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-198-homad.swf\ sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-218-homad.swf\ sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-96.swf\ sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\rapidgator.net\storage.swf\ dp.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\track.webgains.com\wg.swf\ 1425.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video.google.com\googleplayer.swf\ mediaPlayerUserSettings.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.clipfish.de\videoplayer.swf\ ClipfishVideoPlayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\embed-20120228.swf\ tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\embed-20120803.swf\ tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20111219.swf\ tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120118.swf\ tapeTvSound.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120118.swf\ tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120228.swf\ tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.wolfgangthust.net\website.swf\ volumeStatus.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a248.e.akamai.net\swf.soundcloud.com\player.swf\ SCPlayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\babystrology.com\tickers\baby-ticker-glass.swf\ babyCounterState.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\bilder.rtl.de\flash\david09_player.swf\ rtl.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\bilder.rtl.de\flash\david09_player.swf\ userinfo6.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\embedV2-13392.swf\ tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13326.swf\ tapeAdblockerCheckC.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13326.swf\ tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13862.swf\ tapeAdblockerCheckC.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13862.swf\ tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.livestream.com\grid\LSPlayer.swf\ PlayerCookie.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\embed.wistia.com\flash\embed_player_v2.0.swf\ settings.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lads.myspace.com\videos\MSVideoPlayer.swf\ preferences.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lads.myspace.com\videos\vplayer.swf\ preferences.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mojnet.com\player\player_v4.swf\ mojvideoPlayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\standard.webfreetv.com\videos\derstandard.swf\ webfreetv.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\streami.tv\fp\flowplayer.commercial-3.2.15.swf\ org.flowplayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\tv.sport1.de\player\sport1player10228.swf\ akamaiflashplayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\twitter.com\flash\twitter_badge.swf\ OdeoPodcastPlayerColors.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.divshare.com\flash\audio_embed\ divShareAudioPlayer_v3.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.ersties.com\flowplayer\flowplayer.commercial-3.2.5.swf\ org.flowplayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.musicline.de\player_flash_banner\player.swf\ userPrefs.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.trinkgut.de\handzettel\geniesser.swf\ megazine3.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.unsigned.com\swf\base_player_new_mp_narrow.swf\ TestMovie_Config_Info.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.youtubeunblocker.org\plugins\flowplayer-3.2.0.swf\ org.flowplayer.sol
[i] 2012-12-16 21:15:54 :
[i] 2012-12-16 21:15:54 Product: MediaPlex
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****) Cookie:****@apmebf.com/ ()
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****) Cookie:****@mediaplex.com/ ()
[i] 2012-12-16 21:15:54 :
[i] 2012-12-16 21:15:54 Product: DoubleClick
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****) Cookie:****@doubleclick.net/ ()
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Firefox: **** (default)) .doubleclick.net/ (id)
[i] 2012-12-16 21:15:54 :
[i] 2012-12-16 21:15:54 Product: FastClick
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****) Cookie:****@fastclick.net/ ()
[i] 2012-12-16 21:15:54 :
[i] 2012-12-16 21:15:54 Product: Zedo
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****) Cookie:****@zedo.com/ ()
[i] 2012-12-16 21:15:54 :
[i] 2012-12-16 21:15:54 Product: Right Media
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****) Cookie:****@ad.yieldmanager.com/ ()
[i] 2012-12-16 21:15:54 :
[i] 2012-12-16 21:15:54 Product: Statcounter
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Firefox: **** (default)) .statcounter.com/ (is_unique_2)
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Firefox: **** (default)) .statcounter.com/ (is_unique_1)
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Firefox: **** (default)) .statcounter.com/ (is_unique)
[i] 2012-12-16 21:15:54 :
[i] 2012-12-16 21:15:54 Product: WebTrends live
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Firefox: **** (default)) statse.webtrendslive.com/ (ACOOKIE)
[i] 2012-12-16 21:15:54 :
[i] 2012-12-16 21:15:54 Product: Log
[+] 2012-12-16 21:15:54 Moving into quarantine: C:\Windows\ comsetup.log
[+] 2012-12-16 21:15:54 Moving into quarantine: C:\Windows\ Directx.log
[+] 2012-12-16 21:15:54 Moving into quarantine: C:\Windows\ setupact.log
[+] 2012-12-16 21:15:54 Moving into quarantine: C:\Windows\ DtcInstall.log
[+] 2012-12-16 21:15:56 Successfully cleaned: C:\Windows\ comsetup.log
[+] 2012-12-16 21:15:56 Successfully cleaned: C:\Windows\ Directx.log
[+] 2012-12-16 21:15:56 Successfully cleaned: C:\Windows\ setupact.log
[+] 2012-12-16 21:15:56 Successfully cleaned: C:\Windows\ DtcInstall.log
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: Gabest Media Player Classic
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Capture\ FileName
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Recent File List
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Recent Dub List
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: Internet Explorer
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Internet Explorer\TypedURLs
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: MS Management Console
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Microsoft Management Console\Recent File List
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: MS Media Player
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\MediaPlayer\Player\Settings\ Client ID
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: MS Direct3D
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: MS DirectDraw
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ Name
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: MS DirectInput
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\DirectInput\MostRecentApplication\ Name
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\DirectInput\MostRecentApplication\ Id
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: MS Paint
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: MS Wordpad
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: Windows
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ Installation Sources
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ Installation Sources
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: Windows.OpenWith
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.004\OpenWithList
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVS\OpenWithList
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: Windows Explorer
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: Windows Media SDK
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\ ComputerName
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\ UniqueID
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\ VolumeSerialNumber
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: WinRAR
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\ArcHistory
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\General\ LastFolder
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\DialogEditHistory\ExtrPath
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: Cookie
[i] 2012-12-16 21:15:56 Already cleaned: Internet Explorer (Benutzer) (****) Cookies
[i] 2012-12-16 21:15:56 Already cleaned: Firefox (**** (default)) Cookies
[i] 2012-12-16 21:15:56 Already cleaned: Thunderbird (**** (default)) Cookies
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: Cache
[i] 2012-12-16 21:15:56 Already cleaned: Internet Explorer (Benutzer) (****) Cache
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Product: Verlauf
[i] 2012-12-16 21:15:56 Already cleaned: Internet Explorer (Benutzer) (****) History
[i] 2012-12-16 21:15:56 :
[i] 2012-12-16 21:15:56 Summary:
[i] 2012-12-16 21:15:56 Errors while cleaning: 0
[i] 2012-12-16 21:15:56 Files moved into quarantine: 4
[i] 2012-12-16 21:15:56 Files successfully cleaned: 250
[+] 2012-12-16 21:15:57 : Gratulation, alles (aus Datei 121216-204405.xml) wurde gelöscht.
|
|
22.12.2012, 20:13
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig Spybot ist weitgehend wirkungslos, du kannst es ruhigen Gewissens deinstallieren. Poste bitte auch alle Logs von Malwarebytes auch wenn keine Funde dabei waren.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.12.2012, 23:16
| #6 |
| | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig Ich hatte im Juni den Lameshield-Trojaner: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.02 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: **** [Administrator] 26.06.2012 11:47:30 mbam-log-2012-06-26 (11-47-30).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 396530 Laufzeit: 1 Stunde(n), 32 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\****\AppData\Local\cgoyjkry.exe (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.14.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: **** [Administrator] 16.12.2012 21:20:49 mbam-log-2012-12-16 (21-20-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 410824 Laufzeit: 2 Stunde(n), 5 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
22.12.2012, 23:16
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.12.2012, 23:34
| #8 |
| | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötigCode:
ATTFilter 23:26:42.0208 2732 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:26:42.0224 2732 ============================================================
23:26:42.0224 2732 Current date / time: 2012/12/22 23:26:42.0224
23:26:42.0224 2732 SystemInfo:
23:26:42.0224 2732
23:26:42.0224 2732 OS Version: 6.1.7601 ServicePack: 1.0
23:26:42.0224 2732 Product type: Workstation
23:26:42.0224 2732 ComputerName: ****
23:26:42.0224 2732 UserName: ****
23:26:42.0224 2732 Windows directory: C:\Windows
23:26:42.0224 2732 System windows directory: C:\Windows
23:26:42.0224 2732 Running under WOW64
23:26:42.0224 2732 Processor architecture: Intel x64
23:26:42.0224 2732 Number of processors: 2
23:26:42.0224 2732 Page size: 0x1000
23:26:42.0224 2732 Boot type: Normal boot
23:26:42.0224 2732 ============================================================
23:26:43.0628 2732 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:26:43.0628 2732 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:26:44.0111 2732 ============================================================
23:26:44.0111 2732 \Device\Harddisk0\DR0:
23:26:44.0111 2732 MBR partitions:
23:26:44.0111 2732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:26:44.0111 2732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
23:26:44.0111 2732 \Device\Harddisk1\DR1:
23:26:44.0111 2732 MBR partitions:
23:26:44.0111 2732 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
23:26:44.0111 2732 ============================================================
23:26:44.0111 2732 Initialize success
23:26:44.0111 2732 ============================================================
23:27:14.0859 3528 ============================================================
23:27:14.0859 3528 Scan started
23:27:14.0859 3528 Mode: Manual; SigCheck; TDLFS;
23:27:14.0859 3528 ============================================================
23:27:14.0875 3528 ================ Scan system memory ========================
23:27:14.0875 3528 System memory - ok
23:27:14.0875 3528 ================ Scan services =============================
23:27:14.0921 3528 1394ohci - ok
23:27:14.0953 3528 acedrv11 - ok
23:27:14.0968 3528 ACPI - ok
23:27:14.0968 3528 AcpiPmi - ok
23:27:14.0999 3528 AdobeFlashPlayerUpdateSvc - ok
23:27:15.0015 3528 adp94xx - ok
23:27:15.0031 3528 adpahci - ok
23:27:15.0031 3528 adpu320 - ok
23:27:15.0062 3528 AeLookupSvc - ok
23:27:15.0077 3528 AFD - ok
23:27:15.0109 3528 agp440 - ok
23:27:15.0124 3528 ALG - ok
23:27:15.0140 3528 aliide - ok
23:27:15.0155 3528 AMD External Events Utility - ok
23:27:15.0171 3528 amdide - ok
23:27:15.0187 3528 AmdK8 - ok
23:27:15.0202 3528 amdkmdag - ok
23:27:15.0218 3528 amdkmdap - ok
23:27:15.0233 3528 AmdPPM - ok
23:27:15.0249 3528 amdsata - ok
23:27:15.0265 3528 amdsbs - ok
23:27:15.0280 3528 amdxata - ok
23:27:15.0280 3528 AntiVirSchedulerService - ok
23:27:15.0296 3528 AntiVirService - ok
23:27:15.0311 3528 AppID - ok
23:27:15.0327 3528 AppIDSvc - ok
23:27:15.0343 3528 Appinfo - ok
23:27:15.0358 3528 arc - ok
23:27:15.0358 3528 arcsas - ok
23:27:15.0374 3528 AsIO - ok
23:27:15.0389 3528 AsyncMac - ok
23:27:15.0405 3528 atapi - ok
23:27:15.0421 3528 atikmdag - ok
23:27:15.0436 3528 AtiPcie - ok
23:27:15.0452 3528 atksgt - ok
23:27:15.0452 3528 AudioEndpointBuilder - ok
23:27:15.0467 3528 AudioSrv - ok
23:27:15.0483 3528 avgntflt - ok
23:27:15.0499 3528 avipbb - ok
23:27:15.0514 3528 avkmgr - ok
23:27:15.0530 3528 AxInstSV - ok
23:27:15.0545 3528 b06bdrv - ok
23:27:15.0545 3528 b57nd60a - ok
23:27:15.0577 3528 BDESVC - ok
23:27:15.0577 3528 Beep - ok
23:27:15.0592 3528 BFE - ok
23:27:15.0608 3528 BITS - ok
23:27:15.0623 3528 blbdrive - ok
23:27:15.0639 3528 bowser - ok
23:27:15.0639 3528 BrFiltLo - ok
23:27:15.0655 3528 BrFiltUp - ok
23:27:15.0655 3528 Browser - ok
23:27:15.0670 3528 Brserid - ok
23:27:15.0686 3528 BrSerWdm - ok
23:27:15.0701 3528 BrUsbMdm - ok
23:27:15.0717 3528 BrUsbSer - ok
23:27:15.0733 3528 BTHMODEM - ok
23:27:15.0748 3528 bthserv - ok
23:27:15.0748 3528 cdfs - ok
23:27:15.0764 3528 cdrom - ok
23:27:15.0779 3528 CertPropSvc - ok
23:27:15.0795 3528 circlass - ok
23:27:15.0795 3528 CLFS - ok
23:27:15.0811 3528 clr_optimization_v2.0.50727_32 - ok
23:27:15.0826 3528 clr_optimization_v2.0.50727_64 - ok
23:27:15.0842 3528 clr_optimization_v4.0.30319_32 - ok
23:27:15.0857 3528 clr_optimization_v4.0.30319_64 - ok
23:27:15.0857 3528 CmBatt - ok
23:27:15.0873 3528 cmdide - ok
23:27:15.0889 3528 CNG - ok
23:27:15.0904 3528 Compbatt - ok
23:27:15.0904 3528 CompositeBus - ok
23:27:15.0920 3528 COMSysApp - ok
23:27:15.0935 3528 crcdisk - ok
23:27:15.0951 3528 CryptSvc - ok
23:27:15.0967 3528 DcomLaunch - ok
23:27:15.0982 3528 defragsvc - ok
23:27:15.0998 3528 DfsC - ok
23:27:15.0998 3528 Dhcp - ok
23:27:16.0013 3528 discache - ok
23:27:16.0029 3528 Disk - ok
23:27:16.0045 3528 Dnscache - ok
23:27:16.0045 3528 dot3svc - ok
23:27:16.0060 3528 DPS - ok
23:27:16.0076 3528 drmkaud - ok
23:27:16.0076 3528 DXGKrnl - ok
23:27:16.0091 3528 EapHost - ok
23:27:16.0107 3528 ebdrv - ok
23:27:16.0123 3528 EFS - ok
23:27:16.0123 3528 ehRecvr - ok
23:27:16.0138 3528 ehSched - ok
23:27:16.0154 3528 elxstor - ok
23:27:16.0169 3528 ErrDev - ok
23:27:16.0185 3528 EventSystem - ok
23:27:16.0201 3528 exfat - ok
23:27:16.0201 3528 fastfat - ok
23:27:16.0216 3528 Fax - ok
23:27:16.0232 3528 fdc - ok
23:27:16.0247 3528 fdPHost - ok
23:27:16.0263 3528 FDResPub - ok
23:27:16.0279 3528 FileInfo - ok
23:27:16.0294 3528 Filetrace - ok
23:27:16.0310 3528 flpydisk - ok
23:27:16.0325 3528 FltMgr - ok
23:27:16.0341 3528 FontCache - ok
23:27:16.0357 3528 FontCache3.0.0.0 - ok
23:27:16.0372 3528 FsDepends - ok
23:27:16.0388 3528 Fs_Rec - ok
23:27:16.0403 3528 fvevol - ok
23:27:16.0419 3528 gagp30kx - ok
23:27:16.0435 3528 gpsvc - ok
23:27:16.0466 3528 gupdate - ok
23:27:16.0466 3528 gupdatem - ok
23:27:16.0481 3528 hcw85cir - ok
23:27:16.0497 3528 HdAudAddService - ok
23:27:16.0513 3528 HDAudBus - ok
23:27:16.0513 3528 HidBatt - ok
23:27:16.0528 3528 HidBth - ok
23:27:16.0544 3528 HidIr - ok
23:27:16.0544 3528 hidserv - ok
23:27:16.0559 3528 HidUsb - ok
23:27:16.0575 3528 hkmsvc - ok
23:27:16.0591 3528 HomeGroupListener - ok
23:27:16.0591 3528 HomeGroupProvider - ok
23:27:16.0606 3528 HpSAMD - ok
23:27:16.0622 3528 HTTP - ok
23:27:16.0637 3528 hwpolicy - ok
23:27:16.0637 3528 i8042prt - ok
23:27:16.0653 3528 iaStorV - ok
23:27:16.0669 3528 idsvc - ok
23:27:16.0684 3528 iirsp - ok
23:27:16.0684 3528 IKEEXT - ok
23:27:16.0715 3528 intelide - ok
23:27:16.0715 3528 intelppm - ok
23:27:16.0731 3528 IPBusEnum - ok
23:27:16.0747 3528 IpFilterDriver - ok
23:27:16.0747 3528 iphlpsvc - ok
23:27:16.0762 3528 IPMIDRV - ok
23:27:16.0778 3528 IPNAT - ok
23:27:16.0793 3528 IRENUM - ok
23:27:16.0793 3528 isapnp - ok
23:27:16.0809 3528 iScsiPrt - ok
23:27:16.0825 3528 kbdclass - ok
23:27:16.0840 3528 kbdhid - ok
23:27:16.0840 3528 KeyIso - ok
23:27:16.0856 3528 KSecDD - ok
23:27:16.0871 3528 KSecPkg - ok
23:27:16.0871 3528 ksthunk - ok
23:27:16.0887 3528 KtmRm - ok
23:27:16.0903 3528 LanmanServer - ok
23:27:16.0934 3528 LanmanWorkstation - ok
23:27:16.0949 3528 lirsgt - ok
23:27:16.0965 3528 lltdio - ok
23:27:16.0981 3528 lltdsvc - ok
23:27:16.0996 3528 lmhosts - ok
23:27:17.0012 3528 LSI_FC - ok
23:27:17.0027 3528 LSI_SAS - ok
23:27:17.0027 3528 LSI_SAS2 - ok
23:27:17.0043 3528 LSI_SCSI - ok
23:27:17.0059 3528 luafv - ok
23:27:17.0074 3528 McComponentHostService - ok
23:27:17.0090 3528 Mcx2Svc - ok
23:27:17.0105 3528 megasas - ok
23:27:17.0105 3528 MegaSR - ok
23:27:17.0121 3528 MMCSS - ok
23:27:17.0137 3528 Modem - ok
23:27:17.0152 3528 monitor - ok
23:27:17.0152 3528 mouclass - ok
23:27:17.0168 3528 mouhid - ok
23:27:17.0183 3528 mountmgr - ok
23:27:17.0199 3528 MozillaMaintenance - ok
23:27:17.0215 3528 mpio - ok
23:27:17.0215 3528 mpsdrv - ok
23:27:17.0230 3528 MpsSvc - ok
23:27:17.0246 3528 MRxDAV - ok
23:27:17.0246 3528 mrxsmb - ok
23:27:17.0261 3528 mrxsmb10 - ok
23:27:17.0277 3528 mrxsmb20 - ok
23:27:17.0293 3528 msahci - ok
23:27:17.0293 3528 msdsm - ok
23:27:17.0308 3528 MSDTC - ok
23:27:17.0339 3528 Msfs - ok
23:27:17.0339 3528 mshidkmdf - ok
23:27:17.0355 3528 msisadrv - ok
23:27:17.0371 3528 MSiSCSI - ok
23:27:17.0386 3528 msiserver - ok
23:27:17.0402 3528 MSKSSRV - ok
23:27:17.0402 3528 MSPCLOCK - ok
23:27:17.0417 3528 MSPQM - ok
23:27:17.0433 3528 MsRPC - ok
23:27:17.0449 3528 mssmbios - ok
23:27:17.0464 3528 MSTEE - ok
23:27:17.0480 3528 MTConfig - ok
23:27:17.0495 3528 MTsensor - ok
23:27:17.0511 3528 Mup - ok
23:27:17.0527 3528 napagent - ok
23:27:17.0542 3528 NativeWifiP - ok
23:27:17.0558 3528 NDIS - ok
23:27:17.0589 3528 NdisCap - ok
23:27:17.0589 3528 NdisTapi - ok
23:27:17.0620 3528 Ndisuio - ok
23:27:17.0620 3528 NdisWan - ok
23:27:17.0636 3528 NDProxy - ok
23:27:17.0651 3528 NetBIOS - ok
23:27:17.0667 3528 NetBT - ok
23:27:17.0667 3528 Netlogon - ok
23:27:17.0683 3528 Netman - ok
23:27:17.0698 3528 netprofm - ok
23:27:17.0714 3528 NetTcpPortSharing - ok
23:27:17.0729 3528 nfrd960 - ok
23:27:17.0729 3528 NitroDriverReadSpool - ok
23:27:17.0745 3528 NlaSvc - ok
23:27:17.0792 3528 NMSAccess - ok
23:27:17.0823 3528 NPF - ok
23:27:17.0839 3528 Npfs - ok
23:27:17.0839 3528 nsi - ok
23:27:17.0854 3528 nsiproxy - ok
23:27:17.0870 3528 Ntfs - ok
23:27:17.0885 3528 Null - ok
23:27:17.0885 3528 nvraid - ok
23:27:17.0901 3528 nvstor - ok
23:27:17.0917 3528 nv_agp - ok
23:27:17.0932 3528 ohci1394 - ok
23:27:17.0932 3528 p2pimsvc - ok
23:27:17.0948 3528 p2psvc - ok
23:27:17.0963 3528 Parport - ok
23:27:17.0979 3528 partmgr - ok
23:27:17.0979 3528 PcaSvc - ok
23:27:17.0995 3528 pci - ok
23:27:18.0010 3528 pciide - ok
23:27:18.0010 3528 pcmcia - ok
23:27:18.0026 3528 pcw - ok
23:27:18.0041 3528 PEAUTH - ok
23:27:18.0057 3528 PerfHost - ok
23:27:18.0088 3528 pla - ok
23:27:18.0088 3528 PlugPlay - ok
23:27:18.0104 3528 PNRPAutoReg - ok
23:27:18.0104 3528 PNRPsvc - ok
23:27:18.0119 3528 PolicyAgent - ok
23:27:18.0119 3528 Power - ok
23:27:18.0135 3528 PptpMiniport - ok
23:27:18.0135 3528 Processor - ok
23:27:18.0151 3528 ProfSvc - ok
23:27:18.0151 3528 ProtectedStorage - ok
23:27:18.0166 3528 Psched - ok
23:27:18.0166 3528 ql2300 - ok
23:27:18.0166 3528 ql40xx - ok
23:27:18.0182 3528 QWAVE - ok
23:27:18.0182 3528 QWAVEdrv - ok
23:27:18.0197 3528 RasAcd - ok
23:27:18.0197 3528 RasAgileVpn - ok
23:27:18.0213 3528 RasAuto - ok
23:27:18.0213 3528 Rasl2tp - ok
23:27:18.0213 3528 RasMan - ok
23:27:18.0229 3528 RasPppoe - ok
23:27:18.0244 3528 RasSstp - ok
23:27:18.0244 3528 rdbss - ok
23:27:18.0260 3528 rdpbus - ok
23:27:18.0260 3528 RDPCDD - ok
23:27:18.0275 3528 RDPENCDD - ok
23:27:18.0275 3528 RDPREFMP - ok
23:27:18.0291 3528 RDPWD - ok
23:27:18.0291 3528 rdyboost - ok
23:27:18.0307 3528 RemoteAccess - ok
23:27:18.0307 3528 RemoteRegistry - ok
23:27:18.0322 3528 rpcapd - ok
23:27:18.0322 3528 RpcEptMapper - ok
23:27:18.0322 3528 RpcLocator - ok
23:27:18.0338 3528 RpcSs - ok
23:27:18.0338 3528 rspndr - ok
23:27:18.0353 3528 RTHDMIAzAudService - ok
23:27:18.0369 3528 RTL8167 - ok
23:27:18.0369 3528 SamSs - ok
23:27:18.0369 3528 sbp2port - ok
23:27:18.0385 3528 SCardSvr - ok
23:27:18.0385 3528 scfilter - ok
23:27:18.0400 3528 Schedule - ok
23:27:18.0400 3528 SCPolicySvc - ok
23:27:18.0400 3528 SDRSVC - ok
23:27:18.0416 3528 SDScannerService - ok
23:27:18.0431 3528 SDUpdateService - ok
23:27:18.0431 3528 SDWSCService - ok
23:27:18.0447 3528 secdrv - ok
23:27:18.0463 3528 seclogon - ok
23:27:18.0463 3528 SENS - ok
23:27:18.0463 3528 SensrSvc - ok
23:27:18.0478 3528 Serenum - ok
23:27:18.0478 3528 Serial - ok
23:27:18.0494 3528 sermouse - ok
23:27:18.0509 3528 SessionEnv - ok
23:27:18.0509 3528 sffdisk - ok
23:27:18.0525 3528 sffp_mmc - ok
23:27:18.0525 3528 sffp_sd - ok
23:27:18.0541 3528 sfloppy - ok
23:27:18.0541 3528 SharedAccess - ok
23:27:18.0541 3528 ShellHWDetection - ok
23:27:18.0556 3528 SiSRaid2 - ok
23:27:18.0556 3528 SiSRaid4 - ok
23:27:18.0572 3528 Smb - ok
23:27:18.0587 3528 SNMPTRAP - ok
23:27:18.0587 3528 spldr - ok
23:27:18.0587 3528 Spooler - ok
23:27:18.0603 3528 sppsvc - ok
23:27:18.0603 3528 sppuinotify - ok
23:27:18.0619 3528 sptd - ok
23:27:18.0634 3528 srv - ok
23:27:18.0634 3528 srv2 - ok
23:27:18.0665 3528 srvnet - ok
23:27:18.0665 3528 SSDPSRV - ok
23:27:18.0681 3528 SstpSvc - ok
23:27:18.0697 3528 StarOpen - ok
23:27:18.0712 3528 Steam Client Service - ok
23:27:18.0712 3528 stexstor - ok
23:27:18.0743 3528 stisvc - ok
23:27:18.0743 3528 swenum - ok
23:27:18.0759 3528 swprv - ok
23:27:18.0775 3528 SysMain - ok
23:27:18.0775 3528 TabletInputService - ok
23:27:18.0790 3528 TapiSrv - ok
23:27:18.0790 3528 TBS - ok
23:27:18.0806 3528 Tcpip - ok
23:27:18.0806 3528 TCPIP6 - ok
23:27:18.0821 3528 tcpipreg - ok
23:27:18.0837 3528 TDPIPE - ok
23:27:18.0837 3528 TDTCP - ok
23:27:18.0837 3528 tdx - ok
23:27:18.0853 3528 TermDD - ok
23:27:18.0853 3528 TermService - ok
23:27:18.0868 3528 Themes - ok
23:27:18.0868 3528 THREADORDER - ok
23:27:18.0884 3528 TrkWks - ok
23:27:18.0884 3528 truecrypt - ok
23:27:18.0884 3528 TrustedInstaller - ok
23:27:18.0899 3528 tssecsrv - ok
23:27:18.0899 3528 TsUsbFlt - ok
23:27:18.0915 3528 tunnel - ok
23:27:18.0915 3528 uagp35 - ok
23:27:18.0931 3528 udfs - ok
23:27:18.0946 3528 UI0Detect - ok
23:27:18.0946 3528 uliagpkx - ok
23:27:18.0962 3528 umbus - ok
23:27:18.0962 3528 UmPass - ok
23:27:18.0962 3528 upnphost - ok
23:27:18.0977 3528 usbbus - ok
23:27:18.0977 3528 usbccgp - ok
23:27:18.0993 3528 usbcir - ok
23:27:18.0993 3528 UsbDiag - ok
23:27:19.0009 3528 usbehci - ok
23:27:19.0009 3528 usbhub - ok
23:27:19.0009 3528 USBModem - ok
23:27:19.0024 3528 usbohci - ok
23:27:19.0024 3528 usbprint - ok
23:27:19.0040 3528 usbscan - ok
23:27:19.0040 3528 USBSTOR - ok
23:27:19.0055 3528 usbuhci - ok
23:27:19.0055 3528 UxSms - ok
23:27:19.0055 3528 VaultSvc - ok
23:27:19.0071 3528 vdrvroot - ok
23:27:19.0071 3528 vds - ok
23:27:19.0087 3528 vga - ok
23:27:19.0087 3528 VgaSave - ok
23:27:19.0102 3528 vhdmp - ok
23:27:19.0102 3528 VIAHdAudAddService - ok
23:27:19.0118 3528 viaide - ok
23:27:19.0118 3528 volmgr - ok
23:27:19.0133 3528 volmgrx - ok
23:27:19.0133 3528 volsnap - ok
23:27:19.0149 3528 vsmraid - ok
23:27:19.0149 3528 VSS - ok
23:27:19.0165 3528 vwifibus - ok
23:27:19.0165 3528 W32Time - ok
23:27:19.0180 3528 WacomPen - ok
23:27:19.0180 3528 WANARP - ok
23:27:19.0196 3528 Wanarpv6 - ok
23:27:19.0196 3528 wbengine - ok
23:27:19.0211 3528 WbioSrvc - ok
23:27:19.0211 3528 wcncsvc - ok
23:27:19.0211 3528 WcsPlugInService - ok
23:27:19.0227 3528 Wd - ok
23:27:19.0227 3528 Wdf01000 - ok
23:27:19.0243 3528 WdiServiceHost - ok
23:27:19.0243 3528 WdiSystemHost - ok
23:27:19.0258 3528 WebClient - ok
23:27:19.0258 3528 Wecsvc - ok
23:27:19.0258 3528 wercplsupport - ok
23:27:19.0274 3528 WerSvc - ok
23:27:19.0274 3528 WfpLwf - ok
23:27:19.0289 3528 WIMMount - ok
23:27:19.0289 3528 WinDefend - ok
23:27:19.0305 3528 WinHttpAutoProxySvc - ok
23:27:19.0305 3528 Winmgmt - ok
23:27:19.0305 3528 WinRM - ok
23:27:19.0321 3528 WinUsb - ok
23:27:19.0336 3528 Wlansvc - ok
23:27:19.0336 3528 WmiAcpi - ok
23:27:19.0352 3528 wmiApSrv - ok
23:27:19.0352 3528 WMPNetworkSvc - ok
23:27:19.0367 3528 WPCSvc - ok
23:27:19.0367 3528 WPDBusEnum - ok
23:27:19.0383 3528 ws2ifsl - ok
23:27:19.0383 3528 wscsvc - ok
23:27:19.0399 3528 WSearch - ok
23:27:19.0399 3528 wuauserv - ok
23:27:19.0414 3528 WudfPf - ok
23:27:19.0414 3528 WUDFRd - ok
23:27:19.0430 3528 wudfsvc - ok
23:27:19.0430 3528 WwanSvc - ok
23:27:19.0445 3528 ================ Scan global ===============================
23:27:19.0445 3528 [Global] - ok
23:27:19.0445 3528 ================ Scan MBR ==================================
23:27:19.0461 3528 [ AE6210EDE7872E45B1CC30B020CD29C8 ] \Device\Harddisk0\DR0
23:27:19.0976 3528 \Device\Harddisk0\DR0 - ok
23:27:19.0976 3528 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:27:20.0662 3528 \Device\Harddisk1\DR1 - ok
23:27:20.0662 3528 ================ Scan VBR ==================================
23:27:20.0662 3528 [ 785EBB3086ECC37B0E673B300D3B1E1F ] \Device\Harddisk0\DR0\Partition1
23:27:20.0662 3528 \Device\Harddisk0\DR0\Partition1 - ok
23:27:20.0693 3528 [ 777AD3DF0660F90FEE3CF3262385147F ] \Device\Harddisk0\DR0\Partition2
23:27:20.0693 3528 \Device\Harddisk0\DR0\Partition2 - ok
23:27:20.0693 3528 [ E7CFD6DE19245D8B184E7F82DABF3EE8 ] \Device\Harddisk1\DR1\Partition1
23:27:20.0709 3528 \Device\Harddisk1\DR1\Partition1 - ok
23:27:20.0709 3528 ============================================================
23:27:20.0709 3528 Scan finished
23:27:20.0709 3528 ============================================================
23:27:20.0725 4056 Detected object count: 0
23:27:20.0725 4056 Actual detected object count: 0
|
|
23.12.2012, 00:15
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig Ok, bitte nun ein Log mit CF machen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 13:09
| #10 |
| | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig Ich hatte Spybot beendet und Antivir deaktiviert, trotzdem kam eine Meldung, dass Spybot aktiv sei. Ich habe es dann deinstalliert und den PC und dann ComboFix neugestartet. Von Antivir habe ich nur den Echtzeit-Scanner deaktiviert, es kam aber trotzdem die Meldung, dass jemand an der Registry irgendwas macht. ComboFix lief dann durch, hier das Log: Code:
ATTFilter ComboFix 12-12-22.02 - **** 23.12.2012 12:54:00.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3839.2715 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-23 bis 2012-12-23 ))))))))))))))))))))))))))))))
.
.
2012-12-23 12:02 . 2012-12-23 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-23 11:59 . 2012-12-23 11:59 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A82E834C-4980-4CD6-91E7-D282EDB05699}\offreg.dll
2012-12-21 18:09 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 18:09 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 18:09 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 18:09 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 16:23 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A82E834C-4980-4CD6-91E7-D282EDB05699}\mpengine.dll
2012-12-20 12:11 . 2012-12-20 12:12 -------- d-----w- c:\windows\rescache
2012-12-18 16:18 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-12-18 16:18 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-12-18 16:18 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-12-18 16:18 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-12-18 16:18 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-12-18 16:18 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-12-17 11:05 . 2012-11-28 14:58 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-17 10:38 . 2012-12-17 10:38 -------- d-----w- c:\windows\system32\SPReview
2012-12-17 10:29 . 2012-12-17 10:29 -------- d-----w- c:\windows\system32\EventProviders
2012-12-16 21:02 . 2012-12-16 21:02 89088 ----a-w- c:\windows\system32\mbr.exe
2012-12-16 19:43 . 2012-12-16 20:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-16 19:42 . 2012-12-23 11:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-12-16 19:42 . 2012-12-16 19:42 -------- d-----w- c:\users\****\AppData\Local\Programs
2012-12-16 19:28 . 2012-12-16 19:28 -------- d-----w- c:\program files\CCleaner
2012-12-16 18:51 . 2012-12-16 18:51 388096 ----a-r- c:\users\****\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-16 18:51 . 2012-12-16 18:51 -------- d-----w- c:\program files (x86)\Trend Micro
2012-12-16 18:39 . 2012-12-16 18:39 -------- d-----w- c:\users\****\AppData\Roaming\Wireshark
2012-12-16 18:32 . 2012-12-16 18:32 -------- d-----w- c:\program files (x86)\WinPcap
2012-12-16 18:31 . 2012-12-16 18:32 -------- d-----w- c:\program files\Wireshark
2012-12-12 18:06 . 2012-11-14 06:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-12-12 13:31 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-04 16:35 . 2012-12-04 16:35 -------- d-----w- c:\users\****\AppData\Roaming\Apple Computer
2012-12-03 13:17 . 2012-12-03 13:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-03 13:17 . 2012-12-03 13:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-03 13:17 . 2012-12-03 13:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-03 13:17 . 2012-12-03 13:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-03 13:17 . 2012-12-03 13:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-03 13:17 . 2012-12-03 13:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-03 13:17 . 2012-12-03 13:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-03 13:17 . 2012-12-03 13:17 -------- d-----w- c:\program files (x86)\QuickTime
2012-12-03 13:17 . 2012-12-03 13:17 -------- d-----w- c:\programdata\Apple Computer
2012-12-03 13:16 . 2012-12-03 13:16 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-12-03 13:15 . 2012-12-03 13:15 -------- d-----w- c:\users\****\AppData\Local\Apple
2012-12-03 13:15 . 2012-12-03 13:15 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-12-03 13:15 . 2012-12-03 13:15 -------- d-----w- c:\programdata\Apple
2012-11-24 12:47 . 2012-11-24 13:38 -------- d-----w- c:\users\****\AppData\Roaming\To the Moon - Freebird Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-17 11:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-12-17 11:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-12-11 19:18 . 2012-04-01 09:55 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 19:18 . 2011-05-19 11:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 16:44 . 2012-10-17 14:54 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 16:44 . 2012-10-17 14:54 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 21:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 21:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 21:03 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-12 13:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-29 18:54 . 2012-06-26 09:37 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 08:28 . 2012-06-03 10:25 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-27 08:28 . 2011-04-19 11:50 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-25 22:47 . 2012-11-16 11:07 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-16 11:07 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 21:16 . 2012-10-22 16:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-04-29 10:12 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files (x86)\TrueCrypt\TrueCrypt.exe" [2010-03-16 1415632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-05 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-02-02 324928]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-04 1342064]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:18]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 10:15]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 10:15]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\06h5jpt2.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=EAC&o=102388&locale=de_DE&apn_uid=933E722D-05F3-45CE-8945-9F030576B5B7&apn_ptnrs=QE&apn_sauid=4707CA0A-B9FD-4DBF-BDDC-8C3780262386&apn_dtid=&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
AddRemove-JDownloader - c:\program files (x86)\JDownloader\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-23 13:06:11
ComboFix-quarantined-files.txt 2012-12-23 12:06
.
Vor Suchlauf: 6.470.348.800 Bytes frei
Nach Suchlauf: 9.789.095.936 Bytes frei
.
- - End Of File - - EA11185ABCFD7869AA2E805963FC9AAF
|
|
23.12.2012, 19:03
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.12.2012, 14:10
| #12 |
| | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötigCode:
ATTFilter # AdwCleaner v2.103 - Datei am 26/12/2012 um 14:08:31 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\06h5jpt2.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Users\****\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\06h5jpt2.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.abar-war-timeout", "4000");
Gefunden : user_pref("extensions.asktb.cbid", "QE");
Gefunden : user_pref("extensions.asktb.config-updated", false);
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gefunden : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-[...]
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "933E722D-05F3-45CE-8945-9F030576B5B7");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "su");
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1305372782732");
Gefunden : user_pref("extensions.asktb.locale", "de_DE");
Gefunden : user_pref("extensions.asktb.o", "102388");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "2");
Gefunden : user_pref("extensions.asktb.sa", "YES");
Gefunden : user_pref("extensions.asktb.saguid", "4707CA0A-B9FD-4DBF-BDDC-8C3780262386");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Gefunden : user_pref("extensions.asktb.socialmini-first", true);
Gefunden : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gefunden : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gefunden : user_pref("extensions.asktb.socialmini-max-items", "30");
Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Gefunden : user_pref("extensions.asktb.socialmini-speed", "5000");
Gefunden : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.version", "5.12.1.16460");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=EAC&o=102388&locale=[...]
Gefunden : user_pref("vshare.install.fresh", "true");
*************************
AdwCleaner[R1].txt - [6928 octets] - [26/12/2012 14:08:31]
########## EOF - C:\AdwCleaner[R1].txt - [6988 octets] ##########
|
|
26.12.2012, 21:55
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.12.2012, 17:40
| #14 |
| | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötigCode:
ATTFilter # AdwCleaner v2.103 - Datei am 27/12/2012 um 17:36:32 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\06h5jpt2.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\06h5jpt2.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.abar-war-timeout", "4000");
Gelöscht : user_pref("extensions.asktb.cbid", "QE");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-[...]
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "933E722D-05F3-45CE-8945-9F030576B5B7");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "su");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1305372782732");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.o", "102388");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "2");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "4707CA0A-B9FD-4DBF-BDDC-8C3780262386");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.version", "5.12.1.16460");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=EAC&o=102388&locale=[...]
Gelöscht : user_pref("vshare.install.fresh", "true");
*************************
AdwCleaner[R1].txt - [7045 octets] - [26/12/2012 14:08:31]
AdwCleaner[S1].txt - [6829 octets] - [27/12/2012 17:36:32]
########## EOF - C:\AdwCleaner[S1].txt - [6889 octets] ##########
Code:
ATTFilter OTL logfile created on: 27.12.2012 17:41:49 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 66,04% Memory free 7,50 Gb Paging File | 6,14 Gb Available in Paging File | 81,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 10,28 Gb Free Space | 2,21% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe () MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll () MOD - C:\Windows\SysWOW64\AsIO.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (NitroDriverReadSpool) -- C:\Programme\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 41 77 20 DA DB CD 01 [binary data] IE - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.6 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.67 FF - prefs.js..network.proxy.http: "41.89.211.5" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.socks: "85.131.163.219" FF - prefs.js..network.proxy.socks_port: 3128 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\****\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 19:21:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 19:21:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.03 14:17:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 19:21:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 19:21:43 | 000,000,000 | ---D | M] [2011.06.28 16:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2011.06.28 16:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.16 13:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\06h5jpt2.default\extensions [2012.12.16 13:03:57 | 000,689,618 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\06h5jpt2.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2012.11.24 11:22:24 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\06h5jpt2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.07 19:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.07 19:21:47 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.29 12:41:02 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2012.02.14 10:33:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 20:50:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.14 10:33:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.14 10:33:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.14 10:33:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.14 10:33:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.23 13:02:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKU\S-1-5-21-254520150-3028305635-2782417164-1000..\Run: [TrueCrypt] C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3209BDA-3FD1-4A19-9A87-D77FDBC87E0B}: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.23 13:15:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.23 13:06:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.23 12:51:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.23 12:51:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.23 12:51:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.23 12:44:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.23 12:44:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.23 12:40:53 | 005,012,898 | R--- | C] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe [2012.12.22 23:25:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe [2012.12.21 19:09:39 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 19:09:39 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.21 19:09:39 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 19:09:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.20 13:11:39 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2012.12.18 17:18:09 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.12.18 17:18:09 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.12.18 17:18:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.12.18 17:18:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.12.18 17:17:51 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.12.18 17:17:50 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.12.18 17:17:50 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.12.18 17:17:50 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.12.18 17:17:50 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.12.18 17:17:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.12.18 17:17:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.12.18 17:17:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.12.18 17:17:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.12.17 22:17:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe [2012.12.17 11:38:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.12.17 11:29:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.12.16 21:58:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.12.16 21:54:23 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.12.16 20:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.12.16 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2012.12.16 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Programs [2012.12.16 20:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.16 20:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.16 20:28:30 | 004,077,368 | ---- | C] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup325.exe [2012.12.16 19:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012.12.16 19:51:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.12.16 19:39:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Wireshark [2012.12.16 19:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2012.12.16 19:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2012.12.16 19:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark [2012.12.16 19:29:03 | 026,641,872 | ---- | C] (Wireshark development team) -- C:\Users\****\Desktop\Wireshark-win64-1.8.4.exe [2012.12.14 12:47:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\musik [2012.12.12 19:07:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 19:07:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 19:07:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 19:07:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 19:07:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.12 19:07:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.12 19:07:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 19:07:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 19:07:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.12 19:07:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.12 19:07:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.12 19:07:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 19:06:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.12 19:06:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.12 19:06:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 14:30:50 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 14:30:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 14:30:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 14:30:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 14:30:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 14:30:48 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 14:30:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 14:30:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 14:30:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 14:30:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 14:30:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 14:30:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 14:30:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 14:30:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 14:30:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 14:30:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 14:30:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 14:30:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 14:30:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 14:30:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 14:30:15 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 14:30:15 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.12 14:30:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll [2012.12.12 14:30:15 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll [2012.12.07 19:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.04 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Apple Computer [2012.12.03 14:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.03 14:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.12.03 14:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.12.03 14:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.12.03 14:15:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple [2012.12.03 14:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.12.03 14:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.11.07 11:22:48 | 005,082,084 | ---- | C] (The Public) -- C:\Users\****\AppData\Roaming\Avisynth.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.27 17:45:27 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 17:45:27 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 17:42:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.27 17:42:55 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.27 17:42:55 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.27 17:42:55 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.27 17:42:55 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.27 17:38:11 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.27 17:38:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.27 17:37:57 | 3019,227,136 | -HS- | M] () -- C:\hiberfil.sys [2012.12.26 16:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.26 15:56:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.26 14:07:31 | 000,550,017 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe [2012.12.23 13:02:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.12.23 12:41:21 | 005,012,898 | R--- | M] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe [2012.12.22 23:23:02 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe [2012.12.22 17:07:09 | 000,000,085 | -H-- | M] () -- C:\Users\****\Desktop\.~lock.top10_2011.odt# [2012.12.22 12:34:37 | 000,303,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.17 22:39:13 | 000,000,512 | ---- | M] () -- C:\Users\****\Desktop\MBR.dat [2012.12.17 22:37:30 | 000,013,767 | ---- | M] () -- C:\Users\****\Desktop\Unbenannt 1.odt [2012.12.17 22:18:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe [2012.12.17 22:12:22 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\0srsw8jz.exe [2012.12.17 12:01:05 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2012.12.17 12:01:04 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2012.12.16 22:02:17 | 000,089,088 | ---- | M] () -- C:\Windows\SysNative\mbr.exe [2012.12.16 21:58:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.12.16 20:28:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.16 20:28:38 | 004,077,368 | ---- | M] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup325.exe [2012.12.16 19:51:16 | 000,002,971 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis.lnk [2012.12.16 19:50:20 | 001,402,880 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis.msi [2012.12.16 19:30:27 | 026,641,872 | ---- | M] (Wireshark development team) -- C:\Users\****\Desktop\Wireshark-win64-1.8.4.exe [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.14 14:13:19 | 000,024,321 | ---- | M] () -- C:\Users\****\Desktop\top10_2011.odt [2012.12.14 12:11:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.13 21:58:43 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.11 20:18:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.11 20:18:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.11 17:44:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 17:44:02 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.09 19:03:39 | 000,024,610 | ---- | M] () -- C:\Users\****\Desktop\OpenDocument Text (neu).odt [2012.12.07 19:24:56 | 000,006,437 | ---- | M] () -- C:\Users\****\Desktop\parada.(4618777).nfo [2012.11.30 11:03:25 | 057,611,821 | ---- | M] () -- C:\Users\****\Desktop\20121124-1700.mp3 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.26 14:07:25 | 000,550,017 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe [2012.12.23 12:51:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.23 12:51:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.23 12:51:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.23 12:51:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.23 12:51:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.22 17:07:09 | 000,000,085 | -H-- | C] () -- C:\Users\****\Desktop\.~lock.top10_2011.odt# [2012.12.17 22:37:27 | 000,013,767 | ---- | C] () -- C:\Users\****\Desktop\Unbenannt 1.odt [2012.12.17 22:25:43 | 000,000,512 | ---- | C] () -- C:\Users\****\Desktop\MBR.dat [2012.12.17 22:12:18 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\0srsw8jz.exe [2012.12.16 22:02:12 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\mbr.exe [2012.12.16 20:28:58 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.16 19:51:16 | 000,002,971 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis.lnk [2012.12.16 19:50:17 | 001,402,880 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis.msi [2012.12.16 19:32:03 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2012.12.14 12:11:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.07 19:25:16 | 000,006,437 | ---- | C] () -- C:\Users\****\Desktop\parada.(4618777).nfo [2012.12.03 14:15:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.30 10:44:02 | 057,611,821 | ---- | C] () -- C:\Users\****\Desktop\20121124-1700.mp3 [2011.11.07 11:24:03 | 000,034,936 | ---- | C] () -- C:\Windows\SysWow64\uninstHelixYUV.exe [2011.11.07 11:23:08 | 005,243,208 | ---- | C] ( ) -- C:\Users\****\AppData\Roaming\AvsP.exe [2011.08.11 16:32:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.08.11 16:32:43 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.05.14 12:34:07 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2011.05.14 12:34:07 | 000,002,315 | ---- | C] () -- C:\Windows\unins000.dat [2010.06.23 18:09:40 | 000,002,049 | ---- | C] () -- C:\Users\****\.recently-used.xbel ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:F84B8DB5 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:48C30809 < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.12.2012 17:41:49 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 66,04% Memory free
7,50 Gb Paging File | 6,14 Gb Available in Paging File | 81,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 10,28 Gb Free Space | 2,21% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D174A9-45F3-4F1B-98C1-CE58A75ADF27}" = lport=138 | protocol=17 | dir=in | app=system |
"{13FAF8DF-7328-4FBE-B24B-B593A2405565}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A998814-FAF8-451A-A5E8-86F5BBB6D3CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{43B67B3C-1761-410F-B8E0-CF02412ADED8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4AFD0AA2-4591-47B4-8B7D-7E41945EEE44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52DBF848-14C7-4757-A0B5-3130425FDB79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5736E88E-735F-4C71-9791-62F26BBCC6A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61E05BA0-26F4-40A7-992A-6213BCB3F22C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{658E0885-7D16-406A-817A-F1CAD57FBEE3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{679588F9-E5C3-430B-BEB8-552312692F11}" = lport=445 | protocol=6 | dir=in | app=system |
"{768F2B24-3ED2-48D9-8ECE-57E31A3C4AA1}" = lport=139 | protocol=6 | dir=in | app=system |
"{77037A09-523C-4776-9FED-C088DBC80905}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{81A6347E-94C3-4959-AAEF-319292F62DFF}" = lport=137 | protocol=17 | dir=in | app=system |
"{84932C06-E7DB-4A24-A0F9-F43F4D8A007B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{971D7DAE-692C-4195-99D5-1235CF26EF01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9EBF316-594B-4512-B537-B82BF643F8ED}" = rport=445 | protocol=6 | dir=out | app=system |
"{BAF0FA88-3DB9-4144-BFE1-02A40EE6D226}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6CCC6F0-A55E-4C0F-9CE7-C70F08F42D83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D84A194B-5DD0-4065-8AD3-200F4B5218F3}" = rport=139 | protocol=6 | dir=out | app=system |
"{DDC66057-EC76-45F9-BFC5-F5A5E647DE30}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F16AC8FD-909E-45E8-8B87-FF2030E10B8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE4FC9D9-4808-48BB-B82E-585775262B41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF25F251-783F-450A-BE59-F0408A006EE4}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ED51FC6-CEC8-459B-92CA-21786F8285C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\to the moon\to the moon\to the moon.exe |
"{284D0917-D637-42A2-A17F-9606C5C8FCD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FA052D8-86B8-4FBD-8475-DAB5325614A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{32D63F61-809F-4433-B416-F22A97203531}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41D41308-C53B-4A6D-908A-B1677459ECC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48E3227C-5B4D-444F-8893-51547CCE548F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4D277D1A-FEE9-4EE2-9D31-6C5B5CCF6F14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4FD3B157-1F0B-49E7-AE86-EA9BE3355D92}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{52401D72-F513-4A87-9D1C-3816E5328B0F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{582F6162-07B4-4B76-85C4-8D6E0D396961}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{63DF3609-9826-44B6-98D2-7D4CF386AC61}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7DEF8C05-DA92-4FBF-86B9-7863384576F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7F5C6506-DA78-4F89-966E-E609104604BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{843D232B-2265-4097-8462-DFA807A9724D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{88339B90-C2D6-498D-94A7-74343B3EF297}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{963279A9-3A19-49F3-B36C-54D2F4B0FD88}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{97015758-A6E6-4CC6-B154-24CF59CDEA31}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A413FF40-A9E7-47E2-8903-C766B45720B5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B8F67224-68B0-45B1-9CA2-ECECA865410F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\to the moon\to the moon\to the moon.exe |
"{BDDBAE3F-F8C2-4CC7-90B6-183CD03496E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE4804E8-1881-46F3-A012-280D8A7DEF4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5E2BE90-7BE9-4B57-B3E8-A03A1028BD0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA3A9F59-27AA-4644-8E92-F4A71980B881}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4044C2B-21B1-448E-A1F1-C9FBC3A3AB9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1DB9A10-A469-4A72-9183-5152AF4A367B}" = protocol=6 | dir=out | app=system |
"{FE691BD8-823D-44F8-9D10-7479DE6CEB30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0D3596B7-8F49-4917-B63D-3C687B72E42E}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{17A615BB-0665-4B6F-84C3-1FDCBEDABECF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{1CD5D47D-3AF2-4494-A4AF-63C5A00706BF}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{2638BAF7-F396-4701-942D-8533C43A7B86}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe |
"TCP Query User{2885C0D6-2100-4145-AAAA-7AA14D488D99}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{298CE21D-054F-44D8-80F4-5BE2B5499B46}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{36770CAD-4C26-4949-9F19-BD38ABBD4F14}J:\xchatsilver\xchat.exe" = protocol=6 | dir=in | app=j:\xchatsilver\xchat.exe |
"TCP Query User{3A4885E3-DF50-4AF8-842E-A419157A4DAE}C:\program files (x86)\steam\steamapps\jtsw1\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jtsw1\garrysmod\hl2.exe |
"TCP Query User{3CE4E8A4-81B0-4227-9781-AE361017837C}I:\xchatsilver\xchat.exe" = protocol=6 | dir=in | app=i:\xchatsilver\xchat.exe |
"TCP Query User{67FD8815-BF44-45D0-A17E-E79E49D775BE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{6BCE3277-4458-4FB3-B850-B78DCDEDED50}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe |
"TCP Query User{6EABB3B9-AE27-4477-B944-9323823552E4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{7D3C9903-0A30-406B-861A-566A9CAA2C4B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{A06E89C8-1F40-4A08-BCA0-961A22C8B461}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B7CCB944-09B6-4123-AE70-8F0F2CA86B38}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{DE06732C-D9AF-46EF-97A6-E636AC378A10}I:\xchatsilver\xchat.exe" = protocol=6 | dir=in | app=i:\xchatsilver\xchat.exe |
"UDP Query User{1173E1A3-E431-408E-A6CB-306BBBA40C6A}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe |
"UDP Query User{4078967B-6D7E-42CB-A94B-8C0A66A55525}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{46B47627-0D4C-49F6-A01A-424D1CF626AA}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{49FB367F-70FC-4CF0-B1C2-C8D558A296C3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{52ECAB17-8214-4258-93A6-3AFD2F9FD082}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{62984693-985E-4A4F-B1DA-B6C689924E4B}I:\xchatsilver\xchat.exe" = protocol=17 | dir=in | app=i:\xchatsilver\xchat.exe |
"UDP Query User{8B4E0E43-C5DB-4741-9349-610F37C4BFA6}C:\program files (x86)\steam\steamapps\jtsw1\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jtsw1\garrysmod\hl2.exe |
"UDP Query User{9073B051-E9F7-4B1C-98F1-BA6E00D4FBFF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{96A15C39-3165-4625-B088-6ADE155B8E0D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{A4D1F4AC-D56C-4F1C-B364-FEF425AF4530}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{B135A83D-62B8-46D4-9608-BC5399B5181F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{BC491496-B18D-4348-BC1F-4671A7CBCAEC}J:\xchatsilver\xchat.exe" = protocol=17 | dir=in | app=j:\xchatsilver\xchat.exe |
"UDP Query User{CC2183A0-DF4F-4F3C-9FB1-1CCF8B01573B}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe |
"UDP Query User{E78093F2-E6A6-4CC5-84BB-D4CE62CEBD47}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{ED54B996-03B6-4577-B91C-4DEF24AD96BE}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{FD500F77-E203-4C90-A615-40C83908DCE6}I:\xchatsilver\xchat.exe" = protocol=17 | dir=in | app=i:\xchatsilver\xchat.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5A091175-DFC7-4C87-A4C8-69B9514DBF33}" = Nitro PDF Professional
"{5F94D3B9-2B02-9C37-740B-A59C7B8D17CC}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A792E67C-FDA4-A301-0C3C-53BA86EFBB5A}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE041ADD-66F3-4B85-A0E2-9E85D0DCBB31}" = Eraser 6.0.6.1376
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CEFC42-378E-4467-9909-DCBAFD38CA9F}" = LibreOffice 3.4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{157F58B7-9109-406C-B0FE-C511F06FBF2E}" = calibre
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{24982E4E-E4C1-44C6-9B21-9E2A2F898BB0}" = PdfCrypter 2.8
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3D6A24EA-A543-6C84-351E-D7646E7AB86E}" = Catalyst Control Center InstallProxy
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47CAFF95-C3D8-ABF2-70BC-89DE00D8FB19}" = Catalyst Control Center Graphics Light
"{4962EBAC-AE7C-1B22-1EA0-0916A7E40954}" = Catalyst Control Center Graphics Full Existing
"{49A62E2B-B35C-941D-DF48-601207CF14C0}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D40F840-30CA-4747-B988-E86C4C5F3B12}" = A New Beginning
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A490E11-6C8A-777C-4E00-43F3CC16A1EC}" = CCC Help English
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77919701-C3E7-09AA-D2F7-DBF42CD7C13D}" = Catalyst Control Center HydraVision Full
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B2F09F-BDC7-7865-CF4C-233B64A3BE51}" = Catalyst Control Center Graphics Full New
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119634693}" = Kaptain Brawe - A brawe new world (Episode 1)
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite DCP-135C
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0
"{D241BBEC-B1C7-7953-EDDE-D90A654A8D2C}" = ccc-core-static
"{D5C24E77-099E-9B84-5BE2-708E70B938A9}" = Catalyst Control Center Core Implementation
"{DC4757E2-BAE3-0BFE-C6E5-576CB911FF52}" = Catalyst Control Center Graphics Previews Vista
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = 0.9.4.5
"BFGC" = Big Fish Games Client
"BFG-Drawn - The Painted Tower" = Drawn: The Painted Tower ™
"Ceville" = Ceville 1.0
"Deponia" = Deponia
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender
"Episode 1 - Homestar Ruiner" = Strong Bad - Strong Bad Episode 1 - Homestar Ruiner
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exodus" = Exodus Jabber Client (remove only)
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.742
"FLV Player" = FLV Player 2.0 (build 25)
"foobar2000" = foobar2000 v1.0.1
"Google Chrome" = Google Chrome
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"Harvey" = Harveys Neue Augen
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"JDownloader" = JDownloader
"Jubler" = Jubler subtitle editor
"LinuxLive USB Creator" = LinuxLive USB Creator
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Monkey Island 2 LeChucks Revenge Special Edition_is1" = Monkey Island 2 LeChucks Revenge Special Edition
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"PDF Editor 3" = PDF Editor 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Secure Eraser_is1" = Secure Eraser v3.3
"SopCast" = SopCast 3.4.8
"Steam App 206440" = To the Moon
"Steam App 4000" = Garry's Mod
"The Secret of Monkey Island_is1" = The Secret of Monkey Island
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.4 (64-bit)
"X-Chat 2_is1" = X-Chat 2.8.6-2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.12.2012 07:16:17 | Computer Name = **** | Source = SDUpdSvc.exe | ID = 0
Description =
Error - 17.12.2012 07:22:42 | Computer Name = **** | Source = ESENT | ID = 215
Description = WinMail (2364) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 20.12.2012 08:05:29 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nitro PDF\Professional\Connection.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.12.2012 08:29:43 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nitro PDF\Professional\Connection.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.12.2012 08:52:43 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nitro PDF\Professional\Connection.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.12.2012 13:40:08 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nitro PDF\Professional\Connection.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.12.2012 08:16:20 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nitro PDF\Professional\Connection.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.12.2012 19:39:25 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nitro PDF\Professional\Connection.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.12.2012 09:44:14 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nitro PDF\Professional\Connection.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.12.2012 10:13:31 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nitro PDF\Professional\Connection.exe". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 26.12.2012 08:23:10 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 26.12.2012 08:23:10 | Computer Name = **** | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 26.12.2012 08:23:13 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 26.12.2012 10:16:24 | Computer Name = **** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 27.12.2012 12:32:18 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 27.12.2012 12:32:18 | Computer Name = **** | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 27.12.2012 12:32:22 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 27.12.2012 12:37:54 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 27.12.2012 12:37:54 | Computer Name = **** | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 27.12.2012 12:37:58 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
< End of report >
Geändert von s_V (27.12.2012 um 18:06 Uhr) |
|
27.12.2012, 21:39
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötigFixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..network.proxy.http: "41.89.211.5"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "85.131.163.219"
FF - prefs.js..network.proxy.socks_port: 3128
FF - user.js - File not found
O4 - HKLM..\Run: [] File not found
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:48C30809
:Files
C:\Users\****\Desktop\MBR.dat
C:\Windows\SysWow64\uninstHelixYUV.exe
C:\Users\****\AppData\Roaming\AvsP.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig |
| avast, boot, ccsetup, cdburnerxp, classpnp.sys, computer, desktop, ergebnis, festplatte, file, folge, forum, google, hal.dll, harddisk, infizierte, installation, malwarebytes, netzwerk, ntoskrnl.exe, plug-in, rootkit, safer networking, system, system32, ungewöhnlicher datenverkehr, ungewöhnlicher datenverkehr aus ihrem netzwerk, unknown mbr, update, vdeck.exe, versteckt sich, windows, wlan |
Textbox. 
Linear-Darstellung
