Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.12.2012, 21:47   #1
s_V
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Hallo,

bei mir kam beim Googlen häufig die bekannte "Ungewöhnlicher Datenverkehr aus Ihrem Netzwerk"-Meldung, obwohl ich den Rechner alleine und ohne WLAN benutze. Außerdem brauchten viele Websites einen zweiten Anlauf, um geladen zu werden.

Ich habe daraufhin Spybot und Malwarebytes je einen vollständigen Scan machen lassen - Spybot fand und entfernte 191 Bedrohungen der Stufe 5, Malwarebytes fand danach keine infizierten Dateien.

Ich habe das Updaten bisher immer automatisch von Windows 7 beim Runterfahren erledigen lassen, das war offenbar nicht ausreichend, denn heute morgen habe ich mal selber auf Updaten geklickt, was zur erstmaligen Installation des SP 1 führte.

Meine Festplatte ist vollständig mit Truecrypt verschlüsselt.

aswMBR.exe (nach Anleitung aus diesem Forum) brachte mir gerade eben folgendes Ergebnis:

---

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-17 22:25:59
-----------------------------
22:25:59.529 OS Version: Windows x64 6.1.7601 Service Pack 1
22:25:59.529 Number of processors: 2 586 0x602
22:25:59.529 ComputerName: **** UserName: ****
22:26:04.771 Initialize success
22:27:58.806 AVAST engine defs: 12121702
22:38:10.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:38:10.608 Disk 0 Vendor: STM3500418AS CC38 Size: 476940MB BusType: 3
22:38:10.608 Disk 0 MBR read successfully
22:38:10.624 Disk 0 MBR scan
22:38:10.640 Disk 0 unknown MBR code
22:38:10.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 100 MB offset 2048
22:38:10.671 Disk 0 Partition 2 00 07 HPFS/NTFS 476838 MB offset 206848
22:38:10.686 Disk 0 scanning C:\Windows\system32\drivers
22:38:10.702 Service scanning
22:38:45.724 Modules scanning
22:38:45.740 Disk 0 trace - called modules:
22:38:45.755 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80043c92c0]<<spdt.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:38:45.755 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800465b060]
22:38:45.771 3 CLASSPNP.SYS[fffff88001bc643f] -> nt!IofCallDriver -> [0xfffffa800463d580]
22:38:45.786 5 ACPI.sys[fffff880010437a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004635060]
22:38:45.802 \Driver\atapi[0xfffffa800445be70] -> IRP_MJ_CREATE -> 0xfffffa80043c92c0
22:38:48.657 AVAST engine scan C:\Windows
22:38:48.672 AVAST engine scan C:\Windows\system32
22:38:48.688 AVAST engine scan C:\Windows\system32\drivers
22:38:48.704 AVAST engine scan C:\Users\****
22:38:48.735 AVAST engine scan C:\ProgramData
22:38:48.750 Scan finished successfully
22:39:13.960 Disk 0 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
22:39:13.960 The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR2.txt"

---

Kann mir jemand helfen? Versteckt sich ein Rootkit auf dem Rechner?

edit: Habe noch einen aktuellen OTL-QuickScan durchgeführt. Hier das Log:

Code:
ATTFilter
OTL logfile created on: 17.12.2012 23:03:53 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 71,29% Memory free
7,50 Gb Paging File | 6,17 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 6,25 Gb Free Space | 1,34% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.16 21:58:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2012.12.11 17:43:56 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 17:43:39 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.11 17:43:38 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010.03.16 19:14:47 | 001,415,632 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.06.24 22:24:08 | 005,782,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.06.24 22:24:08 | 005,782,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009.03.25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2006.01.10 09:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.02.03 05:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.12 14:19:10 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.11 20:18:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.11 17:43:56 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 17:43:39 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.07 19:21:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.02 12:27:36 | 000,324,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.11 17:44:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 17:44:02 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.14 01:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011.02.14 01:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011.02.14 01:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.04 20:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.05.05 16:36:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.04.08 12:52:24 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.04.08 12:52:24 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.03 05:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.02.03 05:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.03 04:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.24 11:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.22 15:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.14 02:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.05.05 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 41 77 20 DA DB CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=EAC&o=102388&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=QE&apn_dtid=&apn_uid=933E722D-05F3-45CE-8945-9F030576B5B7&apn_sauid=4707CA0A-B9FD-4DBF-BDDC-8C3780262386
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.6
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.67
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=EAC&o=102388&locale=de_DE&apn_uid=933E722D-05F3-45CE-8945-9F030576B5B7&apn_ptnrs=QE&apn_sauid=4707CA0A-B9FD-4DBF-BDDC-8C3780262386&apn_dtid=&q="
FF - prefs.js..network.proxy.http: "41.89.211.5"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "85.131.163.219"
FF - prefs.js..network.proxy.socks_port: 3128
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\****\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 19:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 19:21:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.03 14:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 19:21:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 19:21:43 | 000,000,000 | ---D | M]
 
[2011.06.28 16:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011.06.28 16:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.16 13:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\06h5jpt2.default\extensions
[2012.12.16 13:03:57 | 000,689,618 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\06h5jpt2.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi
[2012.11.24 11:22:24 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\06h5jpt2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.05.15 09:33:25 | 000,002,387 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\06h5jpt2.default\searchplugins\askcom.xml
[2012.12.07 19:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.07 19:21:47 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.29 12:41:02 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll
[2012.02.14 10:33:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 20:50:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.14 10:33:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 10:33:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 10:33:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 10:33:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3209BDA-3FD1-4A19-9A87-D77FDBC87E0B}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b57dd28-585c-11df-bdb7-90e6ba0759c7}\Shell - "" = AutoRun
O33 - MountPoints2\{6b57dd28-585c-11df-bdb7-90e6ba0759c7}\Shell\AutoRun\command - "" = E:\autorun_setup.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.17 22:17:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2012.12.17 11:38:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.12.17 11:29:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.12.16 21:58:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.12.16 21:54:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.16 20:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.16 20:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.16 20:42:52 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012.12.16 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.12.16 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Programs
[2012.12.16 20:39:50 | 055,454,464 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Users\****\Desktop\SpybotSD2_2.0.12.exe
[2012.12.16 20:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.16 20:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.16 20:28:30 | 004,077,368 | ---- | C] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup325.exe
[2012.12.16 19:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.12.16 19:51:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.12.16 19:39:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Wireshark
[2012.12.16 19:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.12.16 19:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.12.16 19:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.12.16 19:29:03 | 026,641,872 | ---- | C] (Wireshark development team) -- C:\Users\****\Desktop\Wireshark-win64-1.8.4.exe
[2012.12.14 12:47:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\musik
[2012.12.07 19:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Apple Computer
[2012.12.03 14:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.12.03 14:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.12.03 14:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.12.03 14:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.12.03 14:15:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple
[2012.12.03 14:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.12.03 14:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.11.24 13:47:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\To the Moon - Freebird Games
[2012.11.18 11:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.11.07 11:22:48 | 005,082,084 | ---- | C] (The Public) -- C:\Users\****\AppData\Roaming\Avisynth.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.17 22:56:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.17 22:39:13 | 000,000,512 | ---- | M] () -- C:\Users\****\Desktop\MBR.dat
[2012.12.17 22:37:30 | 000,013,767 | ---- | M] () -- C:\Users\****\Desktop\Unbenannt 1.odt
[2012.12.17 22:18:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2012.12.17 22:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.17 22:12:22 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\0srsw8jz.exe
[2012.12.17 21:16:19 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 21:16:19 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.17 21:15:34 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.17 21:15:34 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.17 21:15:34 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.17 21:15:34 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.17 21:15:34 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.17 21:09:14 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.17 21:08:44 | 000,303,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.17 21:08:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.17 21:08:18 | 3019,227,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.16 22:02:17 | 000,089,088 | ---- | M] () -- C:\Windows\SysNative\mbr.exe
[2012.12.16 21:58:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.12.16 20:42:57 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.16 20:42:06 | 055,454,464 | ---- | M] (Safer-Networking Ltd.                                       ) -- C:\Users\****\Desktop\SpybotSD2_2.0.12.exe
[2012.12.16 20:28:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.16 20:28:38 | 004,077,368 | ---- | M] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup325.exe
[2012.12.16 19:51:16 | 000,002,971 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis.lnk
[2012.12.16 19:50:20 | 001,402,880 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis.msi
[2012.12.16 19:30:27 | 026,641,872 | ---- | M] (Wireshark development team) -- C:\Users\****\Desktop\Wireshark-win64-1.8.4.exe
[2012.12.14 14:13:19 | 000,024,321 | ---- | M] () -- C:\Users\****\Desktop\top10_2011.odt
[2012.12.14 12:11:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.13 21:58:43 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.11 17:44:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.11 17:44:02 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.09 19:03:39 | 000,024,610 | ---- | M] () -- C:\Users\****\Desktop\OpenDocument Text (neu).odt
[2012.12.07 19:24:56 | 000,006,437 | ---- | M] () -- C:\Users\****\Desktop\parada.(4618777).nfo
[2012.11.30 11:03:25 | 057,611,821 | ---- | M] () -- C:\Users\****\Desktop\20121124-1700.mp3
[2012.11.18 11:48:40 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.17 22:37:27 | 000,013,767 | ---- | C] () -- C:\Users\****\Desktop\Unbenannt 1.odt
[2012.12.17 22:25:43 | 000,000,512 | ---- | C] () -- C:\Users\****\Desktop\MBR.dat
[2012.12.17 22:12:18 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\0srsw8jz.exe
[2012.12.16 22:02:12 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\mbr.exe
[2012.12.16 20:42:57 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.16 20:42:57 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.16 20:28:58 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.16 19:51:16 | 000,002,971 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis.lnk
[2012.12.16 19:50:17 | 001,402,880 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis.msi
[2012.12.16 19:32:03 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.12.14 12:11:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.07 19:25:16 | 000,006,437 | ---- | C] () -- C:\Users\****\Desktop\parada.(4618777).nfo
[2012.12.03 14:15:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.11.30 10:44:02 | 057,611,821 | ---- | C] () -- C:\Users\****\Desktop\20121124-1700.mp3
[2012.11.18 11:48:40 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.11.07 11:24:03 | 000,034,936 | ---- | C] () -- C:\Windows\SysWow64\uninstHelixYUV.exe
[2011.11.07 11:23:08 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\****\AppData\Roaming\AvsP.exe
[2011.08.11 16:32:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.08.11 16:32:43 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.05.14 12:34:07 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2011.05.14 12:34:07 | 000,002,315 | ---- | C] () -- C:\Windows\unins000.dat
[2010.06.23 18:09:40 | 000,002,049 | ---- | C] () -- C:\Users\****\.recently-used.xbel
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.04.23 12:56:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ASCOMP Software
[2010.05.05 16:44:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Big Fish Games
[2011.07.31 21:39:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\calibre
[2010.04.19 06:58:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2010.05.05 16:41:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.06.08 14:13:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Downloaded Installations
[2011.11.05 16:47:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EAC
[2012.03.08 13:29:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\elsterformular
[2010.03.16 19:04:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Exodus
[2012.12.17 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\foobar2000
[2010.06.23 18:09:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2010.05.26 15:12:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Jubler
[2012.02.01 13:50:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LibreOffice
[2011.01.25 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LucasArts
[2010.06.08 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro PDF
[2010.03.16 20:11:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2010.11.11 13:43:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PixelPlanet
[2010.12.01 18:10:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ProtectDISC
[2011.06.28 16:25:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2012.11.24 14:38:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\To the Moon - Freebird Games
[2010.03.20 17:56:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TrueCrypt
[2012.03.24 22:26:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2012.12.16 19:39:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Wireshark
[2012.12.17 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\X-Chat 2
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:48C30809

< End of report >
         

Geändert von s_V (17.12.2012 um 22:22 Uhr)

Alt 20.12.2012, 16:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Hallo und

Zitat:
Spybot fand und entfernte 191 Bedrohungen
Wo bitte sind die Logs dazu? Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 21.12.2012, 16:24   #3
s_V
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Hallo cosinus,

danke für die Antwort.

Code:
ATTFilter
Search results from Spybot - Search & Destroy

16.12.2012 21:13:02
Scan took 00:28:56.
250 items found.

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\31.7.62.214\com.jeroenwijering.sol
  Properties.size=71
  Properties.md5=6258C02849F8169B7C5EC203419BCB8B
  Properties.filedate=1336225867
  Properties.filedatetext=2012-05-05 14:51:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\46.19.143.122\com.jeroenwijering.sol
  Properties.size=71
  Properties.md5=D4479DE6DC868A49A812BE8AF0ED4715
  Properties.filedate=1351020617
  Properties.filedatetext=2012-10-23 20:30:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.blip.tv\com.conviva.livePass.sol
  Properties.size=123
  Properties.md5=25F1D586DA5E3F0FF914C40D863EF331
  Properties.filedate=1348059839
  Properties.filedatetext=2012-09-19 14:03:59

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.blip.tv\neighborLoadingStart.sol
  Properties.size=54
  Properties.md5=93ACA674E318D469B4569E6AAC823EC3
  Properties.filedate=1348059838
  Properties.filedatetext=2012-09-19 14:03:58

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.vimeocdn.com\com.conviva.livePass.sol
  Properties.size=220
  Properties.md5=603BAAF76F3F3BF98880BB79C7D6B840
  Properties.filedate=1353686615
  Properties.filedatetext=2012-11-23 17:03:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a248.e.akamai.net\analytics.sol
  Properties.size=511
  Properties.md5=93391EF66F08C68A4F7279143ED8E50A
  Properties.filedate=1355330843
  Properties.filedatetext=2012-12-12 17:47:23

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\admin.brightcove.com\analytics.sol
  Properties.size=442
  Properties.md5=E9563B8FFCBE0163F1A5446038426A86
  Properties.filedate=1353164027
  Properties.filedatetext=2012-11-17 15:53:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\api.zippyshare.com\zippyShare.sol
  Properties.size=55
  Properties.md5=8193498F9F019CE2E1BE98771F97B4AE
  Properties.filedate=1351343758
  Properties.filedatetext=2012-10-27 14:15:58

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\assets.mixpod.com\com.quantserve.sol
  Properties.size=72
  Properties.md5=1588690F02E743BB5FABEF1493DB76CB
  Properties.filedate=1331070008
  Properties.filedatetext=2012-03-06 22:40:07

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cache.reverbnation.com\com.reverbnation.prowidgets.player.sol
  Properties.size=266
  Properties.md5=F3EC2E6D01E36C6518B5C17E1CAFD6C6
  Properties.filedate=1317400337
  Properties.filedatetext=2011-09-30 17:32:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cache.spreadshirt.net\sprd_c7_264433.sol
  Properties.size=583
  Properties.md5=8CE1B256BA5E9C1B37C54CCDE7C4606B
  Properties.filedate=1352926803
  Properties.filedatetext=2012-11-14 22:00:02

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\analytics.sol
  Properties.size=445
  Properties.md5=83817D99BE3E5AF93F61CF943DA1167E
  Properties.filedate=1355682126
  Properties.filedatetext=2012-12-16 19:22:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.complexmedianetwork.com\analytics.sol
  Properties.size=419
  Properties.md5=00CCED78B490B4CC0F74889FFBF567EE
  Properties.filedate=1351532241
  Properties.filedatetext=2012-10-29 18:37:21

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.pitchfork.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=1DEBD11D564E9E85DAA76EB2061B9653
  Properties.filedate=1324224965
  Properties.filedatetext=2011-12-18 17:16:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\com.quantserve.sol
  Properties.size=72
  Properties.md5=9CBE44BF89F82BD4F0FD38560B33BF59
  Properties.filedate=1327952873
  Properties.filedatetext=2012-01-30 20:47:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\configData.sol
  Properties.size=313
  Properties.md5=5AB617056C97420BFAA7723DABAA3775
  Properties.filedate=1318199798
  Properties.filedatetext=2011-10-09 23:36:37

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\sessionData.sol
  Properties.size=137
  Properties.md5=2CE7914FE3283F6EAEA427779E9F0BB8
  Properties.filedate=1343587292
  Properties.filedatetext=2012-07-29 19:41:31

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\userData.sol
  Properties.size=97
  Properties.md5=1B21E89E47E7EA5BE4A485493BB35EC3
  Properties.filedate=1343589222
  Properties.filedatetext=2012-07-29 20:13:41

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.widgetserver.com\wbx_cookie.sol
  Properties.size=42
  Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134
  Properties.filedate=1326401886
  Properties.filedatetext=2012-01-12 21:58:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ch.mediaplanet.streamingbolaget.se\analytics.sol
  Properties.size=450
  Properties.md5=3CEFA015A07DB93ABA0512663ACC4511
  Properties.filedate=1316797531
  Properties.filedatetext=2011-09-23 18:05:31

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\chatango.com\fixed_id.sol
  Properties.size=54
  Properties.md5=53471B287DEA80178697F0518026FB87
  Properties.filedate=1323617971
  Properties.filedatetext=2011-12-11 16:39:30

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\chatango.com\mini_login.sol
  Properties.size=48
  Properties.md5=24D469038E947632F5BA50468F0384C0
  Properties.filedate=1332010829
  Properties.filedatetext=2012-03-17 20:00:28

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\core.mochibot.com\com.mochibot.sol
  Properties.size=105
  Properties.md5=9E6FFE8897AC244F9FE650746BCC2876
  Properties.filedate=1325154662
  Properties.filedatetext=2011-12-29 11:31:01

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\d2ciznq2rtdp7k.cloudfront.net\analytics.sol
  Properties.size=442
  Properties.md5=70885F797C6AF34F57610528455B7828
  Properties.filedate=1334401844
  Properties.filedatetext=2012-04-14 12:10:43

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\d2ciznq2rtdp7k.cloudfront.net\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=C2E7D33B00591C23E877776C9FE882F2
  Properties.filedate=1334401087
  Properties.filedatetext=2012-04-14 11:58:07

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\download.liveweb.arte.tv\arteLiveWebVolume.sol
  Properties.size=56
  Properties.md5=D50306567A6B9A9A4586E8BD94ADF5F4
  Properties.filedate=1336168268
  Properties.filedatetext=2012-05-04 22:51:08

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\edge.liveleak.com\com.jeroenwijering.sol
  Properties.size=61
  Properties.md5=0092E422110FC214D072D65DCED601A7
  Properties.filedate=1334084808
  Properties.filedatetext=2012-04-10 20:06:48

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\effectivemeasure.net\EM_APP.sol
  Properties.size=100
  Properties.md5=893122AD53BD1E5666B79B5A40808E5C
  Properties.filedate=1349426439
  Properties.filedatetext=2012-10-05 09:40:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\einestages.spiegel.de\BandwidthCache.sol
  Properties.size=70
  Properties.md5=7D858C59030AD0EF1DD9DE82EBDC5F7A
  Properties.filedate=1340630976
  Properties.filedatetext=2012-06-25 14:29:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\com.jeroenwijerin.players.sol
  Properties.size=65
  Properties.md5=CBB704DB2110BD6069FDEC5D5EEC853D
  Properties.filedate=1318502991
  Properties.filedatetext=2011-10-13 11:49:51

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\files.leton.tv\com.jeroenwijering.sol
  Properties.size=61
  Properties.md5=CE8D542110281FF64046460C0D099227
  Properties.filedate=1332001191
  Properties.filedatetext=2012-03-17 17:19:51

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\franznicolay.com\sound.sol
  Properties.size=167
  Properties.md5=E348A76FF987CCD2B16EFAEBE1D29A44
  Properties.filedate=1346605830
  Properties.filedatetext=2012-09-02 18:10:30

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\freebirdgames.com\com.jeroenwijering.sol
  Properties.size=57
  Properties.md5=1366968615D695A3BF4DE88D6D613497
  Properties.filedate=1348507321
  Properties.filedatetext=2012-09-24 18:22:01

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\g-ecx.images-amazon.com\AlbumSampler.sol
  Properties.size=52
  Properties.md5=2BDD87C44F54C3BB84B60B16E0903D32
  Properties.filedate=1320258962
  Properties.filedatetext=2011-11-02 19:36:02

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\gp1.wac.edgecastcdn.net\com.reverbnation.prowidgets.player.sol
  Properties.size=265
  Properties.md5=8A853703643FE0F81F23FEB976C18E58
  Properties.filedate=1341516011
  Properties.filedatetext=2012-07-05 20:20:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ia.media-imdb.com\IMDBTEST.sol
  Properties.size=63
  Properties.md5=6E61C04D24E93354486B4943E2F22261
  Properties.filedate=1355506544
  Properties.filedatetext=2012-12-14 18:35:44

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\images-na.ssl-images-amazon.com\mercury.sol
  Properties.size=69
  Properties.md5=182E729E43AB00E4E416214CC328EAC9
  Properties.filedate=1320260482
  Properties.filedatetext=2011-11-02 20:01:21

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\images.allocine.fr\AcV_Config.sol
  Properties.size=64
  Properties.md5=AFD7FF1D5676FF4F952C92C4CA2CF9D9
  Properties.filedate=1342108277
  Properties.filedatetext=2012-07-12 16:51:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\img.ofdb.de\analytics.sol
  Properties.size=419
  Properties.md5=619FB94A89ABE79B13D721D319D6F47A
  Properties.filedate=1354561551
  Properties.filedatetext=2012-12-03 20:05:51

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\inwmedia.net\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=CA07D7C3078773C3D5671BFDA2EE8BCF
  Properties.filedate=1346671987
  Properties.filedatetext=2012-09-03 12:33:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\is3.myvideo.de\com.conviva.livePass.sol
  Properties.size=224
  Properties.md5=AF26F9F1BF5062C43FF8AC8CA6288504
  Properties.filedate=1352911680
  Properties.filedatetext=2012-11-14 17:47:59

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\is5.myvideo.de\com.conviva.livePass.sol
  Properties.size=211
  Properties.md5=8D3BB96998EE42142224686296367221
  Properties.filedate=1351547349
  Properties.filedatetext=2012-10-29 22:49:08

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\kiks.yandex.ru\fuid01.sol
  Properties.size=188
  Properties.md5=81B788EE6EAA69BE2D67EE1E449EC695
  Properties.filedate=1341486895
  Properties.filedatetext=2012-07-05 12:14:55

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lds.megom.tv\com.jeroenwijering.sol
  Properties.size=61
  Properties.md5=DC24290810DAB55758C7217C535E9DD2
  Properties.filedate=1322924047
  Properties.filedatetext=2011-12-03 15:54:06

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\live.castamp.com\com.jeroenwijering.sol
  Properties.size=64
  Properties.md5=93F0004B2FFB6D3C609E2612B228E72B
  Properties.filedate=1322923728
  Properties.filedatetext=2011-12-03 15:48:47

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\localhost\FLVPlayerdata.Settings.sol
  Properties.size=315
  Properties.md5=BE7694098101C55D2967BFC734AD4F12
  Properties.filedate=1341395830
  Properties.filedatetext=2012-07-04 10:57:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\com.conviva.livePass.sol
  Properties.size=119
  Properties.md5=E3228D899E005FCBBE4C1EEC6210268C
  Properties.filedate=1323556647
  Properties.filedatetext=2011-12-10 23:37:27

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\com.mtvnservices.media.as3player.model.user.SavedPreferencesVO.sol
  Properties.size=184
  Properties.md5=3D0BDE718F64E12E8E006306C340C1BC
  Properties.filedate=1317331347
  Properties.filedatetext=2011-09-29 22:22:26

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\com.quantserve.sol
  Properties.size=72
  Properties.md5=B160130CAF70278D49264412BC219E65
  Properties.filedate=1323556647
  Properties.filedatetext=2011-12-10 23:37:27

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\MetadataHistory.sol
  Properties.size=3484
  Properties.md5=5870943D4CA193A8A30A3E13401161C7
  Properties.filedate=1347908042
  Properties.filedatetext=2012-09-17 19:54:02

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\OVPMetricsProvider.sol
  Properties.size=64
  Properties.md5=721858CC1ED3204FDD71832E41A5C1D3
  Properties.filedate=1347908042
  Properties.filedatetext=2012-09-17 19:54:02

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\playerCounter.sol
  Properties.size=294
  Properties.md5=874B0029932710FA6CB2CF5EA6D6680F
  Properties.filedate=1347908033
  Properties.filedatetext=2012-09-17 19:53:53

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\userPrefs4.sol
  Properties.size=327
  Properties.md5=9928E60891B4EBBD3BC05ACBA2910CEA
  Properties.filedate=1347908042
  Properties.filedatetext=2012-09-17 19:54:02

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media1.break.com\break.com.sol
  Properties.size=60
  Properties.md5=A95011595DA284346E6F9CBA4ABD25C5
  Properties.filedate=1322136143
  Properties.filedatetext=2011-11-24 13:02:22

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mochiads.com\com.mochiads.sol
  Properties.size=88
  Properties.md5=34FD2743BD723E6A0DAFF75073CE08E8
  Properties.filedate=1327511137
  Properties.filedatetext=2012-01-25 18:05:37

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mochiads.com\services.mochiads.com.sol
  Properties.size=313
  Properties.md5=09EC360AAC6EBCE5D32CF7DBE680B5A4
  Properties.filedate=1327511138
  Properties.filedatetext=2012-01-25 18:05:38

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\omnitureSampleId.sol
  Properties.size=55
  Properties.md5=E4D5A6AC6C61D567DA27128897CB74C7
  Properties.filedate=1330291236
  Properties.filedatetext=2012-02-26 22:20:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\playerV2.sol
  Properties.size=47
  Properties.md5=F866CD0B1EF3FD3DF1141E1F9DB1B571
  Properties.filedate=1330291246
  Properties.filedatetext=2012-02-26 22:20:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\s_br.sol
  Properties.size=35
  Properties.md5=760FCA2DC2B18E30543493B04290322A
  Properties.filedate=1330291237
  Properties.filedatetext=2012-02-26 22:20:37

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\varo_varoDefault.sol
  Properties.size=71
  Properties.md5=87EF178F39EDB80D57FA418D57CE93DF
  Properties.filedate=1330291237
  Properties.filedatetext=2012-02-26 22:20:37

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\nimg.joyclub.de\fupvid.sol
  Properties.size=67
  Properties.md5=60E0E61EE4218E29AF6B4D106CFBF26C
  Properties.filedate=1331333236
  Properties.filedatetext=2012-03-09 23:47:15

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\p1.soundcloud.com\analytics.sol
  Properties.size=490
  Properties.md5=D2161BD96A0D4E1E8796329BD91B57A1
  Properties.filedate=1355433129
  Properties.filedatetext=2012-12-13 22:12:09

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\play.sawlive.tv\com.jeroenwijering.sol
  Properties.size=61
  Properties.md5=97F9869DF2E41C65B77E9DFC5F6B8ECC
  Properties.filedate=1332012009
  Properties.filedatetext=2012-03-17 20:20:08

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\auth.sol
  Properties.size=70
  Properties.md5=415793D0ED99FF6C7BC441C81EB067B7
  Properties.filedate=1324047960
  Properties.filedatetext=2011-12-16 16:06:00

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\auth2.sol
  Properties.size=152
  Properties.md5=38E895BB005F09E557B3775D249C5655
  Properties.filedate=1324050129
  Properties.filedatetext=2011-12-16 16:42:08

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\perf.sol
  Properties.size=125
  Properties.md5=1846AF8D18549099D176B7952BC31D80
  Properties.filedate=1324050070
  Properties.filedatetext=2011-12-16 16:41:09

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\pub.widgetbox.com\wbx_cookie.sol
  Properties.size=42
  Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134
  Properties.filedate=1326401895
  Properties.filedatetext=2012-01-12 21:58:15

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\reverbnation.com\com.quantserve.sol
  Properties.size=73
  Properties.md5=1F20979ACE4021197CE0AA744FED6265
  Properties.filedate=1351809877
  Properties.filedatetext=2012-11-01 23:44:37

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\reverbnation.com\ReverbNationAllowSpace.sol
  Properties.size=72
  Properties.md5=619022739B3626091BE5647F5B902170
  Properties.filedate=1322927460
  Properties.filedatetext=2011-12-03 16:50:59

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s-static.ak.fbcdn.net\www.myspace.com.sol
  Properties.size=85
  Properties.md5=D9DD9D9E757300DB5BAC82D03E52053E
  Properties.filedate=1325241491
  Properties.filedatetext=2011-12-30 11:38:11

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.mcstatic.com\analytics.sol
  Properties.size=563
  Properties.md5=B98DFC63276D3D8CBB92B3FBB53E7D48
  Properties.filedate=1335132348
  Properties.filedatetext=2012-04-22 23:05:48

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.mcstatic.com\vpPrefs.sol
  Properties.size=40
  Properties.md5=0F551541154188563496B48BF16BA8AB
  Properties.filedate=1335132087
  Properties.filedatetext=2012-04-22 23:01:27

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\restore.sol
  Properties.size=62
  Properties.md5=FD7C8DD87D962EA1D7A45D4A0C46C52C
  Properties.filedate=1355504599
  Properties.filedatetext=2012-12-14 18:03:18

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\soundData.sol
  Properties.size=80
  Properties.md5=2004A09C24D7EF04FF2F3FDE9332594F
  Properties.filedate=1355688043
  Properties.filedatetext=2012-12-16 21:00:42

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\subtitlesModuleData.sol
  Properties.size=180
  Properties.md5=6B908CDF537928A266784CE9A038AE65
  Properties.filedate=1331407479
  Properties.filedatetext=2012-03-10 20:24:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\videostats.sol
  Properties.size=275
  Properties.md5=ED193D8F573A733B143CF523AD58FFFC
  Properties.filedate=1355688166
  Properties.filedatetext=2012-12-16 21:02:45

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\_ggCvar.sol
  Properties.size=72
  Properties.md5=F7579149B88F955582FCA9AD872E23E4
  Properties.filedate=1329493964
  Properties.filedatetext=2012-02-17 16:52:44

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\_ggCvar_temp.sol
  Properties.size=77
  Properties.md5=C249B04FBE2B7DE9C3FE7E3C8AAF8DDE
  Properties.filedate=1329493964
  Properties.filedatetext=2012-02-17 16:52:44

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\_ggMCvar_1.sol
  Properties.size=183
  Properties.md5=516B9B9716BAAC22485CEA8660994AE1
  Properties.filedate=1329493974
  Properties.filedatetext=2012-02-17 16:52:54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\_ggCvar.sol
  Properties.size=74
  Properties.md5=C3B72B63BE443AE6539350A2EE25B86F
  Properties.filedate=1322136146
  Properties.filedatetext=2011-11-24 13:02:25

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\_ggCvar_temp.sol
  Properties.size=79
  Properties.md5=ECA03D04D5D5AAC911E5F4B255EABE86
  Properties.filedate=1322136146
  Properties.filedatetext=2011-11-24 13:02:25

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\_ggMCvar_1.sol
  Properties.size=74
  Properties.md5=F1E605F2631186755D09DC6D23F91067
  Properties.filedate=1328123615
  Properties.filedatetext=2012-02-01 20:13:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secureinclude.ebaystatic.com\ebayLSO.sol
  Properties.size=131
  Properties.md5=66A38848242B51077AC8660837AD48A7
  Properties.filedate=1322060949
  Properties.filedatetext=2011-11-23 16:09:09

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secureinclude.ebaystatic.com\ebayT.sol
  Properties.size=39
  Properties.md5=B43F43445AA3414DDC22EC80FBB22871
  Properties.filedate=1322060949
  Properties.filedatetext=2011-11-23 16:09:09

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ssl.hurra.com\restore.hurra.com.sol
  Properties.size=178
  Properties.md5=67D4410AB35B8F7DE8CA5392400C3B4E
  Properties.filedate=1347907029
  Properties.filedatetext=2012-09-17 19:37:09

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static-cdn1.ustream.tv\com.conviva.livePass.sol
  Properties.size=220
  Properties.md5=048754E44EDAA54022AB367EE94F7C33
  Properties.filedate=1341395033
  Properties.filedatetext=2012-07-04 10:43:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static-cdn1.ustream.tv\flash.viewer.sol
  Properties.size=14834
  Properties.md5=ED04AD17C971754885F03B87E0F95F02
  Properties.filedate=1341395028
  Properties.filedatetext=2012-07-04 10:43:47

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.castalba.tv\com.jeroenwijering.sol
  Properties.size=71
  Properties.md5=4DE84B8C06728A110FB5F888383605BA
  Properties.filedate=1348684136
  Properties.filedatetext=2012-09-26 19:28:55

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.issuu.com\analytics.sol
  Properties.size=419
  Properties.md5=171E21EBDFAFFD06E1159FF628E37182
  Properties.filedate=1353241037
  Properties.filedatetext=2012-11-18 13:17:16

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.issuu.com\com.quantserve.sol
  Properties.size=72
  Properties.md5=8E58A22D0AC1C19B6D7A5E1AD2043082
  Properties.filedate=1319116244
  Properties.filedatetext=2011-10-20 14:10:43

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.vipi.tv\com.jeroenwijering.sol
  Properties.size=61
  Properties.md5=92E85CEA0E6B96BB41248A647E0EA9F2
  Properties.filedate=1334084750
  Properties.filedatetext=2012-04-10 20:05:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.wix.com\WixComputerID.sol
  Properties.size=153
  Properties.md5=BB9F92B9E2067110E8EB5E2F500E063D
  Properties.filedate=1319217016
  Properties.filedatetext=2011-10-21 18:10:15

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.youku.com\YOUKU_FSO_PROXY.sol
  Properties.size=4850
  Properties.md5=A37E265DC8F02DC71356CF89624334EE
  Properties.filedate=1335642019
  Properties.filedatetext=2012-04-28 20:40:18

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static1.4players.de\analytics.sol
  Properties.size=419
  Properties.md5=6E634EB2769B29CF0DF5DC99D3FC819B
  Properties.filedate=1353273114
  Properties.filedatetext=2012-11-18 22:11:54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static1.dmcdn.net\com.dm.player.sol
  Properties.size=207
  Properties.md5=611E7DB2EE2F9B0021B97EDFE9476A7F
  Properties.filedate=1351167596
  Properties.filedatetext=2012-10-25 13:19:56

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static2.4players.de\analytics.sol
  Properties.size=419
  Properties.md5=69AAF2E9B7A3920C5702C555AE2D3732
  Properties.filedate=1353357919
  Properties.filedatetext=2012-11-19 21:45:18

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static2.4players.de\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=55EC6844BFD8A93E673A801E8D0FD254
  Properties.filedate=1348688812
  Properties.filedatetext=2012-09-26 20:46:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\streami.tv\analytics.sol
  Properties.size=452
  Properties.md5=EF63C8580DA4F6B03D330BF110A267C3
  Properties.filedate=1351020473
  Properties.filedatetext=2012-10-23 20:27:53

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video.google.com\videostats.sol
  Properties.size=85
  Properties.md5=9D4A3744D3C9FA89B62EA6DD1F72D845
  Properties.filedate=1335131410
  Properties.filedatetext=2012-04-22 22:50:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video3.hidemyass.com\com.jeroenwijering.sol
  Properties.size=50
  Properties.md5=568E8E9B9C9FD7B473D201BD0638FBFB
  Properties.filedate=1322058853
  Properties.filedatetext=2011-11-23 15:34:12

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\village-plingaplay.s3.amazonaws.com\de-DE_netlog_psgn16191599_zoomlevel_key.sol
  Properties.size=104
  Properties.md5=53D964AA88B2851C2CAF80518337C0F3
  Properties.filedate=1355089240
  Properties.filedatetext=2012-12-09 22:40:40

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\village-plingaplay.s3.amazonaws.com\TestFile.sol
  Properties.size=39
  Properties.md5=D95A82B4AF2AAFE46A5DFB646FC06163
  Properties.filedate=1355089239
  Properties.filedatetext=2012-12-09 22:40:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\web.de\PF_LSOConnector.sol
  Properties.size=56
  Properties.md5=4B3D38B315AC41D53E60BD5E08B0982F
  Properties.filedate=1325350913
  Properties.filedatetext=2011-12-31 18:01:53

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.007stream.com\com.jeroenwijering.sol
  Properties.size=71
  Properties.md5=0CFE195CC7A24AA0F642917B3B275D06
  Properties.filedate=1329673398
  Properties.filedatetext=2012-02-19 18:43:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.arte.tv\analytics.sol
  Properties.size=419
  Properties.md5=4EAB06AC8548515DC07BEFBDB0A54BC2
  Properties.filedate=1327703054
  Properties.filedatetext=2012-01-27 23:24:13

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.bangbus.com\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=EBFF76DC12D4C60772D2847D3E066287
  Properties.filedate=1338990578
  Properties.filedatetext=2012-06-06 14:49:37

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.channel4.com\channel4.com.sol
  Properties.size=61
  Properties.md5=72D101440569CF496F75DF3EC2DF394C
  Properties.filedate=1329493962
  Properties.filedatetext=2012-02-17 16:52:41

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.chilloutzone.net\analytics.sol
  Properties.size=419
  Properties.md5=1EBE59C39534A9A1FFBA08E0D1EBE0DD
  Properties.filedate=1346925617
  Properties.filedatetext=2012-09-06 11:00:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.chilloutzone.net\chill.videoplayer.models.UserSettingsModel.sol
  Properties.size=104
  Properties.md5=2B1FEC2179E543486E12BDA77A054B2C
  Properties.filedate=1346925617
  Properties.filedatetext=2012-09-06 11:00:17

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.do1.tv\com.jeroenwijering.sol
  Properties.size=71
  Properties.md5=F19CF249E1C2D95B7AD8B47F5FC41488
  Properties.filedate=1337550951
  Properties.filedatetext=2012-05-20 22:55:50

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.hardwareclips.com\analytics.sol
  Properties.size=473
  Properties.md5=E13F85A86A32D1DEE2C035FA20BDE382
  Properties.filedate=1352153271
  Properties.filedatetext=2012-11-05 23:07:50

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.hofer.at\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=300A0DDA65C00B91A04A5FC74870E05D
  Properties.filedate=1326485639
  Properties.filedatetext=2012-01-13 21:13:59

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.launchlive.tv\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=0E08BDC0843A2D3F0B261A8BF95EBEFB
  Properties.filedate=1343848654
  Properties.filedatetext=2012-08-01 20:17:34

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.mixcloud.com\analytics.sol
  Properties.size=456
  Properties.md5=178F01BF672DFFA3A24BBACA50E5D2CC
  Properties.filedate=1355330772
  Properties.filedatetext=2012-12-12 17:46:11

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.ofdb.de\analytics.sol
  Properties.size=442
  Properties.md5=9E606288F0E23B9A7F222A5A40AFA861
  Properties.filedate=1354561551
  Properties.filedatetext=2012-12-03 20:05:51

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\IxoSO.sol
  Properties.size=38
  Properties.md5=4C00D8274E240534CEF5895C4FC413B6
  Properties.filedate=1323709912
  Properties.filedatetext=2011-12-12 18:11:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\paypalLSO.sol
  Properties.size=111
  Properties.md5=9783FC84E945348F84269B891511E87F
  Properties.filedate=1323709912
  Properties.filedatetext=2011-12-12 18:11:52

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\ppLsoTest.sol
  Properties.size=48
  Properties.md5=74EE4375686A2069414EEF13E7B62789
  Properties.filedate=1322061072
  Properties.filedatetext=2011-11-23 16:11:12

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.playlist.com\ppl6.sol
  Properties.size=245
  Properties.md5=D274AF49725AEC522DD83461E6C80852
  Properties.filedate=1325009224
  Properties.filedatetext=2011-12-27 19:07:03

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.plimus.com\plimus_user_data.sol
  Properties.size=53
  Properties.md5=EFF98F98688F7CA88E590DBF98B9B73B
  Properties.filedate=1348507374
  Properties.filedatetext=2012-09-24 18:22:54

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\acudeoSession.sol
  Properties.size=121
  Properties.md5=1BB0E440942A955E45A98F070DF99BFF
  Properties.filedate=1325103542
  Properties.filedatetext=2011-12-28 21:19:02

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\com.quantserve.sol
  Properties.size=72
  Properties.md5=B58FA731D4DC7D6B2423744AB62A6BAD
  Properties.filedate=1325100611
  Properties.filedatetext=2011-12-28 20:30:10

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\SS_ARE_Override.sol
  Properties.size=57
  Properties.md5=26FD3BC015241B0A5DF955E7606041FF
  Properties.filedate=1325100608
  Properties.filedatetext=2011-12-28 20:30:07

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.sadistic.pl\com.jeroenwijering.sol
  Properties.size=54
  Properties.md5=192A0A9819728FD0A252C6DA94602762
  Properties.filedate=1350576986
  Properties.filedatetext=2012-10-18 17:16:25

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.spiegel.de\BandwidthCache.sol
  Properties.size=70
  Properties.md5=B755828078A2A8BE3925DD98C0AED48E
  Properties.filedate=1355567561
  Properties.filedatetext=2012-12-15 11:32:41

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.spiegel.de\spon_fussball.sol
  Properties.size=50
  Properties.md5=D9C34BF5E48714B1D6FA07A8909D1B71
  Properties.filedate=1319390944
  Properties.filedatetext=2011-10-23 18:29:03

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.streamiton.tv\analytics.sol
  Properties.size=453
  Properties.md5=0F35CA32441C0960C4D32FECFF6BB460
  Properties.filedate=1336232941
  Properties.filedatetext=2012-05-05 16:49:00

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.streamiton.tv\com.jeroenwijering.sol
  Properties.size=71
  Properties.md5=FDE2CC0295BE56038E3560332EEEC816
  Properties.filedate=1336232940
  Properties.filedatetext=2012-05-05 16:49:00

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.super8-movie.com\analytics.sol
  Properties.size=436
  Properties.md5=EB78BAC2707B408AD0B89D20DFA8A874
  Properties.filedate=1321452383
  Properties.filedatetext=2011-11-16 15:06:23

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\analytics.sol
  Properties.size=526
  Properties.md5=78086EAEBA126F5838817499EBA9F4E6
  Properties.filedate=1348577382
  Properties.filedatetext=2012-09-25 13:49:42

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\OVPMetricsProvider.sol
  Properties.size=64
  Properties.md5=1BC17E9100EA5085F971F006A7EDC38A
  Properties.filedate=1339239042
  Properties.filedatetext=2012-06-09 11:50:42

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.vuvox.com\analytics.sol
  Properties.size=419
  Properties.md5=678F3B2234C1854B05AE666943A24989
  Properties.filedate=1341501068
  Properties.filedatetext=2012-07-05 16:11:08

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.zdf.de\com.conviva.livePass.sol
  Properties.size=229
  Properties.md5=EB88D900E68513D2B0CDD10C4B7217C1
  Properties.filedate=1353586757
  Properties.filedatetext=2012-11-22 13:19:16

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\megaservicesuser.sol
  Properties.size=113
  Properties.md5=3F283A71DB5125EF8E17F762AB12F6B8
  Properties.filedate=1326181830
  Properties.filedatetext=2012-01-10 08:50:29

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\megavideoads.sol
  Properties.size=42
  Properties.md5=CB994F6C1994CD4AABDA68907E4E695B
  Properties.filedate=1326124695
  Properties.filedatetext=2012-01-09 16:58:15

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\megavideouser.sol
  Properties.size=83
  Properties.md5=5C07525AF4634571E4FB57035215DFE9
  Properties.filedate=1320790320
  Properties.filedatetext=2011-11-08 23:12:00

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\usersettings.sol
  Properties.size=48
  Properties.md5=FBAB78203096F8D4688CBC9655315F5E
  Properties.filedate=1320786620
  Properties.filedatetext=2011-11-08 22:10:19

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\x.myspacecdn.com\SpaceMusic.sol
  Properties.size=82
  Properties.md5=5B60394A8A241AE1E26C242D1FD9BBF7
  Properties.filedate=1320165038
  Properties.filedatetext=2011-11-01 17:30:37

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\aa.online-metrix.net\fpc.swf\session.sol
  Properties.size=76
  Properties.md5=D9B26D9A0A719A6B3816B2CC09DC6345
  Properties.filedate=1329573292
  Properties.filedatetext=2012-02-18 14:54:52

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cheshire.cat.xmlrequest.info\homepage.swf\1166483_0_en.sol
  Properties.size=5832
  Properties.md5=B614F5A974F0B0EE492B8D5A6243F072
  Properties.filedate=1351020618
  Properties.filedatetext=2012-10-23 20:30:17

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\dl.edge-cdn.net\#sParkFolder\ID.sol
  Properties.size=105
  Properties.md5=D6D13A3902F167F5C9402862378765C7
  Properties.filedate=1321471230
  Properties.filedatetext=2011-11-16 20:20:30

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\videoplayer.swf\dat.sol
  Properties.size=34
  Properties.md5=9C83FB1711F7D3526B09F96667E7F030
  Properties.filedate=1354650262
  Properties.filedatetext=2012-12-04 20:44:21

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\videoplayer3.swf\dat.sol
  Properties.size=41
  Properties.md5=7AE4D08BD39421BD91447586C254E74C
  Properties.filedate=1355665067
  Properties.filedatetext=2012-12-16 14:37:47

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xembed5.swf\dat.sol
  Properties.size=41
  Properties.md5=B7F8A1A0103AC26FF7CF0415A0AB18A9
  Properties.filedate=1346428320
  Properties.filedatetext=2012-08-31 16:52:00

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer.swf\dat.sol
  Properties.size=34
  Properties.md5=9C83FB1711F7D3526B09F96667E7F030
  Properties.filedate=1319104346
  Properties.filedatetext=2011-10-20 10:52:25

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer2.swf\dat.sol
  Properties.size=34
  Properties.md5=9C83FB1711F7D3526B09F96667E7F030
  Properties.filedate=1353935816
  Properties.filedatetext=2012-11-26 14:16:56

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer3.swf\dat.sol
  Properties.size=41
  Properties.md5=E7E612969BC317B02D7CDF7EEB5A5065
  Properties.filedate=1353934824
  Properties.filedatetext=2012-11-26 14:00:24

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ftp.banners-service.info\scroller.swf\1162251_0_en.sol
  Properties.size=5537
  Properties.md5=A07EAB85B41733B8D1C99D5EF5503837
  Properties.filedate=1351020618
  Properties.filedatetext=2012-10-23 20:30:18

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\grooveshark.com\facebookWidget.swf\gsGlobal.sol
  Properties.size=102
  Properties.md5=46E15104F5A5F8C62CDBE13890F8E6A0
  Properties.filedate=1317392738
  Properties.filedatetext=2011-09-30 15:25:38

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\grooveshark.com\widget.swf\gsGlobal.sol
  Properties.size=103
  Properties.md5=3FC35B72F9C6E62EB1754160E8FC8CA1
  Properties.filedate=1322665033
  Properties.filedatetext=2011-11-30 15:57:12

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\p1.soundcloud.com\player.swf\SCPlayer.sol
  Properties.size=72
  Properties.md5=024EE16099712EED1792A9861903B8FB
  Properties.filedate=1341688379
  Properties.filedatetext=2012-07-07 20:12:58

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-126-homad.swf\sptv-shared.sol
  Properties.size=47
  Properties.md5=C910C88A2146EFDDC7932B44BB3E5AFD
  Properties.filedate=1325950072
  Properties.filedatetext=2012-01-07 16:27:52

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-165-homad.swf\sptv-shared.sol
  Properties.size=48
  Properties.md5=B99B9A94838BE3FCE4D1F0F5755EA491
  Properties.filedate=1329933531
  Properties.filedatetext=2012-02-22 18:58:50

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-191-homad.swf\sptv-shared.sol
  Properties.size=48
  Properties.md5=1DF3472C491EF825C1FF698E11A5E07B
  Properties.filedate=1335467034
  Properties.filedatetext=2012-04-26 20:03:54

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-198-homad.swf\sptv-shared.sol
  Properties.size=61
  Properties.md5=B3985DBECBF26E3DC79CB6D8834F7873
  Properties.filedate=1337266572
  Properties.filedatetext=2012-05-17 15:56:11

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-218-homad.swf\sptv-shared.sol
  Properties.size=49
  Properties.md5=5BA29E9EEB0660F7B623ED15EB72B7B6
  Properties.filedate=1346098119
  Properties.filedatetext=2012-08-27 21:08:39

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-96.swf\sptv-shared.sol
  Properties.size=47
  Properties.md5=0CEE0741B9834B881D5B92E20FBD7919
  Properties.filedate=1318517993
  Properties.filedatetext=2011-10-13 15:59:52

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\rapidgator.net\storage.swf\dp.sol
  Properties.size=107
  Properties.md5=74AA36BCFED87638A52FC7431E9341BB
  Properties.filedate=1335466815
  Properties.filedatetext=2012-04-26 20:00:15

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\track.webgains.com\wg.swf\1425.sol
  Properties.size=310
  Properties.md5=E14022A099B587F85C883CA4AEAE04CF
  Properties.filedate=1348948546
  Properties.filedatetext=2012-09-29 20:55:46

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol
  Properties.size=94
  Properties.md5=A5B71A46809D655E111DEAE472E3BFFA
  Properties.filedate=1317064333
  Properties.filedatetext=2011-09-26 20:12:13

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.clipfish.de\videoplayer.swf\ClipfishVideoPlayer.sol
  Properties.size=78
  Properties.md5=EB9889D6828341A8F1C5E25D51479B1A
  Properties.filedate=1325341894
  Properties.filedatetext=2011-12-31 15:31:33

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\embed-20120228.swf\tapeTvStats.sol
  Properties.size=94
  Properties.md5=55F4034E615132D62D0A1E3C5716D2C9
  Properties.filedate=1336215100
  Properties.filedatetext=2012-05-05 11:51:39

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\embed-20120803.swf\tapeTvStats.sol
  Properties.size=94
  Properties.md5=C12BFA770EBB36F3553C6C1B9FF00391
  Properties.filedate=1348577245
  Properties.filedatetext=2012-09-25 13:47:24

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20111219.swf\tapeTvStats.sol
  Properties.size=94
  Properties.md5=C12BFA770EBB36F3553C6C1B9FF00391
  Properties.filedate=1326040481
  Properties.filedatetext=2012-01-08 17:34:40

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120118.swf\tapeTvSound.sol
  Properties.size=56
  Properties.md5=80C00E3289BF30AB9BBF7AFFB1545308
  Properties.filedate=1329685159
  Properties.filedatetext=2012-02-19 21:59:18

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120118.swf\tapeTvStats.sol
  Properties.size=94
  Properties.md5=55F4034E615132D62D0A1E3C5716D2C9
  Properties.filedate=1329684900
  Properties.filedatetext=2012-02-19 21:55:00

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120228.swf\tapeTvStats.sol
  Properties.size=94
  Properties.md5=E300151CE20D5B32CD4D7F3F65DB606B
  Properties.filedate=1339238981
  Properties.filedatetext=2012-06-09 11:49:40

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.wolfgangthust.net\website.swf\volumeStatus.sol
  Properties.size=44
  Properties.md5=21EEC96950F847E2CA0A351073098CAC
  Properties.filedate=1325670230
  Properties.filedatetext=2012-01-04 10:43:50

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a248.e.akamai.net\swf.soundcloud.com\player.swf\SCPlayer.sol
  Properties.size=72
  Properties.md5=6C5BF01FB3DEBF9B1ADA2B4A6EAD7ED0
  Properties.filedate=1349973591
  Properties.filedatetext=2012-10-11 17:39:51

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\babystrology.com\tickers\baby-ticker-glass.swf\babyCounterState.sol
  Properties.size=62
  Properties.md5=7F144997F841EE5FE2CB70BD5BAD7416
  Properties.filedate=1321272292
  Properties.filedatetext=2011-11-14 13:04:51

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\bilder.rtl.de\flash\david09_player.swf\rtl.sol
  Properties.size=35
  Properties.md5=F240BC8ED3BD00819E900DB730F278F4
  Properties.filedate=1319489595
  Properties.filedatetext=2011-10-24 21:53:15

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\bilder.rtl.de\flash\david09_player.swf\userinfo6.sol
  Properties.size=51
  Properties.md5=F866E0C8D6F02E1676850739D8C36DE0
  Properties.filedate=1327389165
  Properties.filedatetext=2012-01-24 08:12:45

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\embedV2-13392.swf\tapeTvStats.sol
  Properties.size=94
  Properties.md5=6B44D1F3FE34DF5BE019F0798C16AE2C
  Properties.filedate=1352317199
  Properties.filedatetext=2012-11-07 20:39:59

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13326.swf\tapeAdblockerCheckC.sol
  Properties.size=68
  Properties.md5=F8A714DF40786CF5CE7BDEF79D0BF845
  Properties.filedate=1351343651
  Properties.filedatetext=2012-10-27 14:14:11

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13326.swf\tapeTvStats.sol
  Properties.size=94
  Properties.md5=6B44D1F3FE34DF5BE019F0798C16AE2C
  Properties.filedate=1351343655
  Properties.filedatetext=2012-10-27 14:14:14

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13862.swf\tapeAdblockerCheckC.sol
  Properties.size=68
  Properties.md5=EA89A75B93DC3C4278E523D5F13354EE
  Properties.filedate=1355666604
  Properties.filedatetext=2012-12-16 15:03:24

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13862.swf\tapeTvStats.sol
  Properties.size=94
  Properties.md5=55F4034E615132D62D0A1E3C5716D2C9
  Properties.filedate=1355666634
  Properties.filedatetext=2012-12-16 15:03:54

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.livestream.com\grid\LSPlayer.swf\PlayerCookie.sol
  Properties.size=44
  Properties.md5=B6F9A54DA5326B4E5C6F86EBF2E2DA74
  Properties.filedate=1325536862
  Properties.filedatetext=2012-01-02 21:41:02

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\embed.wistia.com\flash\embed_player_v2.0.swf\settings.sol
  Properties.size=141
  Properties.md5=EFC98BCC47FA941D1E46B371219D5946
  Properties.filedate=1339447779
  Properties.filedatetext=2012-06-11 21:49:38

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lads.myspace.com\videos\MSVideoPlayer.swf\preferences.sol
  Properties.size=160
  Properties.md5=74E3FD2180741DDB07B3C54F09EC79BB
  Properties.filedate=1333654774
  Properties.filedatetext=2012-04-05 20:39:33

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lads.myspace.com\videos\vplayer.swf\preferences.sol
  Properties.size=153
  Properties.md5=FBAE814E469BB2B155236A0125759F2E
  Properties.filedate=1343587162
  Properties.filedatetext=2012-07-29 19:39:22

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mojnet.com\player\player_v4.swf\mojvideoPlayer.sol
  Properties.size=70
  Properties.md5=ABD8D7C0EF69E1C7EC05907530AD921A
  Properties.filedate=1325092264
  Properties.filedatetext=2011-12-28 18:11:03

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\standard.webfreetv.com\videos\derstandard.swf\webfreetv.sol
  Properties.size=45
  Properties.md5=3E789EF84ABA619335225F6DE731DFE5
  Properties.filedate=1348930180
  Properties.filedatetext=2012-09-29 15:49:39

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\streami.tv\fp\flowplayer.commercial-3.2.15.swf\org.flowplayer.sol
  Properties.size=60
  Properties.md5=9153E20A5722A50577265DCD47CA5C43
  Properties.filedate=1351019828
  Properties.filedatetext=2012-10-23 20:17:07

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\tv.sport1.de\player\sport1player10228.swf\akamaiflashplayer.sol
  Properties.size=49
  Properties.md5=B58EEB979917ADB702A5977D35861453
  Properties.filedate=1326030459
  Properties.filedatetext=2012-01-08 14:47:38

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\twitter.com\flash\twitter_badge.swf\OdeoPodcastPlayerColors.sol
  Properties.size=64
  Properties.md5=65627E809506705BDA290746E3B89EFC
  Properties.filedate=1351531442
  Properties.filedatetext=2012-10-29 18:24:02

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.divshare.com\flash\audio_embed\divShareAudioPlayer_v3.sol
  Properties.size=61
  Properties.md5=CBA7357087B27AD0B45BADB6BE95DED6
  Properties.filedate=1331410687
  Properties.filedatetext=2012-03-10 21:18:06

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.ersties.com\flowplayer\flowplayer.commercial-3.2.5.swf\org.flowplayer.sol
  Properties.size=60
  Properties.md5=180B425B659ECE264684E4F035E572BF
  Properties.filedate=1337029522
  Properties.filedatetext=2012-05-14 22:05:21

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.musicline.de\player_flash_banner\player.swf\userPrefs.sol
  Properties.size=54
  Properties.md5=0A09874BC558DC13F12F90FB3DFE49FC
  Properties.filedate=1349974087
  Properties.filedatetext=2012-10-11 17:48:06

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.trinkgut.de\handzettel\geniesser.swf\megazine3.sol
  Properties.size=76
  Properties.md5=738F8794A836559017AB904832F5063F
  Properties.filedate=1348504419
  Properties.filedatetext=2012-09-24 17:33:38

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.unsigned.com\swf\base_player_new_mp_narrow.swf\TestMovie_Config_Info.sol
  Properties.size=341
  Properties.md5=BF789E25C85AA3A0621A8C653BC448E5
  Properties.filedate=1317836690
  Properties.filedatetext=2011-10-05 18:44:49

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.youtubeunblocker.org\plugins\flowplayer-3.2.0.swf\org.flowplayer.sol
  Properties.size=60
  Properties.md5=180B425B659ECE264684E4F035E572BF
  Properties.filedate=1335133519
  Properties.filedatetext=2012-04-22 23:25:18

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
  

FastClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
  

Zedo: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
  

Right Media: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): ***) (Browser: Cookie, nothing done)
  

Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: *** (default)) (Browser: Cookie, nothing done)
  

Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: *** (default)) (Browser: Cookie, nothing done)
  

Statcounter: [SBI $8E73A7FB] Tracking cookie (Firefox: *** (default)) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Firefox: *** (default)) (Browser: Cookie, nothing done)
  

WebTrends live: [SBI $8E73A7FB] Tracking cookie (Firefox: *** (default)) (Browser: Cookie, nothing done)
  

Log: [SBI $8E73A7FB]  Install: comsetup.log (File, nothing done)
  C:\Windows\comsetup.log
  Properties.size=6167
  Properties.md5=C93454C2F19E7A4271AC99F7025F2E4A
  Properties.filedate=1268754465
  Properties.filedatetext=2010-03-16 16:47:44

Log: [SBI $8E73A7FB]  Install: Directx.log (File, nothing done)
  C:\Windows\Directx.log
  Properties.size=82751
  Properties.md5=988315F17EC67A995A397239551AEF96
  Properties.filedate=1289229850
  Properties.filedatetext=2010-11-08 16:24:10

Log: [SBI $8E73A7FB]  Install: setupact.log (File, nothing done)
  C:\Windows\setupact.log
  Properties.size=91640129
  Properties.md5=DFB4828A15E50FDAF65536C3C3E5E3EB
  Properties.filedate=1355686433
  Properties.filedatetext=2012-12-16 20:33:52

Log: [SBI $8E73A7FB]  Install: DtcInstall.log (File, nothing done)
  C:\Windows\DtcInstall.log
  Properties.size=4141
  Properties.md5=0224BE350CEA6CA4734B2278A293CE63
  Properties.filedate=1268754332
  Properties.filedatetext=2010-03-16 16:45:32

Gabest Media Player Classic: [SBI $E81D76E1] Last captured file (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Capture\FileName

Gabest Media Player Classic: [SBI $A8B11633] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Recent File List

Gabest Media Player Classic: [SBI $82DC324C] Recent dub list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Recent Dub List

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $787DC1A1] Open with list - .001 extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList

Windows.OpenWith: [SBI $09B2DC6B] Open with list - .002 extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList

Windows.OpenWith: [SBI $26F7D72D] Open with list - .003 extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList

Windows.OpenWith: [SBI $EA2CE7FF] Open with list - .004 extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.004\OpenWithList

Windows.OpenWith: [SBI $C569ECB9] Open with list - .005 extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList

Windows.OpenWith: [SBI $B4A6F173] Open with list - .006 extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $9130BCC8] Open with list - .AVS extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVS\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows.OpenWith: [SBI $F34FE1D0] Open with list - .CUE extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\ArcHistory

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\General\LastFolder

WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\DialogEditHistory\ExtrPath

Cookie: [SBI $49804B54] Browser: Cookie (130) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (1693) (Browser: Cache, nothing done)
  

Verlauf: [SBI $49804B54] Browser: History (544) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (3273) (Browser: Cookie, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2012-12-16 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
         
__________________

Alt 21.12.2012, 16:29   #4
s_V
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



und noch eins, "SDCleaner.txt". Das andere war das vom Check.

Code:
ATTFilter
[i] 2012-12-16 21:15:54 : 
[i] 2012-12-16 21:15:54 Processing: 121216-204405.xml
[i] 2012-12-16 21:15:54 : 
[i] 2012-12-16 21:15:54 Product: Macromedia.FlashPlayer.Cookies
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\31.7.62.214\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\46.19.143.122\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.blip.tv\  com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.blip.tv\  neighborLoadingStart.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a.vimeocdn.com\  com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a248.e.akamai.net\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\admin.brightcove.com\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\api.zippyshare.com\  zippyShare.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\assets.mixpod.com\  com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cache.reverbnation.com\  com.reverbnation.prowidgets.player.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cache.spreadshirt.net\  sprd_c7_264433.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.complexmedianetwork.com\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.pitchfork.com\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\  com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\  configData.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\  sessionData.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.visiblemeasures.com\  userData.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.widgetserver.com\  wbx_cookie.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ch.mediaplanet.streamingbolaget.se\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\chatango.com\  fixed_id.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\chatango.com\  mini_login.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\core.mochibot.com\  com.mochibot.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\d2ciznq2rtdp7k.cloudfront.net\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\d2ciznq2rtdp7k.cloudfront.net\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\download.liveweb.arte.tv\  arteLiveWebVolume.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\edge.liveleak.com\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\effectivemeasure.net\  EM_APP.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\einestages.spiegel.de\  BandwidthCache.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\  com.jeroenwijerin.players.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\files.leton.tv\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\franznicolay.com\  sound.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\freebirdgames.com\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\g-ecx.images-amazon.com\  AlbumSampler.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\gp1.wac.edgecastcdn.net\  com.reverbnation.prowidgets.player.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ia.media-imdb.com\  IMDBTEST.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\images-na.ssl-images-amazon.com\  mercury.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\images.allocine.fr\  AcV_Config.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\img.ofdb.de\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\inwmedia.net\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\is3.myvideo.de\  com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\is5.myvideo.de\  com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\kiks.yandex.ru\  fuid01.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lds.megom.tv\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\live.castamp.com\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\localhost\  FLVPlayerdata.Settings.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\  com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\  com.mtvnservices.media.as3player.model.user.SavedPreferencesVO.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\  com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\  MetadataHistory.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\  OVPMetricsProvider.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\  playerCounter.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media.mtvnservices.com\  userPrefs4.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\media1.break.com\  break.com.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mochiads.com\  com.mochiads.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mochiads.com\  services.mochiads.com.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\  omnitureSampleId.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\  playerV2.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\  s_br.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\msnbcmedia.msn.com\  varo_varoDefault.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\nimg.joyclub.de\  fupvid.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\p1.soundcloud.com\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\play.sawlive.tv\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\  auth.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\  auth2.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\player.ooyala.com\  perf.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\pub.widgetbox.com\  wbx_cookie.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\reverbnation.com\  com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\reverbnation.com\  ReverbNationAllowSpace.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s-static.ak.fbcdn.net\  www.myspace.com.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.mcstatic.com\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.mcstatic.com\  vpPrefs.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\  restore.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\  soundData.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\  subtitlesModuleData.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\s.ytimg.com\  videostats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\  _ggCvar.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\  _ggCvar_temp.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-uk.imrworldwide.com\  _ggMCvar_1.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\  _ggCvar.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\  _ggCvar_temp.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secure-us.imrworldwide.com\  _ggMCvar_1.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secureinclude.ebaystatic.com\  ebayLSO.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\secureinclude.ebaystatic.com\  ebayT.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ssl.hurra.com\  restore.hurra.com.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static-cdn1.ustream.tv\  com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static-cdn1.ustream.tv\  flash.viewer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.castalba.tv\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.issuu.com\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.issuu.com\  com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.vipi.tv\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.wix.com\  WixComputerID.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static.youku.com\  YOUKU_FSO_PROXY.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static1.4players.de\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static1.dmcdn.net\  com.dm.player.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static2.4players.de\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\static2.4players.de\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\streami.tv\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video.google.com\  videostats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video3.hidemyass.com\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\village-plingaplay.s3.amazonaws.com\  de-DE_netlog_psgn16191599_zoomlevel_key.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\village-plingaplay.s3.amazonaws.com\  TestFile.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\web.de\  PF_LSOConnector.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.007stream.com\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.arte.tv\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.bangbus.com\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.channel4.com\  channel4.com.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.chilloutzone.net\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.chilloutzone.net\  chill.videoplayer.models.UserSettingsModel.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.do1.tv\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.hardwareclips.com\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.hofer.at\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.launchlive.tv\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.mixcloud.com\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.ofdb.de\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\  IxoSO.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\  paypalLSO.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.paypalobjects.com\  ppLsoTest.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.playlist.com\  ppl6.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.plimus.com\  plimus_user_data.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\  acudeoSession.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\  com.quantserve.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.reuters.com\  SS_ARE_Override.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.sadistic.pl\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.spiegel.de\  BandwidthCache.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.spiegel.de\  spon_fussball.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.streamiton.tv\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.streamiton.tv\  com.jeroenwijering.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.super8-movie.com\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\  OVPMetricsProvider.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.vuvox.com\  analytics.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.zdf.de\  com.conviva.livePass.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\  megaservicesuser.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\  megavideoads.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\  megavideouser.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\wwwstatic.megavideo.com\  usersettings.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\x.myspacecdn.com\  SpaceMusic.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\aa.online-metrix.net\fpc.swf\  session.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cheshire.cat.xmlrequest.info\homepage.swf\  1166483_0_en.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\dl.edge-cdn.net\#sParkFolder\  ID.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\videoplayer.swf\  dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\videoplayer3.swf\  dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xembed5.swf\  dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer.swf\  dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer2.swf\  dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\eu-st.xhamster.com\xhplayer3.swf\  dat.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\ftp.banners-service.info\scroller.swf\  1162251_0_en.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\grooveshark.com\facebookWidget.swf\  gsGlobal.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\grooveshark.com\widget.swf\  gsGlobal.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\p1.soundcloud.com\player.swf\  SCPlayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-126-homad.swf\  sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-165-homad.swf\  sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-191-homad.swf\  sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-198-homad.swf\  sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-218-homad.swf\  sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\prod-static.spiegel.tv\frontend-96.swf\  sptv-shared.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\rapidgator.net\storage.swf\  dp.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\track.webgains.com\wg.swf\  1425.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\video.google.com\googleplayer.swf\  mediaPlayerUserSettings.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.clipfish.de\videoplayer.swf\  ClipfishVideoPlayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\embed-20120228.swf\  tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\embed-20120803.swf\  tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20111219.swf\  tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120118.swf\  tapeTvSound.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120118.swf\  tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.tape.tv\main-20120228.swf\  tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.wolfgangthust.net\website.swf\  volumeStatus.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\a248.e.akamai.net\swf.soundcloud.com\player.swf\  SCPlayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\babystrology.com\tickers\baby-ticker-glass.swf\  babyCounterState.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\bilder.rtl.de\flash\david09_player.swf\  rtl.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\bilder.rtl.de\flash\david09_player.swf\  userinfo6.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\embedV2-13392.swf\  tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13326.swf\  tapeAdblockerCheckC.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13326.swf\  tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13862.swf\  tapeAdblockerCheckC.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cachinga.tape.tv\static\main-13862.swf\  tapeTvStats.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\cdn.livestream.com\grid\LSPlayer.swf\  PlayerCookie.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\embed.wistia.com\flash\embed_player_v2.0.swf\  settings.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lads.myspace.com\videos\MSVideoPlayer.swf\  preferences.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\lads.myspace.com\videos\vplayer.swf\  preferences.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\mojnet.com\player\player_v4.swf\  mojvideoPlayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\standard.webfreetv.com\videos\derstandard.swf\  webfreetv.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\streami.tv\fp\flowplayer.commercial-3.2.15.swf\  org.flowplayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\tv.sport1.de\player\sport1player10228.swf\  akamaiflashplayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\twitter.com\flash\twitter_badge.swf\  OdeoPodcastPlayerColors.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.divshare.com\flash\audio_embed\  divShareAudioPlayer_v3.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.ersties.com\flowplayer\flowplayer.commercial-3.2.5.swf\  org.flowplayer.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.musicline.de\player_flash_banner\player.swf\  userPrefs.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.trinkgut.de\handzettel\geniesser.swf\  megazine3.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.unsigned.com\swf\base_player_new_mp_narrow.swf\  TestMovie_Config_Info.sol
[i] 2012-12-16 21:15:54 Already cleaned: C:\Users\****\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RXNU45LT\www.youtubeunblocker.org\plugins\flowplayer-3.2.0.swf\  org.flowplayer.sol
[i] 2012-12-16 21:15:54 : 
[i] 2012-12-16 21:15:54 Product: MediaPlex
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****)  Cookie:****@apmebf.com/ ()
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****)  Cookie:****@mediaplex.com/ ()
[i] 2012-12-16 21:15:54 : 
[i] 2012-12-16 21:15:54 Product: DoubleClick
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****)  Cookie:****@doubleclick.net/ ()
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Firefox: **** (default))  .doubleclick.net/ (id)
[i] 2012-12-16 21:15:54 : 
[i] 2012-12-16 21:15:54 Product: FastClick
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****)  Cookie:****@fastclick.net/ ()
[i] 2012-12-16 21:15:54 : 
[i] 2012-12-16 21:15:54 Product: Zedo
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****)  Cookie:****@zedo.com/ ()
[i] 2012-12-16 21:15:54 : 
[i] 2012-12-16 21:15:54 Product: Right Media
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Internet Explorer (Benutzer): ****)  Cookie:****@ad.yieldmanager.com/ ()
[i] 2012-12-16 21:15:54 : 
[i] 2012-12-16 21:15:54 Product: Statcounter
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Firefox: **** (default))  .statcounter.com/ (is_unique_2)
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Firefox: **** (default))  .statcounter.com/ (is_unique_1)
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Firefox: **** (default))  .statcounter.com/ (is_unique)
[i] 2012-12-16 21:15:54 : 
[i] 2012-12-16 21:15:54 Product: WebTrends live
[i] 2012-12-16 21:15:54 Already cleaned: Cookie (Firefox: **** (default))  statse.webtrendslive.com/ (ACOOKIE)
[i] 2012-12-16 21:15:54 : 
[i] 2012-12-16 21:15:54 Product: Log
[+] 2012-12-16 21:15:54 Moving into quarantine: C:\Windows\  comsetup.log
[+] 2012-12-16 21:15:54 Moving into quarantine: C:\Windows\  Directx.log
[+] 2012-12-16 21:15:54 Moving into quarantine: C:\Windows\  setupact.log
[+] 2012-12-16 21:15:54 Moving into quarantine: C:\Windows\  DtcInstall.log
[+] 2012-12-16 21:15:56 Successfully cleaned: C:\Windows\  comsetup.log
[+] 2012-12-16 21:15:56 Successfully cleaned: C:\Windows\  Directx.log
[+] 2012-12-16 21:15:56 Successfully cleaned: C:\Windows\  setupact.log
[+] 2012-12-16 21:15:56 Successfully cleaned: C:\Windows\  DtcInstall.log
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: Gabest Media Player Classic
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Capture\  FileName
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Recent File List  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Gabest\Media Player Classic\Recent Dub List  
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: Internet Explorer
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Internet Explorer\TypedURLs  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\  User Agent
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: MS Management Console
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Microsoft Management Console\Recent File List  
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: MS Media Player
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\MediaPlayer\Player\Settings\  Client ID
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: MS Direct3D
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\  Name
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: MS DirectDraw
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\  Name
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: MS DirectInput
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\DirectInput\MostRecentApplication\  Name
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\DirectInput\MostRecentApplication\  Id
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: MS Paint
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List  
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: MS Wordpad
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List  
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: Windows
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\  Installation Sources
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\  Installation Sources
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: Windows.OpenWith
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.003\OpenWithList  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.004\OpenWithList  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.005\OpenWithList  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVS\OpenWithList  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList  
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: Windows Explorer
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU  
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: Windows Media SDK
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\  ComputerName
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\  UniqueID
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows Media\WMSDK\General\  VolumeSerialNumber
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: WinRAR
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\ArcHistory  
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\General\  LastFolder
[i] 2012-12-16 21:15:56 Already cleaned: HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\Software\WinRAR\DialogEditHistory\ExtrPath  
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: Cookie
[i] 2012-12-16 21:15:56 Already cleaned: Internet Explorer (Benutzer) (****)  Cookies
[i] 2012-12-16 21:15:56 Already cleaned: Firefox (**** (default))  Cookies
[i] 2012-12-16 21:15:56 Already cleaned: Thunderbird (**** (default))  Cookies
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: Cache
[i] 2012-12-16 21:15:56 Already cleaned: Internet Explorer (Benutzer) (****)  Cache
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Product: Verlauf
[i] 2012-12-16 21:15:56 Already cleaned: Internet Explorer (Benutzer) (****)  History
[i] 2012-12-16 21:15:56 : 
[i] 2012-12-16 21:15:56 Summary: 
[i] 2012-12-16 21:15:56 Errors while cleaning: 0
[i] 2012-12-16 21:15:56 Files moved into quarantine: 4
[i] 2012-12-16 21:15:56 Files successfully cleaned: 250
[+] 2012-12-16 21:15:57 : Gratulation, alles (aus Datei 121216-204405.xml) wurde gelöscht.
         

Alt 22.12.2012, 19:13   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Spybot ist weitgehend wirkungslos, du kannst es ruhigen Gewissens deinstallieren.

Poste bitte auch alle Logs von Malwarebytes auch wenn keine Funde dabei waren.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.12.2012, 22:16   #6
s_V
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Ich hatte im Juni den Lameshield-Trojaner:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.26.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: **** [Administrator]

26.06.2012 11:47:30
mbam-log-2012-06-26 (11-47-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 396530
Laufzeit: 1 Stunde(n), 32 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\****\AppData\Local\cgoyjkry.exe (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Und hier das Log von Dezember, ohne Funde:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.14.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: **** [Administrator]

16.12.2012 21:20:49
mbam-log-2012-12-16 (21-20-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410824
Laufzeit: 2 Stunde(n), 5 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 22.12.2012, 22:16   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.12.2012, 22:34   #8
s_V
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Code:
ATTFilter
23:26:42.0208 2732  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:26:42.0224 2732  ============================================================
23:26:42.0224 2732  Current date / time: 2012/12/22 23:26:42.0224
23:26:42.0224 2732  SystemInfo:
23:26:42.0224 2732  
23:26:42.0224 2732  OS Version: 6.1.7601 ServicePack: 1.0
23:26:42.0224 2732  Product type: Workstation
23:26:42.0224 2732  ComputerName: ****
23:26:42.0224 2732  UserName: ****
23:26:42.0224 2732  Windows directory: C:\Windows
23:26:42.0224 2732  System windows directory: C:\Windows
23:26:42.0224 2732  Running under WOW64
23:26:42.0224 2732  Processor architecture: Intel x64
23:26:42.0224 2732  Number of processors: 2
23:26:42.0224 2732  Page size: 0x1000
23:26:42.0224 2732  Boot type: Normal boot
23:26:42.0224 2732  ============================================================
23:26:43.0628 2732  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:26:43.0628 2732  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:26:44.0111 2732  ============================================================
23:26:44.0111 2732  \Device\Harddisk0\DR0:
23:26:44.0111 2732  MBR partitions:
23:26:44.0111 2732  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:26:44.0111 2732  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
23:26:44.0111 2732  \Device\Harddisk1\DR1:
23:26:44.0111 2732  MBR partitions:
23:26:44.0111 2732  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
23:26:44.0111 2732  ============================================================
23:26:44.0111 2732  Initialize success
23:26:44.0111 2732  ============================================================
23:27:14.0859 3528  ============================================================
23:27:14.0859 3528  Scan started
23:27:14.0859 3528  Mode: Manual; SigCheck; TDLFS; 
23:27:14.0859 3528  ============================================================
23:27:14.0875 3528  ================ Scan system memory ========================
23:27:14.0875 3528  System memory - ok
23:27:14.0875 3528  ================ Scan services =============================
23:27:14.0921 3528  1394ohci - ok
23:27:14.0953 3528  acedrv11 - ok
23:27:14.0968 3528  ACPI - ok
23:27:14.0968 3528  AcpiPmi - ok
23:27:14.0999 3528  AdobeFlashPlayerUpdateSvc - ok
23:27:15.0015 3528  adp94xx - ok
23:27:15.0031 3528  adpahci - ok
23:27:15.0031 3528  adpu320 - ok
23:27:15.0062 3528  AeLookupSvc - ok
23:27:15.0077 3528  AFD - ok
23:27:15.0109 3528  agp440 - ok
23:27:15.0124 3528  ALG - ok
23:27:15.0140 3528  aliide - ok
23:27:15.0155 3528  AMD External Events Utility - ok
23:27:15.0171 3528  amdide - ok
23:27:15.0187 3528  AmdK8 - ok
23:27:15.0202 3528  amdkmdag - ok
23:27:15.0218 3528  amdkmdap - ok
23:27:15.0233 3528  AmdPPM - ok
23:27:15.0249 3528  amdsata - ok
23:27:15.0265 3528  amdsbs - ok
23:27:15.0280 3528  amdxata - ok
23:27:15.0280 3528  AntiVirSchedulerService - ok
23:27:15.0296 3528  AntiVirService - ok
23:27:15.0311 3528  AppID - ok
23:27:15.0327 3528  AppIDSvc - ok
23:27:15.0343 3528  Appinfo - ok
23:27:15.0358 3528  arc - ok
23:27:15.0358 3528  arcsas - ok
23:27:15.0374 3528  AsIO - ok
23:27:15.0389 3528  AsyncMac - ok
23:27:15.0405 3528  atapi - ok
23:27:15.0421 3528  atikmdag - ok
23:27:15.0436 3528  AtiPcie - ok
23:27:15.0452 3528  atksgt - ok
23:27:15.0452 3528  AudioEndpointBuilder - ok
23:27:15.0467 3528  AudioSrv - ok
23:27:15.0483 3528  avgntflt - ok
23:27:15.0499 3528  avipbb - ok
23:27:15.0514 3528  avkmgr - ok
23:27:15.0530 3528  AxInstSV - ok
23:27:15.0545 3528  b06bdrv - ok
23:27:15.0545 3528  b57nd60a - ok
23:27:15.0577 3528  BDESVC - ok
23:27:15.0577 3528  Beep - ok
23:27:15.0592 3528  BFE - ok
23:27:15.0608 3528  BITS - ok
23:27:15.0623 3528  blbdrive - ok
23:27:15.0639 3528  bowser - ok
23:27:15.0639 3528  BrFiltLo - ok
23:27:15.0655 3528  BrFiltUp - ok
23:27:15.0655 3528  Browser - ok
23:27:15.0670 3528  Brserid - ok
23:27:15.0686 3528  BrSerWdm - ok
23:27:15.0701 3528  BrUsbMdm - ok
23:27:15.0717 3528  BrUsbSer - ok
23:27:15.0733 3528  BTHMODEM - ok
23:27:15.0748 3528  bthserv - ok
23:27:15.0748 3528  cdfs - ok
23:27:15.0764 3528  cdrom - ok
23:27:15.0779 3528  CertPropSvc - ok
23:27:15.0795 3528  circlass - ok
23:27:15.0795 3528  CLFS - ok
23:27:15.0811 3528  clr_optimization_v2.0.50727_32 - ok
23:27:15.0826 3528  clr_optimization_v2.0.50727_64 - ok
23:27:15.0842 3528  clr_optimization_v4.0.30319_32 - ok
23:27:15.0857 3528  clr_optimization_v4.0.30319_64 - ok
23:27:15.0857 3528  CmBatt - ok
23:27:15.0873 3528  cmdide - ok
23:27:15.0889 3528  CNG - ok
23:27:15.0904 3528  Compbatt - ok
23:27:15.0904 3528  CompositeBus - ok
23:27:15.0920 3528  COMSysApp - ok
23:27:15.0935 3528  crcdisk - ok
23:27:15.0951 3528  CryptSvc - ok
23:27:15.0967 3528  DcomLaunch - ok
23:27:15.0982 3528  defragsvc - ok
23:27:15.0998 3528  DfsC - ok
23:27:15.0998 3528  Dhcp - ok
23:27:16.0013 3528  discache - ok
23:27:16.0029 3528  Disk - ok
23:27:16.0045 3528  Dnscache - ok
23:27:16.0045 3528  dot3svc - ok
23:27:16.0060 3528  DPS - ok
23:27:16.0076 3528  drmkaud - ok
23:27:16.0076 3528  DXGKrnl - ok
23:27:16.0091 3528  EapHost - ok
23:27:16.0107 3528  ebdrv - ok
23:27:16.0123 3528  EFS - ok
23:27:16.0123 3528  ehRecvr - ok
23:27:16.0138 3528  ehSched - ok
23:27:16.0154 3528  elxstor - ok
23:27:16.0169 3528  ErrDev - ok
23:27:16.0185 3528  EventSystem - ok
23:27:16.0201 3528  exfat - ok
23:27:16.0201 3528  fastfat - ok
23:27:16.0216 3528  Fax - ok
23:27:16.0232 3528  fdc - ok
23:27:16.0247 3528  fdPHost - ok
23:27:16.0263 3528  FDResPub - ok
23:27:16.0279 3528  FileInfo - ok
23:27:16.0294 3528  Filetrace - ok
23:27:16.0310 3528  flpydisk - ok
23:27:16.0325 3528  FltMgr - ok
23:27:16.0341 3528  FontCache - ok
23:27:16.0357 3528  FontCache3.0.0.0 - ok
23:27:16.0372 3528  FsDepends - ok
23:27:16.0388 3528  Fs_Rec - ok
23:27:16.0403 3528  fvevol - ok
23:27:16.0419 3528  gagp30kx - ok
23:27:16.0435 3528  gpsvc - ok
23:27:16.0466 3528  gupdate - ok
23:27:16.0466 3528  gupdatem - ok
23:27:16.0481 3528  hcw85cir - ok
23:27:16.0497 3528  HdAudAddService - ok
23:27:16.0513 3528  HDAudBus - ok
23:27:16.0513 3528  HidBatt - ok
23:27:16.0528 3528  HidBth - ok
23:27:16.0544 3528  HidIr - ok
23:27:16.0544 3528  hidserv - ok
23:27:16.0559 3528  HidUsb - ok
23:27:16.0575 3528  hkmsvc - ok
23:27:16.0591 3528  HomeGroupListener - ok
23:27:16.0591 3528  HomeGroupProvider - ok
23:27:16.0606 3528  HpSAMD - ok
23:27:16.0622 3528  HTTP - ok
23:27:16.0637 3528  hwpolicy - ok
23:27:16.0637 3528  i8042prt - ok
23:27:16.0653 3528  iaStorV - ok
23:27:16.0669 3528  idsvc - ok
23:27:16.0684 3528  iirsp - ok
23:27:16.0684 3528  IKEEXT - ok
23:27:16.0715 3528  intelide - ok
23:27:16.0715 3528  intelppm - ok
23:27:16.0731 3528  IPBusEnum - ok
23:27:16.0747 3528  IpFilterDriver - ok
23:27:16.0747 3528  iphlpsvc - ok
23:27:16.0762 3528  IPMIDRV - ok
23:27:16.0778 3528  IPNAT - ok
23:27:16.0793 3528  IRENUM - ok
23:27:16.0793 3528  isapnp - ok
23:27:16.0809 3528  iScsiPrt - ok
23:27:16.0825 3528  kbdclass - ok
23:27:16.0840 3528  kbdhid - ok
23:27:16.0840 3528  KeyIso - ok
23:27:16.0856 3528  KSecDD - ok
23:27:16.0871 3528  KSecPkg - ok
23:27:16.0871 3528  ksthunk - ok
23:27:16.0887 3528  KtmRm - ok
23:27:16.0903 3528  LanmanServer - ok
23:27:16.0934 3528  LanmanWorkstation - ok
23:27:16.0949 3528  lirsgt - ok
23:27:16.0965 3528  lltdio - ok
23:27:16.0981 3528  lltdsvc - ok
23:27:16.0996 3528  lmhosts - ok
23:27:17.0012 3528  LSI_FC - ok
23:27:17.0027 3528  LSI_SAS - ok
23:27:17.0027 3528  LSI_SAS2 - ok
23:27:17.0043 3528  LSI_SCSI - ok
23:27:17.0059 3528  luafv - ok
23:27:17.0074 3528  McComponentHostService - ok
23:27:17.0090 3528  Mcx2Svc - ok
23:27:17.0105 3528  megasas - ok
23:27:17.0105 3528  MegaSR - ok
23:27:17.0121 3528  MMCSS - ok
23:27:17.0137 3528  Modem - ok
23:27:17.0152 3528  monitor - ok
23:27:17.0152 3528  mouclass - ok
23:27:17.0168 3528  mouhid - ok
23:27:17.0183 3528  mountmgr - ok
23:27:17.0199 3528  MozillaMaintenance - ok
23:27:17.0215 3528  mpio - ok
23:27:17.0215 3528  mpsdrv - ok
23:27:17.0230 3528  MpsSvc - ok
23:27:17.0246 3528  MRxDAV - ok
23:27:17.0246 3528  mrxsmb - ok
23:27:17.0261 3528  mrxsmb10 - ok
23:27:17.0277 3528  mrxsmb20 - ok
23:27:17.0293 3528  msahci - ok
23:27:17.0293 3528  msdsm - ok
23:27:17.0308 3528  MSDTC - ok
23:27:17.0339 3528  Msfs - ok
23:27:17.0339 3528  mshidkmdf - ok
23:27:17.0355 3528  msisadrv - ok
23:27:17.0371 3528  MSiSCSI - ok
23:27:17.0386 3528  msiserver - ok
23:27:17.0402 3528  MSKSSRV - ok
23:27:17.0402 3528  MSPCLOCK - ok
23:27:17.0417 3528  MSPQM - ok
23:27:17.0433 3528  MsRPC - ok
23:27:17.0449 3528  mssmbios - ok
23:27:17.0464 3528  MSTEE - ok
23:27:17.0480 3528  MTConfig - ok
23:27:17.0495 3528  MTsensor - ok
23:27:17.0511 3528  Mup - ok
23:27:17.0527 3528  napagent - ok
23:27:17.0542 3528  NativeWifiP - ok
23:27:17.0558 3528  NDIS - ok
23:27:17.0589 3528  NdisCap - ok
23:27:17.0589 3528  NdisTapi - ok
23:27:17.0620 3528  Ndisuio - ok
23:27:17.0620 3528  NdisWan - ok
23:27:17.0636 3528  NDProxy - ok
23:27:17.0651 3528  NetBIOS - ok
23:27:17.0667 3528  NetBT - ok
23:27:17.0667 3528  Netlogon - ok
23:27:17.0683 3528  Netman - ok
23:27:17.0698 3528  netprofm - ok
23:27:17.0714 3528  NetTcpPortSharing - ok
23:27:17.0729 3528  nfrd960 - ok
23:27:17.0729 3528  NitroDriverReadSpool - ok
23:27:17.0745 3528  NlaSvc - ok
23:27:17.0792 3528  NMSAccess - ok
23:27:17.0823 3528  NPF - ok
23:27:17.0839 3528  Npfs - ok
23:27:17.0839 3528  nsi - ok
23:27:17.0854 3528  nsiproxy - ok
23:27:17.0870 3528  Ntfs - ok
23:27:17.0885 3528  Null - ok
23:27:17.0885 3528  nvraid - ok
23:27:17.0901 3528  nvstor - ok
23:27:17.0917 3528  nv_agp - ok
23:27:17.0932 3528  ohci1394 - ok
23:27:17.0932 3528  p2pimsvc - ok
23:27:17.0948 3528  p2psvc - ok
23:27:17.0963 3528  Parport - ok
23:27:17.0979 3528  partmgr - ok
23:27:17.0979 3528  PcaSvc - ok
23:27:17.0995 3528  pci - ok
23:27:18.0010 3528  pciide - ok
23:27:18.0010 3528  pcmcia - ok
23:27:18.0026 3528  pcw - ok
23:27:18.0041 3528  PEAUTH - ok
23:27:18.0057 3528  PerfHost - ok
23:27:18.0088 3528  pla - ok
23:27:18.0088 3528  PlugPlay - ok
23:27:18.0104 3528  PNRPAutoReg - ok
23:27:18.0104 3528  PNRPsvc - ok
23:27:18.0119 3528  PolicyAgent - ok
23:27:18.0119 3528  Power - ok
23:27:18.0135 3528  PptpMiniport - ok
23:27:18.0135 3528  Processor - ok
23:27:18.0151 3528  ProfSvc - ok
23:27:18.0151 3528  ProtectedStorage - ok
23:27:18.0166 3528  Psched - ok
23:27:18.0166 3528  ql2300 - ok
23:27:18.0166 3528  ql40xx - ok
23:27:18.0182 3528  QWAVE - ok
23:27:18.0182 3528  QWAVEdrv - ok
23:27:18.0197 3528  RasAcd - ok
23:27:18.0197 3528  RasAgileVpn - ok
23:27:18.0213 3528  RasAuto - ok
23:27:18.0213 3528  Rasl2tp - ok
23:27:18.0213 3528  RasMan - ok
23:27:18.0229 3528  RasPppoe - ok
23:27:18.0244 3528  RasSstp - ok
23:27:18.0244 3528  rdbss - ok
23:27:18.0260 3528  rdpbus - ok
23:27:18.0260 3528  RDPCDD - ok
23:27:18.0275 3528  RDPENCDD - ok
23:27:18.0275 3528  RDPREFMP - ok
23:27:18.0291 3528  RDPWD - ok
23:27:18.0291 3528  rdyboost - ok
23:27:18.0307 3528  RemoteAccess - ok
23:27:18.0307 3528  RemoteRegistry - ok
23:27:18.0322 3528  rpcapd - ok
23:27:18.0322 3528  RpcEptMapper - ok
23:27:18.0322 3528  RpcLocator - ok
23:27:18.0338 3528  RpcSs - ok
23:27:18.0338 3528  rspndr - ok
23:27:18.0353 3528  RTHDMIAzAudService - ok
23:27:18.0369 3528  RTL8167 - ok
23:27:18.0369 3528  SamSs - ok
23:27:18.0369 3528  sbp2port - ok
23:27:18.0385 3528  SCardSvr - ok
23:27:18.0385 3528  scfilter - ok
23:27:18.0400 3528  Schedule - ok
23:27:18.0400 3528  SCPolicySvc - ok
23:27:18.0400 3528  SDRSVC - ok
23:27:18.0416 3528  SDScannerService - ok
23:27:18.0431 3528  SDUpdateService - ok
23:27:18.0431 3528  SDWSCService - ok
23:27:18.0447 3528  secdrv - ok
23:27:18.0463 3528  seclogon - ok
23:27:18.0463 3528  SENS - ok
23:27:18.0463 3528  SensrSvc - ok
23:27:18.0478 3528  Serenum - ok
23:27:18.0478 3528  Serial - ok
23:27:18.0494 3528  sermouse - ok
23:27:18.0509 3528  SessionEnv - ok
23:27:18.0509 3528  sffdisk - ok
23:27:18.0525 3528  sffp_mmc - ok
23:27:18.0525 3528  sffp_sd - ok
23:27:18.0541 3528  sfloppy - ok
23:27:18.0541 3528  SharedAccess - ok
23:27:18.0541 3528  ShellHWDetection - ok
23:27:18.0556 3528  SiSRaid2 - ok
23:27:18.0556 3528  SiSRaid4 - ok
23:27:18.0572 3528  Smb - ok
23:27:18.0587 3528  SNMPTRAP - ok
23:27:18.0587 3528  spldr - ok
23:27:18.0587 3528  Spooler - ok
23:27:18.0603 3528  sppsvc - ok
23:27:18.0603 3528  sppuinotify - ok
23:27:18.0619 3528  sptd - ok
23:27:18.0634 3528  srv - ok
23:27:18.0634 3528  srv2 - ok
23:27:18.0665 3528  srvnet - ok
23:27:18.0665 3528  SSDPSRV - ok
23:27:18.0681 3528  SstpSvc - ok
23:27:18.0697 3528  StarOpen - ok
23:27:18.0712 3528  Steam Client Service - ok
23:27:18.0712 3528  stexstor - ok
23:27:18.0743 3528  stisvc - ok
23:27:18.0743 3528  swenum - ok
23:27:18.0759 3528  swprv - ok
23:27:18.0775 3528  SysMain - ok
23:27:18.0775 3528  TabletInputService - ok
23:27:18.0790 3528  TapiSrv - ok
23:27:18.0790 3528  TBS - ok
23:27:18.0806 3528  Tcpip - ok
23:27:18.0806 3528  TCPIP6 - ok
23:27:18.0821 3528  tcpipreg - ok
23:27:18.0837 3528  TDPIPE - ok
23:27:18.0837 3528  TDTCP - ok
23:27:18.0837 3528  tdx - ok
23:27:18.0853 3528  TermDD - ok
23:27:18.0853 3528  TermService - ok
23:27:18.0868 3528  Themes - ok
23:27:18.0868 3528  THREADORDER - ok
23:27:18.0884 3528  TrkWks - ok
23:27:18.0884 3528  truecrypt - ok
23:27:18.0884 3528  TrustedInstaller - ok
23:27:18.0899 3528  tssecsrv - ok
23:27:18.0899 3528  TsUsbFlt - ok
23:27:18.0915 3528  tunnel - ok
23:27:18.0915 3528  uagp35 - ok
23:27:18.0931 3528  udfs - ok
23:27:18.0946 3528  UI0Detect - ok
23:27:18.0946 3528  uliagpkx - ok
23:27:18.0962 3528  umbus - ok
23:27:18.0962 3528  UmPass - ok
23:27:18.0962 3528  upnphost - ok
23:27:18.0977 3528  usbbus - ok
23:27:18.0977 3528  usbccgp - ok
23:27:18.0993 3528  usbcir - ok
23:27:18.0993 3528  UsbDiag - ok
23:27:19.0009 3528  usbehci - ok
23:27:19.0009 3528  usbhub - ok
23:27:19.0009 3528  USBModem - ok
23:27:19.0024 3528  usbohci - ok
23:27:19.0024 3528  usbprint - ok
23:27:19.0040 3528  usbscan - ok
23:27:19.0040 3528  USBSTOR - ok
23:27:19.0055 3528  usbuhci - ok
23:27:19.0055 3528  UxSms - ok
23:27:19.0055 3528  VaultSvc - ok
23:27:19.0071 3528  vdrvroot - ok
23:27:19.0071 3528  vds - ok
23:27:19.0087 3528  vga - ok
23:27:19.0087 3528  VgaSave - ok
23:27:19.0102 3528  vhdmp - ok
23:27:19.0102 3528  VIAHdAudAddService - ok
23:27:19.0118 3528  viaide - ok
23:27:19.0118 3528  volmgr - ok
23:27:19.0133 3528  volmgrx - ok
23:27:19.0133 3528  volsnap - ok
23:27:19.0149 3528  vsmraid - ok
23:27:19.0149 3528  VSS - ok
23:27:19.0165 3528  vwifibus - ok
23:27:19.0165 3528  W32Time - ok
23:27:19.0180 3528  WacomPen - ok
23:27:19.0180 3528  WANARP - ok
23:27:19.0196 3528  Wanarpv6 - ok
23:27:19.0196 3528  wbengine - ok
23:27:19.0211 3528  WbioSrvc - ok
23:27:19.0211 3528  wcncsvc - ok
23:27:19.0211 3528  WcsPlugInService - ok
23:27:19.0227 3528  Wd - ok
23:27:19.0227 3528  Wdf01000 - ok
23:27:19.0243 3528  WdiServiceHost - ok
23:27:19.0243 3528  WdiSystemHost - ok
23:27:19.0258 3528  WebClient - ok
23:27:19.0258 3528  Wecsvc - ok
23:27:19.0258 3528  wercplsupport - ok
23:27:19.0274 3528  WerSvc - ok
23:27:19.0274 3528  WfpLwf - ok
23:27:19.0289 3528  WIMMount - ok
23:27:19.0289 3528  WinDefend - ok
23:27:19.0305 3528  WinHttpAutoProxySvc - ok
23:27:19.0305 3528  Winmgmt - ok
23:27:19.0305 3528  WinRM - ok
23:27:19.0321 3528  WinUsb - ok
23:27:19.0336 3528  Wlansvc - ok
23:27:19.0336 3528  WmiAcpi - ok
23:27:19.0352 3528  wmiApSrv - ok
23:27:19.0352 3528  WMPNetworkSvc - ok
23:27:19.0367 3528  WPCSvc - ok
23:27:19.0367 3528  WPDBusEnum - ok
23:27:19.0383 3528  ws2ifsl - ok
23:27:19.0383 3528  wscsvc - ok
23:27:19.0399 3528  WSearch - ok
23:27:19.0399 3528  wuauserv - ok
23:27:19.0414 3528  WudfPf - ok
23:27:19.0414 3528  WUDFRd - ok
23:27:19.0430 3528  wudfsvc - ok
23:27:19.0430 3528  WwanSvc - ok
23:27:19.0445 3528  ================ Scan global ===============================
23:27:19.0445 3528  [Global] - ok
23:27:19.0445 3528  ================ Scan MBR ==================================
23:27:19.0461 3528  [ AE6210EDE7872E45B1CC30B020CD29C8 ] \Device\Harddisk0\DR0
23:27:19.0976 3528  \Device\Harddisk0\DR0 - ok
23:27:19.0976 3528  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:27:20.0662 3528  \Device\Harddisk1\DR1 - ok
23:27:20.0662 3528  ================ Scan VBR ==================================
23:27:20.0662 3528  [ 785EBB3086ECC37B0E673B300D3B1E1F ] \Device\Harddisk0\DR0\Partition1
23:27:20.0662 3528  \Device\Harddisk0\DR0\Partition1 - ok
23:27:20.0693 3528  [ 777AD3DF0660F90FEE3CF3262385147F ] \Device\Harddisk0\DR0\Partition2
23:27:20.0693 3528  \Device\Harddisk0\DR0\Partition2 - ok
23:27:20.0693 3528  [ E7CFD6DE19245D8B184E7F82DABF3EE8 ] \Device\Harddisk1\DR1\Partition1
23:27:20.0709 3528  \Device\Harddisk1\DR1\Partition1 - ok
23:27:20.0709 3528  ============================================================
23:27:20.0709 3528  Scan finished
23:27:20.0709 3528  ============================================================
23:27:20.0725 4056  Detected object count: 0
23:27:20.0725 4056  Actual detected object count: 0
         

Alt 22.12.2012, 23:15   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Ok, bitte nun ein Log mit CF machen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.12.2012, 12:09   #10
s_V
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Ich hatte Spybot beendet und Antivir deaktiviert, trotzdem kam eine Meldung, dass Spybot aktiv sei. Ich habe es dann deinstalliert und den PC und dann ComboFix neugestartet. Von Antivir habe ich nur den Echtzeit-Scanner deaktiviert, es kam aber trotzdem die Meldung, dass jemand an der Registry irgendwas macht. ComboFix lief dann durch, hier das Log:

Code:
ATTFilter
ComboFix 12-12-22.02 - **** 23.12.2012  12:54:00.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3839.2715 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))
.
.
2012-12-23 12:02 . 2012-12-23 12:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-23 11:59 . 2012-12-23 11:59	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A82E834C-4980-4CD6-91E7-D282EDB05699}\offreg.dll
2012-12-21 18:09 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 18:09 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 18:09 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-21 18:09 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 16:23 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A82E834C-4980-4CD6-91E7-D282EDB05699}\mpengine.dll
2012-12-20 12:11 . 2012-12-20 12:12	--------	d-----w-	c:\windows\rescache
2012-12-18 16:18 . 2012-10-09 18:17	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-12-18 16:18 . 2012-10-09 18:17	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-12-18 16:18 . 2012-10-09 17:40	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-12-18 16:18 . 2012-10-09 17:40	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-12-18 16:18 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-12-18 16:18 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-12-17 11:05 . 2012-11-28 14:58	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-12-17 10:38 . 2012-12-17 10:38	--------	d-----w-	c:\windows\system32\SPReview
2012-12-17 10:29 . 2012-12-17 10:29	--------	d-----w-	c:\windows\system32\EventProviders
2012-12-16 21:02 . 2012-12-16 21:02	89088	----a-w-	c:\windows\system32\mbr.exe
2012-12-16 19:43 . 2012-12-16 20:15	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-12-16 19:42 . 2012-12-23 11:49	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2012-12-16 19:42 . 2012-12-16 19:42	--------	d-----w-	c:\users\****\AppData\Local\Programs
2012-12-16 19:28 . 2012-12-16 19:28	--------	d-----w-	c:\program files\CCleaner
2012-12-16 18:51 . 2012-12-16 18:51	388096	----a-r-	c:\users\****\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-16 18:51 . 2012-12-16 18:51	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-12-16 18:39 . 2012-12-16 18:39	--------	d-----w-	c:\users\****\AppData\Roaming\Wireshark
2012-12-16 18:32 . 2012-12-16 18:32	--------	d-----w-	c:\program files (x86)\WinPcap
2012-12-16 18:31 . 2012-12-16 18:32	--------	d-----w-	c:\program files\Wireshark
2012-12-12 18:06 . 2012-11-14 06:04	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-12-12 13:31 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-04 16:35 . 2012-12-04 16:35	--------	d-----w-	c:\users\****\AppData\Roaming\Apple Computer
2012-12-03 13:17 . 2012-12-03 13:17	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-03 13:17 . 2012-12-03 13:17	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-03 13:17 . 2012-12-03 13:17	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-03 13:17 . 2012-12-03 13:17	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-03 13:17 . 2012-12-03 13:17	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-03 13:17 . 2012-12-03 13:17	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-03 13:17 . 2012-12-03 13:17	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-03 13:17 . 2012-12-03 13:17	--------	d-----w-	c:\program files (x86)\QuickTime
2012-12-03 13:17 . 2012-12-03 13:17	--------	d-----w-	c:\programdata\Apple Computer
2012-12-03 13:16 . 2012-12-03 13:16	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2012-12-03 13:15 . 2012-12-03 13:15	--------	d-----w-	c:\users\****\AppData\Local\Apple
2012-12-03 13:15 . 2012-12-03 13:15	--------	d-----w-	c:\program files (x86)\Apple Software Update
2012-12-03 13:15 . 2012-12-03 13:15	--------	d-----w-	c:\programdata\Apple
2012-11-24 12:47 . 2012-11-24 13:38	--------	d-----w-	c:\users\****\AppData\Roaming\To the Moon - Freebird Games
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-17 11:01 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-12-17 11:01 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-12-11 19:18 . 2012-04-01 09:55	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 19:18 . 2011-05-19 11:42	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 16:44 . 2012-10-17 14:54	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 16:44 . 2012-10-17 14:54	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 21:03	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 21:03	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 21:03	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-12 13:30	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-09-29 18:54 . 2012-06-26 09:37	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-27 08:28 . 2012-06-03 10:25	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-27 08:28 . 2011-04-19 11:50	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-25 22:47 . 2012-11-16 11:07	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-16 11:07	95744	----a-w-	c:\windows\system32\synceng.dll
2012-09-24 21:16 . 2012-10-22 16:43	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-04-29 10:12	1490312	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files (x86)\TrueCrypt\TrueCrypt.exe" [2010-03-16 1415632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-05 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-02-02 324928]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-04 1342064]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:18]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 10:15]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 10:15]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\06h5jpt2.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=EAC&o=102388&locale=de_DE&apn_uid=933E722D-05F3-45CE-8945-9F030576B5B7&apn_ptnrs=QE&apn_sauid=4707CA0A-B9FD-4DBF-BDDC-8C3780262386&apn_dtid=&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
AddRemove-JDownloader - c:\program files (x86)\JDownloader\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-23  13:06:11
ComboFix-quarantined-files.txt  2012-12-23 12:06
.
Vor Suchlauf: 6.470.348.800 Bytes frei
Nach Suchlauf: 9.789.095.936 Bytes frei
.
- - End Of File - - EA11185ABCFD7869AA2E805963FC9AAF
         

Alt 23.12.2012, 18:03   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.12.2012, 13:10   #12
s_V
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Code:
ATTFilter
# AdwCleaner v2.103 - Datei am 26/12/2012 um 14:08:31 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\06h5jpt2.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Users\****\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\06h5jpt2.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.abar-war-timeout", "4000");
Gefunden : user_pref("extensions.asktb.cbid", "QE");
Gefunden : user_pref("extensions.asktb.config-updated", false);
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gefunden : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-[...]
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "933E722D-05F3-45CE-8945-9F030576B5B7");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "su");
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1305372782732");
Gefunden : user_pref("extensions.asktb.locale", "de_DE");
Gefunden : user_pref("extensions.asktb.o", "102388");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "2");
Gefunden : user_pref("extensions.asktb.sa", "YES");
Gefunden : user_pref("extensions.asktb.saguid", "4707CA0A-B9FD-4DBF-BDDC-8C3780262386");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Gefunden : user_pref("extensions.asktb.socialmini-first", true);
Gefunden : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gefunden : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gefunden : user_pref("extensions.asktb.socialmini-max-items", "30");
Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Gefunden : user_pref("extensions.asktb.socialmini-speed", "5000");
Gefunden : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.version", "5.12.1.16460");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=EAC&o=102388&locale=[...]
Gefunden : user_pref("vshare.install.fresh", "true");

*************************

AdwCleaner[R1].txt - [6928 octets] - [26/12/2012 14:08:31]

########## EOF - C:\AdwCleaner[R1].txt - [6988 octets] ##########
         

Alt 26.12.2012, 20:55   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.12.2012, 16:40   #14
s_V
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Code:
ATTFilter
# AdwCleaner v2.103 - Datei am 27/12/2012 um 17:36:32 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\06h5jpt2.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Users\****\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\06h5jpt2.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.abar-war-timeout", "4000");
Gelöscht : user_pref("extensions.asktb.cbid", "QE");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-[...]
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "933E722D-05F3-45CE-8945-9F030576B5B7");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "su");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1305372782732");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.o", "102388");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "2");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "4707CA0A-B9FD-4DBF-BDDC-8C3780262386");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.version", "5.12.1.16460");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=EAC&o=102388&locale=[...]
Gelöscht : user_pref("vshare.install.fresh", "true");

*************************

AdwCleaner[R1].txt - [7045 octets] - [26/12/2012 14:08:31]
AdwCleaner[S1].txt - [6829 octets] - [27/12/2012 17:36:32]

########## EOF - C:\AdwCleaner[S1].txt - [6889 octets] ##########
         
OTL:
Code:
ATTFilter
OTL logfile created on: 27.12.2012 17:41:49 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 66,04% Memory free
7,50 Gb Paging File | 6,14 Gb Available in Paging File | 81,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 10,28 Gb Free Space | 2,21% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (NitroDriverReadSpool) -- C:\Programme\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 41 77 20 DA DB CD 01  [binary data]
IE - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.6
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.67
FF - prefs.js..network.proxy.http: "41.89.211.5"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "85.131.163.219"
FF - prefs.js..network.proxy.socks_port: 3128
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\****\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 19:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 19:21:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.03 14:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 19:21:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 19:21:43 | 000,000,000 | ---D | M]
 
[2011.06.28 16:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011.06.28 16:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.16 13:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\06h5jpt2.default\extensions
[2012.12.16 13:03:57 | 000,689,618 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\06h5jpt2.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi
[2012.11.24 11:22:24 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\06h5jpt2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.07 19:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.07 19:21:47 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.29 12:41:02 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll
[2012.02.14 10:33:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 20:50:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.14 10:33:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 10:33:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 10:33:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 10:33:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.23 13:02:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKU\S-1-5-21-254520150-3028305635-2782417164-1000..\Run: [TrueCrypt] C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3209BDA-3FD1-4A19-9A87-D77FDBC87E0B}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.23 13:15:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.23 13:06:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.23 12:51:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.23 12:51:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.23 12:51:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.23 12:44:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.23 12:44:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.23 12:40:53 | 005,012,898 | R--- | C] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2012.12.22 23:25:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe
[2012.12.21 19:09:39 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 19:09:39 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.21 19:09:39 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 19:09:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.20 13:11:39 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012.12.18 17:18:09 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.12.18 17:18:09 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.12.18 17:18:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.12.18 17:18:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.12.18 17:17:51 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.12.18 17:17:50 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.12.18 17:17:50 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.12.18 17:17:50 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.12.18 17:17:50 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.12.18 17:17:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.12.18 17:17:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.12.18 17:17:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.12.18 17:17:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.12.17 22:17:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2012.12.17 11:38:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.12.17 11:29:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.12.16 21:58:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.12.16 21:54:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.16 20:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.16 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.12.16 20:42:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Programs
[2012.12.16 20:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.12.16 20:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.16 20:28:30 | 004,077,368 | ---- | C] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup325.exe
[2012.12.16 19:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.12.16 19:51:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.12.16 19:39:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Wireshark
[2012.12.16 19:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.12.16 19:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.12.16 19:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.12.16 19:29:03 | 026,641,872 | ---- | C] (Wireshark development team) -- C:\Users\****\Desktop\Wireshark-win64-1.8.4.exe
[2012.12.14 12:47:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\musik
[2012.12.12 19:07:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 19:07:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 19:07:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 19:07:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 19:07:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 19:07:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 19:07:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 19:07:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 19:07:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.12 19:07:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 19:07:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 19:07:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 19:06:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.12 19:06:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.12 19:06:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.12 14:30:50 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.12 14:30:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 14:30:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.12 14:30:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.12 14:30:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.12 14:30:48 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.12 14:30:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.12 14:30:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.12 14:30:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.12 14:30:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.12 14:30:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.12 14:30:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.12 14:30:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 14:30:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 14:30:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 14:30:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 14:30:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 14:30:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 14:30:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 14:30:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 14:30:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 14:30:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.12 14:30:15 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 14:30:15 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.12 14:30:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2012.12.12 14:30:15 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2012.12.07 19:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Apple Computer
[2012.12.03 14:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.12.03 14:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.12.03 14:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.12.03 14:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.12.03 14:15:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple
[2012.12.03 14:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.12.03 14:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.11.07 11:22:48 | 005,082,084 | ---- | C] (The Public) -- C:\Users\****\AppData\Roaming\Avisynth.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.27 17:45:27 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 17:45:27 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.27 17:42:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.27 17:42:55 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.27 17:42:55 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.27 17:42:55 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.27 17:42:55 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.27 17:38:11 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.27 17:38:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.27 17:37:57 | 3019,227,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.26 16:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.26 15:56:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.26 14:07:31 | 000,550,017 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe
[2012.12.23 13:02:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.23 12:41:21 | 005,012,898 | R--- | M] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2012.12.22 23:23:02 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe
[2012.12.22 17:07:09 | 000,000,085 | -H-- | M] () -- C:\Users\****\Desktop\.~lock.top10_2011.odt#
[2012.12.22 12:34:37 | 000,303,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.17 22:39:13 | 000,000,512 | ---- | M] () -- C:\Users\****\Desktop\MBR.dat
[2012.12.17 22:37:30 | 000,013,767 | ---- | M] () -- C:\Users\****\Desktop\Unbenannt 1.odt
[2012.12.17 22:18:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2012.12.17 22:12:22 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\0srsw8jz.exe
[2012.12.17 12:01:05 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012.12.17 12:01:04 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012.12.16 22:02:17 | 000,089,088 | ---- | M] () -- C:\Windows\SysNative\mbr.exe
[2012.12.16 21:58:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.12.16 20:28:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.16 20:28:38 | 004,077,368 | ---- | M] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup325.exe
[2012.12.16 19:51:16 | 000,002,971 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis.lnk
[2012.12.16 19:50:20 | 001,402,880 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis.msi
[2012.12.16 19:30:27 | 026,641,872 | ---- | M] (Wireshark development team) -- C:\Users\****\Desktop\Wireshark-win64-1.8.4.exe
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.14 14:13:19 | 000,024,321 | ---- | M] () -- C:\Users\****\Desktop\top10_2011.odt
[2012.12.14 12:11:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.13 21:58:43 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.11 20:18:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.11 20:18:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.11 17:44:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.11 17:44:02 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.09 19:03:39 | 000,024,610 | ---- | M] () -- C:\Users\****\Desktop\OpenDocument Text (neu).odt
[2012.12.07 19:24:56 | 000,006,437 | ---- | M] () -- C:\Users\****\Desktop\parada.(4618777).nfo
[2012.11.30 11:03:25 | 057,611,821 | ---- | M] () -- C:\Users\****\Desktop\20121124-1700.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.26 14:07:25 | 000,550,017 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe
[2012.12.23 12:51:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.23 12:51:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.23 12:51:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.23 12:51:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.23 12:51:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.22 17:07:09 | 000,000,085 | -H-- | C] () -- C:\Users\****\Desktop\.~lock.top10_2011.odt#
[2012.12.17 22:37:27 | 000,013,767 | ---- | C] () -- C:\Users\****\Desktop\Unbenannt 1.odt
[2012.12.17 22:25:43 | 000,000,512 | ---- | C] () -- C:\Users\****\Desktop\MBR.dat
[2012.12.17 22:12:18 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\0srsw8jz.exe
[2012.12.16 22:02:12 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\mbr.exe
[2012.12.16 20:28:58 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.16 19:51:16 | 000,002,971 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis.lnk
[2012.12.16 19:50:17 | 001,402,880 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis.msi
[2012.12.16 19:32:03 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.12.14 12:11:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.07 19:25:16 | 000,006,437 | ---- | C] () -- C:\Users\****\Desktop\parada.(4618777).nfo
[2012.12.03 14:15:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.11.30 10:44:02 | 057,611,821 | ---- | C] () -- C:\Users\****\Desktop\20121124-1700.mp3
[2011.11.07 11:24:03 | 000,034,936 | ---- | C] () -- C:\Windows\SysWow64\uninstHelixYUV.exe
[2011.11.07 11:23:08 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\****\AppData\Roaming\AvsP.exe
[2011.08.11 16:32:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.08.11 16:32:43 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.05.14 12:34:07 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2011.05.14 12:34:07 | 000,002,315 | ---- | C] () -- C:\Windows\unins000.dat
[2010.06.23 18:09:40 | 000,002,049 | ---- | C] () -- C:\Users\****\.recently-used.xbel
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:48C30809

< End of report >
         
EXTRAS:
Code:
ATTFilter
OTL Extras logfile created on: 27.12.2012 17:41:49 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 66,04% Memory free
7,50 Gb Paging File | 6,14 Gb Available in Paging File | 81,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 10,28 Gb Free Space | 2,21% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D174A9-45F3-4F1B-98C1-CE58A75ADF27}" = lport=138 | protocol=17 | dir=in | app=system | 
"{13FAF8DF-7328-4FBE-B24B-B593A2405565}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2A998814-FAF8-451A-A5E8-86F5BBB6D3CC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{43B67B3C-1761-410F-B8E0-CF02412ADED8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4AFD0AA2-4591-47B4-8B7D-7E41945EEE44}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{52DBF848-14C7-4757-A0B5-3130425FDB79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5736E88E-735F-4C71-9791-62F26BBCC6A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61E05BA0-26F4-40A7-992A-6213BCB3F22C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{658E0885-7D16-406A-817A-F1CAD57FBEE3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{679588F9-E5C3-430B-BEB8-552312692F11}" = lport=445 | protocol=6 | dir=in | app=system | 
"{768F2B24-3ED2-48D9-8ECE-57E31A3C4AA1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{77037A09-523C-4776-9FED-C088DBC80905}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{81A6347E-94C3-4959-AAEF-319292F62DFF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{84932C06-E7DB-4A24-A0F9-F43F4D8A007B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{971D7DAE-692C-4195-99D5-1235CF26EF01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9EBF316-594B-4512-B537-B82BF643F8ED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BAF0FA88-3DB9-4144-BFE1-02A40EE6D226}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C6CCC6F0-A55E-4C0F-9CE7-C70F08F42D83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D84A194B-5DD0-4065-8AD3-200F4B5218F3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DDC66057-EC76-45F9-BFC5-F5A5E647DE30}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F16AC8FD-909E-45E8-8B87-FF2030E10B8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FE4FC9D9-4808-48BB-B82E-585775262B41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FF25F251-783F-450A-BE59-F0408A006EE4}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ED51FC6-CEC8-459B-92CA-21786F8285C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\to the moon\to the moon\to the moon.exe | 
"{284D0917-D637-42A2-A17F-9606C5C8FCD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2FA052D8-86B8-4FBD-8475-DAB5325614A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32D63F61-809F-4433-B416-F22A97203531}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{41D41308-C53B-4A6D-908A-B1677459ECC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{48E3227C-5B4D-444F-8893-51547CCE548F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4D277D1A-FEE9-4EE2-9D31-6C5B5CCF6F14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4FD3B157-1F0B-49E7-AE86-EA9BE3355D92}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{52401D72-F513-4A87-9D1C-3816E5328B0F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{582F6162-07B4-4B76-85C4-8D6E0D396961}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{63DF3609-9826-44B6-98D2-7D4CF386AC61}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7DEF8C05-DA92-4FBF-86B9-7863384576F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7F5C6506-DA78-4F89-966E-E609104604BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{843D232B-2265-4097-8462-DFA807A9724D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{88339B90-C2D6-498D-94A7-74343B3EF297}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{963279A9-3A19-49F3-B36C-54D2F4B0FD88}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{97015758-A6E6-4CC6-B154-24CF59CDEA31}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A413FF40-A9E7-47E2-8903-C766B45720B5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B8F67224-68B0-45B1-9CA2-ECECA865410F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\to the moon\to the moon\to the moon.exe | 
"{BDDBAE3F-F8C2-4CC7-90B6-183CD03496E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE4804E8-1881-46F3-A012-280D8A7DEF4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5E2BE90-7BE9-4B57-B3E8-A03A1028BD0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA3A9F59-27AA-4644-8E92-F4A71980B881}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4044C2B-21B1-448E-A1F1-C9FBC3A3AB9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E1DB9A10-A469-4A72-9183-5152AF4A367B}" = protocol=6 | dir=out | app=system | 
"{FE691BD8-823D-44F8-9D10-7479DE6CEB30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{0D3596B7-8F49-4917-B63D-3C687B72E42E}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{17A615BB-0665-4B6F-84C3-1FDCBEDABECF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{1CD5D47D-3AF2-4494-A4AF-63C5A00706BF}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{2638BAF7-F396-4701-942D-8533C43A7B86}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"TCP Query User{2885C0D6-2100-4145-AAAA-7AA14D488D99}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{298CE21D-054F-44D8-80F4-5BE2B5499B46}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{36770CAD-4C26-4949-9F19-BD38ABBD4F14}J:\xchatsilver\xchat.exe" = protocol=6 | dir=in | app=j:\xchatsilver\xchat.exe | 
"TCP Query User{3A4885E3-DF50-4AF8-842E-A419157A4DAE}C:\program files (x86)\steam\steamapps\jtsw1\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jtsw1\garrysmod\hl2.exe | 
"TCP Query User{3CE4E8A4-81B0-4227-9781-AE361017837C}I:\xchatsilver\xchat.exe" = protocol=6 | dir=in | app=i:\xchatsilver\xchat.exe | 
"TCP Query User{67FD8815-BF44-45D0-A17E-E79E49D775BE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{6BCE3277-4458-4FB3-B850-B78DCDEDED50}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"TCP Query User{6EABB3B9-AE27-4477-B944-9323823552E4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{7D3C9903-0A30-406B-861A-566A9CAA2C4B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{A06E89C8-1F40-4A08-BCA0-961A22C8B461}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{B7CCB944-09B6-4123-AE70-8F0F2CA86B38}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{DE06732C-D9AF-46EF-97A6-E636AC378A10}I:\xchatsilver\xchat.exe" = protocol=6 | dir=in | app=i:\xchatsilver\xchat.exe | 
"UDP Query User{1173E1A3-E431-408E-A6CB-306BBBA40C6A}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"UDP Query User{4078967B-6D7E-42CB-A94B-8C0A66A55525}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{46B47627-0D4C-49F6-A01A-424D1CF626AA}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{49FB367F-70FC-4CF0-B1C2-C8D558A296C3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{52ECAB17-8214-4258-93A6-3AFD2F9FD082}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{62984693-985E-4A4F-B1DA-B6C689924E4B}I:\xchatsilver\xchat.exe" = protocol=17 | dir=in | app=i:\xchatsilver\xchat.exe | 
"UDP Query User{8B4E0E43-C5DB-4741-9349-610F37C4BFA6}C:\program files (x86)\steam\steamapps\jtsw1\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jtsw1\garrysmod\hl2.exe | 
"UDP Query User{9073B051-E9F7-4B1C-98F1-BA6E00D4FBFF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{96A15C39-3165-4625-B088-6ADE155B8E0D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A4D1F4AC-D56C-4F1C-B364-FEF425AF4530}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{B135A83D-62B8-46D4-9608-BC5399B5181F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{BC491496-B18D-4348-BC1F-4671A7CBCAEC}J:\xchatsilver\xchat.exe" = protocol=17 | dir=in | app=j:\xchatsilver\xchat.exe | 
"UDP Query User{CC2183A0-DF4F-4F3C-9FB1-1CCF8B01573B}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"UDP Query User{E78093F2-E6A6-4CC5-84BB-D4CE62CEBD47}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{ED54B996-03B6-4577-B91C-4DEF24AD96BE}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{FD500F77-E203-4C90-A615-40C83908DCE6}I:\xchatsilver\xchat.exe" = protocol=17 | dir=in | app=i:\xchatsilver\xchat.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5A091175-DFC7-4C87-A4C8-69B9514DBF33}" = Nitro PDF Professional
"{5F94D3B9-2B02-9C37-740B-A59C7B8D17CC}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A792E67C-FDA4-A301-0C3C-53BA86EFBB5A}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE041ADD-66F3-4B85-A0E2-9E85D0DCBB31}" = Eraser 6.0.6.1376
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CEFC42-378E-4467-9909-DCBAFD38CA9F}" = LibreOffice 3.4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{157F58B7-9109-406C-B0FE-C511F06FBF2E}" = calibre
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{24982E4E-E4C1-44C6-9B21-9E2A2F898BB0}" = PdfCrypter 2.8
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3D6A24EA-A543-6C84-351E-D7646E7AB86E}" = Catalyst Control Center InstallProxy
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47CAFF95-C3D8-ABF2-70BC-89DE00D8FB19}" = Catalyst Control Center Graphics Light
"{4962EBAC-AE7C-1B22-1EA0-0916A7E40954}" = Catalyst Control Center Graphics Full Existing
"{49A62E2B-B35C-941D-DF48-601207CF14C0}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D40F840-30CA-4747-B988-E86C4C5F3B12}" = A New Beginning
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A490E11-6C8A-777C-4E00-43F3CC16A1EC}" = CCC Help English
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77919701-C3E7-09AA-D2F7-DBF42CD7C13D}" = Catalyst Control Center HydraVision Full
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B2F09F-BDC7-7865-CF4C-233B64A3BE51}" = Catalyst Control Center Graphics Full New
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119634693}" = Kaptain Brawe - A brawe new world (Episode 1)
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite DCP-135C
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0
"{D241BBEC-B1C7-7953-EDDE-D90A654A8D2C}" = ccc-core-static
"{D5C24E77-099E-9B84-5BE2-708E70B938A9}" = Catalyst Control Center Core Implementation
"{DC4757E2-BAE3-0BFE-C6E5-576CB911FF52}" = Catalyst Control Center Graphics Previews Vista
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.6
"AvsP_is1" = AvsP
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = 0.9.4.5
"BFGC" = Big Fish Games Client
"BFG-Drawn - The Painted Tower" = Drawn: The Painted Tower ™
"Ceville" = Ceville 1.0
"Deponia" = Deponia
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender
"Episode 1 - Homestar Ruiner" = Strong Bad - Strong Bad Episode 1 - Homestar Ruiner
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exodus" = Exodus Jabber Client (remove only)
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.742
"FLV Player" = FLV Player 2.0 (build 25)
"foobar2000" = foobar2000 v1.0.1
"Google Chrome" = Google Chrome
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"Harvey" = Harveys Neue Augen
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"JDownloader" = JDownloader
"Jubler" = Jubler subtitle editor
"LinuxLive USB Creator" = LinuxLive USB Creator
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Monkey Island 2 LeChucks Revenge Special Edition_is1" = Monkey Island 2 LeChucks Revenge Special Edition
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"PDF Editor 3" = PDF Editor 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Secure Eraser_is1" = Secure Eraser v3.3
"SopCast" = SopCast 3.4.8
"Steam App 206440" = To the Moon
"Steam App 4000" = Garry's Mod
"The Secret of Monkey Island_is1" = The Secret of Monkey Island
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.4 (64-bit)
"X-Chat 2_is1" = X-Chat 2.8.6-2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-254520150-3028305635-2782417164-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.12.2012 07:16:17 | Computer Name = **** | Source = SDUpdSvc.exe | ID = 0
Description = 
 
Error - 17.12.2012 07:22:42 | Computer Name = **** | Source = ESENT | ID = 215
Description = WinMail (2364) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 20.12.2012 08:05:29 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nitro PDF\Professional\Connection.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.12.2012 08:29:43 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nitro PDF\Professional\Connection.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.12.2012 08:52:43 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nitro PDF\Professional\Connection.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.12.2012 13:40:08 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nitro PDF\Professional\Connection.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.12.2012 08:16:20 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nitro PDF\Professional\Connection.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.12.2012 19:39:25 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nitro PDF\Professional\Connection.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.12.2012 09:44:14 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nitro PDF\Professional\Connection.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.12.2012 10:13:31 | Computer Name = **** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nitro PDF\Professional\Connection.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 26.12.2012 08:23:10 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 26.12.2012 08:23:10 | Computer Name = **** | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 26.12.2012 08:23:13 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 26.12.2012 10:16:24 | Computer Name = **** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 27.12.2012 12:32:18 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 27.12.2012 12:32:18 | Computer Name = **** | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 27.12.2012 12:32:22 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 27.12.2012 12:37:54 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 27.12.2012 12:37:54 | Computer Name = **** | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 27.12.2012 12:37:58 | Computer Name = **** | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
 
< End of report >
         

Geändert von s_V (27.12.2012 um 17:06 Uhr)

Alt 27.12.2012, 20:39   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Standard

"Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..network.proxy.http: "41.89.211.5"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "85.131.163.219"
FF - prefs.js..network.proxy.socks_port: 3128
FF - user.js - File not found
O4 - HKLM..\Run: []  File not found
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:48C30809
:Files
C:\Users\****\Desktop\MBR.dat
C:\Windows\SysWow64\uninstHelixYUV.exe
C:\Users\****\AppData\Roaming\AvsP.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig
avast, boot, ccsetup, cdburnerxp, classpnp.sys, computer, desktop, ergebnis, festplatte, file, folge, forum, google, hal.dll, harddisk, infizierte, installation, malwarebytes, netzwerk, ntoskrnl.exe, rootkit, safer networking, system, system32, ungewöhnlicher datenverkehr, ungewöhnlicher datenverkehr aus ihrem netzwerk, unknown mbr, update, vdeck.exe, versteckt sich, windows, wlan



Ähnliche Themen: "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig


  1. Windos 7: Google - ungewöhnlicher Datenverkehr aus ihrem Netzwerk
    Plagegeister aller Art und deren Bekämpfung - 15.08.2015 (7)
  2. Google: "Ungewöhnlicher Datenverkehr aus ihrem Computernetzwerk"
    Log-Analyse und Auswertung - 03.03.2015 (1)
  3. Fehlermeldung bei Systemstart von WINDOWS 7 64-bit: RegSvr32 "Fehler beim Laden des Moduls ""."
    Log-Analyse und Auswertung - 17.08.2014 (10)
  4. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
    Alles rund um Windows - 12.08.2014 (18)
  5. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
    Log-Analyse und Auswertung - 16.06.2014 (11)
  6. Google Suche meldet: "Ungewöhnlicher Datenverkehr aus Ihrem Computernetzwerk"
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (10)
  7. Google-Meldung "ungewöhnlicher Datenverkehr auf Ihrem PC"
    Plagegeister aller Art und deren Bekämpfung - 15.05.2014 (17)
  8. google, facebook und diverse "schlaue seiten" laden nicht
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (23)
  9. Wiederholtes Auftauchen von "PUP.Optional.Conduit.A"
    Log-Analyse und Auswertung - 01.11.2013 (15)
  10. GOOGLE Fehler - ungewöhnlicher Datenverkehr aus ihrem Netzwerk
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (14)
  11. Google-Meldung ungewöhnlicher Datenverkehr
    Log-Analyse und Auswertung - 03.06.2013 (9)
  12. "Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google
    Log-Analyse und Auswertung - 05.04.2013 (20)
  13. Google - Ungewöhnlicher Datenverkehr festgestellt. Malware?
    Log-Analyse und Auswertung - 25.03.2013 (11)
  14. Google Meldung: Ungewöhnlicher Datenverkehr aus dem W-LAN
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (3)
  15. Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (31)
  16. Google-Meldung "Ungewöhnlicher Datenverkehr aus Ihrem Netzwerk"
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (9)
  17. captcha problem bei google: Ungewöhnlicher Datenverkehr aus Ihrem Computernetzwerk
    Log-Analyse und Auswertung - 10.10.2012 (3)

Zum Thema "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig - Hallo, bei mir kam beim Googlen häufig die bekannte "Ungewöhnlicher Datenverkehr aus Ihrem Netzwerk"-Meldung, obwohl ich den Rechner alleine und ohne WLAN benutze. Außerdem brauchten viele Websites einen zweiten Anlauf, - "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig...
Archiv
Du betrachtest: "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.