|
Log-Analyse und Auswertung: Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.08.2012, 19:42 | #1 |
| Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) Hallo erstmal. Also zu meinen Problem; es ist so ich habe heute in der früh in Facebook von einer Freundin eine Nachricht mit einen Bildschirmschoner als Anhang bekommen und alles ich ihn dann aufmachen wollte hat er nicht funktioniert und ich habe mir nichts weiter dabei gedacht und habe ihn gelöscht. Als ich dann den Laptop wenige Stunden später wieder eingeschalten habe hat mir McAfee gesagt, das ich einen Trojaner auf dem PC habe und wenn ich einen Neu-Start mache, das das Problem dann behoben sei, war es aber nicht weil die Meldung immer wieder gekommen ist. Ich habe ungefähr 5 Mal einen Neu-Start gemacht, aber ohne eine Veränderung. Ich habe dann ein wenig gegoogelt, und habe dann gelesen, das es verschiedene Trojaner Remover gibt, also habe ich da zwei ausprobiert ohne Erfolg, und zwar einer hieß Trojan Remover und der andere war McAfee-Stinger und beide waren auf einen Stand vom 17.08.12. Bei beiden hieß es bei Funde: Master Boot Records: 1; Boot Secotor: 1. Ich habe den Stinger auch auf delete gestellt, das hat auch nichts geholfen, weil der Virus danach immer noch auffindbar war. Jetzt hoffe ich das ihr mir weiter helfen könnt, Also das sind die zwei Trojaner: Desktop.ini (C:\\Windows\assembly\GAC_64\Desktop.ini) Desktop.ini (C:\\Windows\assembly\GAC_32\Desktop.ini) Und das Logfile (mit OTL erstellt) ist hier, ich konnte es leider nicht hochladen, da es zu groß war. Ich weiß leider nicht was ich mit dem Anfange soll, also wenn es da etwas gibt, was ich tun kann, schreibt es mir bitte. OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.08.2012 20:23:09 - Run 2 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Saskia\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 45,77% Memory free 7,80 Gb Paging File | 5,31 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,63 Gb Total Space | 398,46 Gb Free Space | 88,82% Space Free | Partition Type: NTFS Computer Name: SASKIA-VAIO | User Name: Saskia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Saskia\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.) PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll () MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\libglesv2.dll () MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\libegl.dll () MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll () MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll () MOD - C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation) SRV - (McODS) -- C:\Programme\McAfee\virusscan\mcods.exe (McAfee, Inc.) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (DCDhcpService) -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe (Atheros Communication Inc.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation) SRV - (PMBDeviceInfoProvider) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (MOBK649backup) -- C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe (McAfee, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (McAWFwk) -- c:\Programme\McAfee\MSC\McAWFwk.exe (McAfee, Inc.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_VDP) -- C:\Windows\SysNative\drivers\btath_vdp.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (MOBK649Filter) -- C:\Windows\SysNative\drivers\MOBK649.sys (Mozy, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{C5260BA0-983F-44BA-995E-0C3189EBBF55}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.08 20:41:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.08 20:05:13 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.searchcanvas.com/?ot=6 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.searchcanvas.com/?ot=6 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_222.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\ CHR - Extension: Auf den Amazon-Wunschzettel = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\ CHR - Extension: SiteAdvisor = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\ CHR - Extension: Dolce&Gabbana = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\ CHR - Extension: YouTube to MP3 Converter = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\ CHR - Extension: Webcam Toy = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.3.5_0\ CHR - Extension: Qtube = C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\systemcore\ScriptSn.20120808134733.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120808134734.dll (McAfee, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [McAfeeWrapperApplication] C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe (McAfee, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BD1628F-DBBC-4511-9909-604C66370048}: DhcpNameServer = 192.54.112.29 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEF2AEF0-23A1-4B0E-BA0E-D09424F4A880}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\Shell - "" = AutoRun O33 - MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.20 19:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.08.20 19:18:38 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.08.20 19:07:38 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.08.20 19:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.08.20 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Simply Super Software [2012.08.20 18:54:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.08.20 18:54:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll [2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Simply Super Software [2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.08.20 18:47:46 | 010,488,608 | ---- | C] (Simply Super Software ) -- C:\Users\Saskia\Desktop\trjsetup682.exe [2012.08.20 09:30:56 | 000,000,000 | RHSD | C] -- C:\Users\Saskia\M-10-6897-8685-3464 [2012.08.19 01:03:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.18 00:17:19 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\PhotoScape [2012.08.18 00:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape [2012.08.18 00:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2012.08.17 23:49:09 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Programs [2012.08.17 23:45:45 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\SoftGrid Client [2012.08.17 23:45:41 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\SoftGrid Client [2012.08.17 23:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) [2012.08.17 23:45:00 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\WebCam Media [2012.08.17 23:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.08.17 23:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.08.17 23:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client [2012.08.17 23:43:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\TP [2012.08.16 12:59:22 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\CrashDumps [2012.08.15 23:50:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 23:50:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 23:50:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 23:50:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 23:50:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 23:50:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.15 23:50:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.15 23:50:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.15 23:50:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 23:50:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.15 23:50:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.15 23:50:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 23:50:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 21:44:45 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Windows Live [2012.08.15 21:43:19 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\{F7FE94E3-298B-4C11-8E1C-E9F37E0AF4A1} [2012.08.15 20:29:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Apple Computer [2012.08.15 20:29:03 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Apple Computer [2012.08.15 20:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.08.15 20:28:50 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2012.08.15 20:28:50 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2012.08.15 20:28:50 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.08.15 20:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.08.15 20:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012.08.15 20:24:51 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Apple [2012.08.15 20:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.08.15 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.08.15 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.08.15 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.08.15 20:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.08.15 20:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.08.15 16:13:09 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 16:12:17 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 16:12:16 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 16:12:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 16:06:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 16:06:58 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 16:06:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 16:06:37 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.13 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\ArcSoft [2012.08.13 19:35:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\ArcSoft [2012.08.12 18:46:23 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Microsoft Games [2012.08.08 17:51:45 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2012.08.08 17:39:57 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012.08.08 17:39:57 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012.08.08 17:39:56 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.08.08 14:13:19 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.08.08 14:13:17 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.08.08 14:13:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.08.08 13:48:29 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.08.08 13:48:14 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2012.08.08 13:48:11 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2012.08.08 13:48:02 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.08.08 13:47:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.08.08 13:47:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.08.08 12:29:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.08.08 12:29:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.08.08 12:29:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.08.08 12:27:55 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2012.08.08 12:27:54 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2012.08.08 12:16:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.08.08 11:11:33 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.08.08 11:11:31 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012.08.08 10:01:07 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.08.08 10:01:00 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.08.08 10:00:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.08.08 09:53:40 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012.08.08 09:53:11 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.08.08 09:53:08 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.08.08 08:23:48 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.08.08 08:23:48 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.08.08 08:21:03 | 000,000,000 | ---D | C] -- C:\VAIO Entertainment [2012.08.08 08:17:12 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.08.08 08:17:12 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.08.08 08:17:12 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.08.08 08:16:52 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.08.08 08:16:52 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.08.08 08:16:52 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.08.08 08:16:38 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.08.08 08:16:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.08.08 08:06:48 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Skype [2012.08.07 18:45:56 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.08.07 18:11:09 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Sony PMB [2012.08.07 18:07:44 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Google [2012.08.07 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Apps [2012.08.07 18:06:28 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Deployment [2012.08.07 18:03:06 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Adobe [2012.08.07 18:02:49 | 000,000,000 | ---D | C] -- C:\Update [2012.08.07 18:01:22 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Sony Corporation [2012.08.07 17:59:39 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Atheros [2012.08.07 17:59:04 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Intel Corporation [2012.08.07 17:59:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool [2012.08.07 17:58:57 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.08.07 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\BMExplorer [2012.08.07 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\Saskia\Documents\Bluetooth Folder [2012.08.07 17:58:47 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Atheros [2012.08.07 17:58:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Sony Corporation [2012.08.07 17:58:12 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.08.07 17:58:12 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Searches [2012.08.07 17:58:12 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.08.07 17:57:58 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Identities [2012.08.07 17:57:56 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Contacts [2012.08.07 17:57:54 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\VirtualStore [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Vorlagen [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Verlauf [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Temporary Internet Files [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Startmenü [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\SendTo [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Recent [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Netzwerkumgebung [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Lokale Einstellungen [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Videos [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Musik [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Eigene Dateien [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Documents\Eigene Bilder [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Druckumgebung [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Cookies [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\AppData\Local\Anwendungsdaten [2012.08.07 17:56:17 | 000,000,000 | -HSD | C] -- C:\Users\Saskia\Anwendungsdaten [2012.08.07 17:56:16 | 000,000,000 | --SD | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Videos [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Saved Games [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Pictures [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Music [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Links [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Favorites [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Downloads [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Documents [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\Desktop [2012.08.07 17:56:16 | 000,000,000 | R--D | C] -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.08.07 17:56:16 | 000,000,000 | -H-D | C] -- C:\Users\Saskia\AppData [2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Temp [2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Microsoft [2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Media Center Programs [2012.08.07 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Roaming\Macromedia [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Programme [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.08.07 17:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.08.07 16:52:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.20 20:23:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000UA.job [2012.08.20 20:13:59 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.08.20 20:02:41 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.20 20:02:41 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.20 19:54:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.20 19:54:41 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys [2012.08.20 18:54:13 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.08.20 18:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.20 18:53:47 | 010,488,608 | ---- | M] (Simply Super Software ) -- C:\Users\Saskia\Desktop\trjsetup682.exe [2012.08.19 01:03:34 | 001,642,498 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.19 01:03:34 | 000,697,532 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.19 01:03:34 | 000,652,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.19 01:03:34 | 000,148,538 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.19 01:03:34 | 000,121,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.18 00:22:51 | 000,005,120 | -H-- | M] () -- C:\Users\Saskia\Desktop\photothumb.db [2012.08.18 00:14:15 | 000,001,035 | ---- | M] () -- C:\Users\Saskia\Desktop\PhotoScape.lnk [2012.08.17 23:58:48 | 000,016,279 | ---- | M] () -- C:\Users\Saskia\AppData\Local\recently-used.xbel [2012.08.16 12:58:10 | 000,300,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 20:28:57 | 000,001,801 | ---- | M] () -- C:\Users\Saskia\Desktop\iTunes.lnk [2012.08.15 19:05:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 19:05:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.15 16:52:38 | 000,002,461 | ---- | M] () -- C:\Users\Saskia\Desktop\Google Chrome.lnk [2012.08.14 15:55:18 | 000,000,393 | ---- | M] () -- C:\Users\Saskia\AppData\Local\HamsterVideoConverterSettings.cfg [2012.08.13 22:15:09 | 000,007,195 | ---- | M] () -- C:\Windows\SysWow64\SystemData.xml [2012.08.10 18:26:41 | 001,613,328 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.08 08:23:08 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000Core.job [2012.08.07 17:57:51 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_SVE1711F1EW.mrk [2012.08.07 17:57:51 | 000,000,000 | RH-- | M] () -- C:\Windows\SysNative\drivers\104D_Sony_SVE1711F1EW.mrk [2012.08.07 16:54:09 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.08.07 16:54:09 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.20 18:54:13 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.08.20 18:54:09 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2012.08.20 18:54:09 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2012.08.20 18:54:09 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2012.08.20 18:54:09 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2012.08.20 16:57:10 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\L\00000004.@ [2012.08.18 00:17:35 | 000,005,120 | -H-- | C] () -- C:\Users\Saskia\Desktop\photothumb.db [2012.08.18 00:14:15 | 000,001,035 | ---- | C] () -- C:\Users\Saskia\Desktop\PhotoScape.lnk [2012.08.17 23:58:48 | 000,016,279 | ---- | C] () -- C:\Users\Saskia\AppData\Local\recently-used.xbel [2012.08.15 20:28:57 | 000,001,801 | ---- | C] () -- C:\Users\Saskia\Desktop\iTunes.lnk [2012.08.15 20:24:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.08.14 15:55:17 | 000,000,393 | ---- | C] () -- C:\Users\Saskia\AppData\Local\HamsterVideoConverterSettings.cfg [2012.08.13 22:15:09 | 000,007,195 | ---- | C] () -- C:\Windows\SysWow64\SystemData.xml [2012.08.07 19:10:40 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2012.08.07 18:45:58 | 000,002,461 | ---- | C] () -- C:\Users\Saskia\Desktop\Google Chrome.lnk [2012.08.07 18:07:46 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000UA.job [2012.08.07 18:07:46 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000Core.job [2012.08.07 17:58:29 | 000,001,409 | ---- | C] () -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.08.07 17:58:19 | 000,001,443 | ---- | C] () -- C:\Users\Saskia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.08.07 17:57:51 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_SVE1711F1EW.mrk [2012.08.07 17:57:51 | 000,000,000 | RH-- | C] () -- C:\Windows\SysNative\drivers\104D_Sony_SVE1711F1EW.mrk [2012.08.07 17:57:45 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited.lnk [2012.08.07 16:52:07 | 3142,864,896 | -HS- | C] () -- C:\hiberfil.sys [2012.07.09 18:28:10 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2012.03.15 21:57:54 | 013,206,016 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.03.15 21:57:54 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.15 21:57:54 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.15 21:57:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.15 21:57:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.24 02:27:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@ [2012.02.24 02:27:20 | 000,002,048 | -HS- | C] () -- C:\Users\Saskia\AppData\Local\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@ [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.02.11 01:03:27 | 001,642,498 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012.08.18 00:20:45 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\PhotoScape [2012.08.20 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\Simply Super Software [2012.08.18 01:21:50 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\SoftGrid Client [2012.08.17 23:46:02 | 000,000,000 | ---D | M] -- C:\Users\Saskia\AppData\Roaming\TP [2009.07.14 07:08:49 | 000,011,710 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Ich hoffe ihr könnt mir helfen, ich weiß nicht mehr weiter^^ Neu installieren kann ich ihn nicht, weil ich kein Betriebssystem auf CD habe. 'tschuldiung, wenns so einen Ähnlichen Theat schon gibt, ich habe nämlich keinen gefunden. Mfg~ Sukai Geändert von sukai (20.08.2012 um 19:52 Uhr) |
20.08.2012, 20:54 | #2 |
/// Helfer-Team | Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini)Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{C5260BA0-983F-44BA-995E-0C3189EBBF55}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=http://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\Shell - "" = AutoRun O33 - MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true [2012.08.20 18:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.08.20 18:47:46 | 010,488,608 | ---- | C] (Simply Super Software ) -- C:\Users\Saskia\Desktop\trjsetup682.exe @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9 [2012.08.20 20:23:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000UA.job [2012.08.19 01:03:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.08 08:23:08 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000Core.job [2012.08.20 16:57:10 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\L\00000004.@ [2012.08.07 18:07:44 | 000,000,000 | ---D | C] -- C:\Users\Saskia\AppData\Local\Google [2012.02.24 02:27:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@ [2012.02.24 02:27:20 | 000,002,048 | -HS- | C] () -- C:\Users\Saskia\AppData\Local\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@ :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
20.08.2012, 23:35 | #3 |
| Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) danke, ich hoffe das war das richtige Logfile, das hat sich einfach geöffnet gehabt, nach dem neu Start
__________________Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully. File move failed. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll scheduled to be moved on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C5260BA0-983F-44BA-995E-0C3189EBBF55}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5260BA0-983F-44BA-995E-0C3189EBBF55}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19b48ec7-e2d5-11e1-ad18-5453ed276b1a}\ not found. File "D:\WD SmartWare.exe" autoplay=true not found. C:\ProgramData\Simply Super Software\Trojan Remover\Data folder moved successfully. C:\ProgramData\Simply Super Software\Trojan Remover folder moved successfully. C:\ProgramData\Simply Super Software folder moved successfully. C:\Users\Saskia\Desktop\trjsetup682.exe moved successfully. ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000UA.job moved successfully. C:\Config.Msi folder moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2061850246-3451949566-2168631680-1000Core.job moved successfully. C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\L\00000004.@ moved successfully. C:\Users\Saskia\AppData\Local\Google\Update\Install folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96} folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\21.0.1180.79 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D} folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D} folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Update\Download folder moved successfully. Folder move failed. C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115 scheduled to be moved on reboot. C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.111 folder moved successfully. Folder move failed. C:\Users\Saskia\AppData\Local\Google\Update scheduled to be moved on reboot. C:\Users\Saskia\AppData\Local\Google\CrashReports folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Temp folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\SwiftShader folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Sync Data folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.uploadc.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.supersonicads.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.samplicio.us folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.novamov.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.mcgame.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.filebox.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.disorlike.tv folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.das-automagazin.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.dailymotion.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.bet365.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.baur.de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#videoplayer.ru folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#va1de.sftcdn.net folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#track.webgains.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#static.putlocker.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#ssl.hurra.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#rutube.ru folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#res.brandwire.tv folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#relevantid.imperium.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#randomc.net folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#portal.myview.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#p.kiwi.kz folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#mr1mr.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#members.bet365.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#lads.myspace.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#images.mefeedia.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#iframe.sponsorpay.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#hwcdn.veevr.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#heias.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#embed.videoweed.es folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#embed.novamov.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#delivery.ibanner.de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#de-castaclip.cdn.videoplaza.tv folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#chatango.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#cdn.visiblemeasures.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#ads.heias.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#aa.online-metrix.net folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\##\www.auxmoney-partnerprogramm.de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\##\images-na.ssl-images-amazon.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\## folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.videozer.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.uploadc.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.supersonicads.com\delivery\flash\cookies.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.supersonicads.com\delivery\flash folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.supersonicads.com\delivery folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.supersonicads.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.samplicio.us folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.novamov.com\player\novaplayerv3.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.novamov.com\player folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.novamov.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.mcgame.com\assets\flowplayer\flowplayer.commercial-3.2.7.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.mcgame.com\assets\flowplayer folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.mcgame.com\assets folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.mcgame.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.filebox.com\flowplayer.commercial-3.2.7.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.filebox.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.dailymotion.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.bet365.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.baur.de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\www.auxmoney-partnerprogramm.de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\vox-static.liverail.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\videoplayer.ru folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\va1de.sftcdn.net\shared\flash\rs\storage.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\va1de.sftcdn.net\shared\flash\rs folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\va1de.sftcdn.net\shared\flash folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\va1de.sftcdn.net\shared folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\va1de.sftcdn.net folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\track.webgains.com\wg.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\track.webgains.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\static.putlocker.com\video_player.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\static.putlocker.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\ssl.hurra.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\s.ytimg.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\rutube.ru\player.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\rutube.ru folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\res.brandwire.tv\scdn\content\brandwire\PublishingContainer.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\res.brandwire.tv\scdn\content\brandwire folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\res.brandwire.tv\scdn\content folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\res.brandwire.tv\scdn folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\res.brandwire.tv folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\relevantid.imperium.com\dedupe.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\relevantid.imperium.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\randomc.net folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\portal.myview.com\MyView\flash folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\portal.myview.com\MyView folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\portal.myview.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\p.kiwi.kz folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\mr1mr.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\members.bet365.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\lads.myspace.com\videos\MSVideoPlayer.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\lads.myspace.com\videos folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\lads.myspace.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\images.mefeedia.com\flowplayer.commercial-3.2.7.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\images.mefeedia.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\images-na.ssl-images-amazon.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\iframe.sponsorpay.com\flash\flashcookie.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\iframe.sponsorpay.com\flash folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\iframe.sponsorpay.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com\q4z7c2x6\cds\swf\f#\lowplayer.commercial-3.2.12.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com\q4z7c2x6\cds\swf\f# folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com\q4z7c2x6\cds\swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com\q4z7c2x6\cds folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com\q4z7c2x6 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\hwcdn.veevr.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\heias.com\x\heias_sc.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\heias.com\x folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\heias.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.videoweed.es\player\weedplayerv3.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.videoweed.es\player folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.videoweed.es folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.novamov.com\player\novaplayerv5.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.novamov.com\player folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\embed.novamov.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\delivery.ibanner.de\ibanner\snacktv\STVPlayer_beta.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\delivery.ibanner.de\ibanner\snacktv folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\delivery.ibanner.de\ibanner folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\delivery.ibanner.de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\de-castaclip.cdn.videoplaza.tv folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\chatango.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\cdn.visiblemeasures.com\swf\as3\AS3SOHandler.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\cdn.visiblemeasures.com\swf\as3 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\cdn.visiblemeasures.com\swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\cdn.visiblemeasures.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\cdn-static.liverail.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\ads.heias.com\images\tmp\7928 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\ads.heias.com\images\tmp folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\ads.heias.com\images folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\ads.heias.com folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\aa.online-metrix.net\fpc.swf folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T\aa.online-metrix.net folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\S74QDW7T folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\DXREGD63 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Pepper Data folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Media Cache folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.3.5_0\__MACOSX folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.3.5_0 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\zh_TW folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\zh_HK folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\zh_CN folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\vi folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\uk folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\tr folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\th folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\te folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ta folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\sv folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\sr folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\sl folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\sk folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ru folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ro folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\pt_PT folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\pt_BR folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\pl folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\or folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\no folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\nl folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\mr folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ml folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\lv folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\lt folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ko folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\kn folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ja folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\iw folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\it folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\id folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\hu folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\hr folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\hi folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\gu folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\fr folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\fil folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\fi folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\et folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\es_419 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\es folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\en_GB folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\en folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\el folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\da folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\cs folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ca folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\bn folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\bg folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales\ar folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\_locales folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\i folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\Resources folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\zh folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\ja folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\it folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\fr folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\en_GB folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\en folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales\de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\_locales folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\zh folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\us folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\uk folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\jp folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\ja folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\it folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\fr folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\en folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\cn folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images\ca folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings\images folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\settings folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\images folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\contentScripts folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX\backgroundScripts folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\__MACOSX folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\zh folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\ja folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\it folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\fr folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\es folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\en_GB folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\en folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales\de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\_locales folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\zh folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\us folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\uk folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\jp folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\ja folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\it folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\fr folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\es folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\en folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\de folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\cn folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images\ca folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings\images folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\settings folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\images folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\contentScripts folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\backgroundScripts folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\_locales\en folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\_locales folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\w1 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\w0 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\t1 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\t0 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\i\f folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\i folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extensions folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Extension State folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.playworld.de_0 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\databases folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Cache folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Application Cache folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\User Data folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\Dictionaries folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\VisualElements folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\Locales folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\Installer folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\Extensions folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79\default_apps folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.79 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\VisualElements folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\PepperFlash folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\Locales folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\Installer folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\Extensions folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77\default_apps folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application\21.0.1180.77 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome\Application folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Chrome folder moved successfully. Folder move failed. C:\Users\Saskia\AppData\Local\Google scheduled to be moved on reboot. C:\Windows\Installer\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@ moved successfully. C:\Users\Saskia\AppData\Local\{a705c1ae-a47b-bb5f-21dc-9bd1e5f04209}\@ moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Saskia\Desktop\cmd.bat deleted successfully. C:\Users\Saskia\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Saskia ->Temp folder emptied: 47672215 bytes ->Temporary Internet Files folder emptied: 70691904 bytes ->Flash cache emptied: 57510 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 656752016 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68864 bytes RecycleBin emptied: 15642408 bytes Total Files Cleaned = 754,00 mb OTL by OldTimer - Version 3.2.58.1 log created on 08212012_002706 Files\Folders moved on Reboot... File move failed. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll scheduled to be moved on reboot. C:\Users\Saskia\AppData\Local\Google\Update\1.3.21.115 folder moved successfully. C:\Users\Saskia\AppData\Local\Google\Update folder moved successfully. C:\Users\Saskia\AppData\Local\Google folder moved successfully. C:\Users\Saskia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Saskia\AppData\Local\Temp\trayicon-2520-20120820-195521.log moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/21/2012 at 01:53:22 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Saskia - SASKIA-VAIO # Boot Mode : Normal # Running from : C:\Users\Saskia\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\Softonic [x64] Key Found : HKCU\Software\Softonic ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v21.0.1180.79 File : C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "urls_to_restore_on_startup": [ "hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731" ] Found : "urls_to_restore_on_startup": [ "hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731" ] ************************* AdwCleaner[R1].txt - [1045 octets] - [21/08/2012 01:53:22] ########## EOF - C:\AdwCleaner[R1].txt - [1173 octets] ########## Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/21/2012 at 01:55:06 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Saskia - SASKIA-VAIO # Boot Mode : Normal # Running from : C:\Users\Saskia\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Softonic ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v21.0.1180.79 File : C:\Users\Saskia\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "urls_to_restore_on_startup": [ "hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731" ] Deleted : "urls_to_restore_on_startup": [ "hxxp://www.searchplusnetwork.com/?sp=blac&t=a0731" ] ************************* AdwCleaner[R1].txt - [1172 octets] - [21/08/2012 01:53:22] AdwCleaner[S1].txt - [1069 octets] - [21/08/2012 01:55:06] ########## EOF - C:\AdwCleaner[S1].txt - [1197 octets] ########## |
21.08.2012, 03:23 | #4 |
/// Helfer-Team | Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
21.08.2012, 09:25 | #5 |
| Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) ich habe gerade noch ein mal McAfee durchlaufen lassen, und es heißt ich habe immer noch zwei Viren infizierte Dateien auf dem PC. Der Emsisoft AnitMaleware wird gerade heruntergeladen, wird er die zwei Dateien löschen oder so? |
21.08.2012, 15:41 | #6 |
/// Helfer-Team | Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) werden wir sehen.
__________________ --> Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) |
05.10.2012, 02:34 | #7 |
/// Helfer-Team | Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu Facebook-Trojaner: ZeroAccess (C:\\Windows\assembly\GAC_64\Desktop.ini) |
80-100, autorun, bho, bildschirmschoner, bingbar, bonjour, converter, desktop.ini, downloader, explorer, firefox, flash player, format, google, home, homepage, logfile, mp3, plug-in, problem, realtek, registry, scan, siteadvisor, super, trojaner, trojaner zero access, usb, usb 3.0, virus, wildtangent games, windows, wlan |