Storm Alert Adware nach Installation eines Stream-Programmes von chip.de

Angelina

Hallo, liebes Team,

ich bin sehr froh, auf Euch gestoßen zu sein. Um eine HR-Rundfunksendung downzustreamen, habe ich ein Streamprogramm von chip.de auf WINDOWS 8.1 heruntergeladen.

Seither öffnen sich bei jedem Link, den ich im Firefox oder im Internet Explorer anklicke, diese beiden Werbeseiten:

hxxp://consumer-responses.com/germany/98234908280934.php?&c1=RAPDE1&c2=&t202kw=www.trojaner-board.de

hxxp://c17.bluetradingonline.net/AnyOption/DE/TradingForNewbies/?offer_id=262&aff_id=2484&aff_sub=consumer-responses.com&aff_sub2=AFF_ID2&aff_sub3=AFF_ID3&aff_sub4=AFF_ID4&aff_sub5=AnyOption_TradingForNewbies_DE&source=SOURCE&url_id=1734

Gleichzeitig ist html-Text mit Links zu weiteren Werbungen unterlegt, auch habe ich ständig ca 300x400 er Popups, die mir die Sicht auf den Text versperren.

Ich habe mir zunächst gestern in Eigenregie Spybot Search and Destroy herunter geladen, einen Systemscan gemacht und alle (als gering eingestuften) Probleme behoben (was nichts gebracht hat).

Danach habe ich eine Suchmaschine bemüht, und bin auf dieses Forum gestoßen. Ich glaube, MarcO beschreibt exakt das gleiche Problem, und Timo (Warlord) konnte erfolgreich helfen:
http://www.trojaner-board.de/159957-...r-werbung.html

Weiter habe ich nichts unternommen (doch: meine Dokumente, Musik und Fotos gesichert).

Ich habe daher jetzt zunächst keinen FRST und GMER Scan durchgeführt. Auch traue ich mich weder den Adware Cleaner noch Junkware-Removal Tool zu benutzen, ohne Euch um Rat zu fragen.

Den o.g. Ratgeberfaden habe ich durchgelesen und mir zunächst den Adware Cleaner herunter geladen mit folgendem Ergebnis:


Welche Infos benötigt Ihr noch, soll ich einen FRST Scan posten, oder genügen Euch die Infos bereits?

Vielen Dank für die Rückmeldung!
Angelina


Der Cleaner von Spybot zeigt folgende Einträge:

[i] 14-12-16 19:00:11
[i] 14-12-16 19:00:11 Processing 141216-174655.xml
[i] 14-12-16 19:00:11
[i] 14-12-16 19:00:11 Product DownloadSponsor
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID
[i] 14-12-16 19:00:11
[i] 14-12-16 19:00:11 Product Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine C:\Program Files (x86)\Wajam\
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned C:\Program Files (x86)\Wajam\
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Macromedia.FlashPlayer.Cookies
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product DoubleClick
[i] 14-12-16 19:00:12 Already cleaned Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id)
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product 7-Zip
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Internet Explorer
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Media Player
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS DirectDraw
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Paint
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Wordpad
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows Explorer
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows Media SDK
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Cookie
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cookies
[i] 14-12-16 19:00:12 Already cleaned Firefox (PE_C_PUBLIC (default))Cookies
[i] 14-12-16 19:00:12 Already cleaned Thunderbird (PE_C_PUBLIC (default))Cookies
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Cache
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cache
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Verlauf
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)History
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Summary
[i] 14-12-16 19:00:12 Errors while cleaning 0
[i] 14-12-16 19:00:12 Files moved into quarantine 4
[i] 14-12-16 19:00:12 Files successfully cleaned 39
[+] 14-12-16 19:00:13 Gratulation, alles (aus Datei 141216-174655.xml) wurde gelöscht.


sowie wurde folgende Textdatei erstellt.
[i] 14-12-16 18:59:48
[i] 14-12-16 18:59:48 Product DownloadSponsor
[+] 14-12-16 18:59:48 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID
[+] 14-12-16 18:59:48 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID
[+] 14-12-16 18:59:48 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID
[+] 14-12-16 18:59:48 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID
[i] 14-12-16 18:59:48
[i] 14-12-16 18:59:48 Product Wajam
[+] 14-12-16 18:59:48 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 18:59:48 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 18:59:48 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 18:59:48 Moving into quarantine C:\Program Files (x86)\Wajam\
[+] 14-12-16 18:59:49 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 18:59:49 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 18:59:49 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 18:59:52 Successfully cleaned C:\Program Files (x86)\Wajam\
[i] 14-12-16 18:59:52
[i] 14-12-16 18:59:52 Product Macromedia.FlashPlayer.Cookies
[+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol
[+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol
[+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol
[+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol
[+] 14-12-16 18:59:52 Moving into quarantine C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol
[+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol
[+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol
[+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol
[+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol
[+] 14-12-16 18:59:53 Successfully cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol
[i] 14-12-16 18:59:53
[i] 14-12-16 18:59:53 Product DoubleClick
[+] 14-12-16 18:59:53 Moving into quarantine Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id)
[+] 14-12-16 18:59:53 Successfully cleaned Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id)
[i] 14-12-16 18:59:53
[i] 14-12-16 18:59:53 Product 7-Zip
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory
[+] 14-12-16 18:59:53 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory
[i] 14-12-16 18:59:53
[i] 14-12-16 18:59:53 Product Internet Explorer
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:53 Moving into quarantine HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product MS Media Player
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product MS DirectDraw
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product MS Paint
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product MS Wordpad
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product Windows
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product Windows Explorer
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product Windows Media SDK
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+] 14-12-16 18:59:54 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[+] 14-12-16 18:59:54 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[i] 14-12-16 18:59:54
[i] 14-12-16 18:59:54 Product Cookie
[+] 14-12-16 18:59:54 Moving into quarantine Internet Explorer (Benutzer) (Rhea)Cookies
[+] 14-12-16 18:59:54 Moving into quarantine Firefox (PE_C_PUBLIC (default))Cookies
[+] 14-12-16 18:59:54 Moving into quarantine Thunderbird (PE_C_PUBLIC (default))Cookies
[+] 14-12-16 18:59:54 Successfully cleaned Internet Explorer (Benutzer) (Rhea)Cookies
[+] 14-12-16 18:59:55 Successfully cleaned Firefox (PE_C_PUBLIC (default))Cookies
[+] 14-12-16 18:59:55 Successfully cleaned Thunderbird (PE_C_PUBLIC (default))Cookies
[i] 14-12-16 18:59:55
[i] 14-12-16 18:59:55 Product Cache
[+] 14-12-16 18:59:55 Moving into quarantine Internet Explorer (Benutzer) (Rhea)Cache
[+] 14-12-16 18:59:56 Successfully cleaned Internet Explorer (Benutzer) (Rhea)Cache
[i] 14-12-16 18:59:56
[i] 14-12-16 18:59:56 Product Verlauf
[+] 14-12-16 18:59:56 Moving into quarantine Internet Explorer (Benutzer) (Rhea)History
[+] 14-12-16 18:59:56 Successfully cleaned Internet Explorer (Benutzer) (Rhea)History
[i] 14-12-16 18:59:56
[i] 14-12-16 18:59:56 Summary
[i] 14-12-16 18:59:56 Errors while cleaning 0
[i] 14-12-16 18:59:56 Files moved into quarantine 36
[i] 14-12-16 18:59:56 Files successfully cleaned 36
[i] 14-12-16 19:00:11
[i] 14-12-16 19:00:11 Product DownloadSponsor
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\lastPID
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\OCS\PID
[i] 14-12-16 19:00:11
[i] 14-12-16 19:00:11 Product Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[i] 14-12-16 19:00:11 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:11 Moving into quarantine C:\Program Files (x86)\Wajam\
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
[+] 14-12-16 19:00:12 Successfully cleaned C:\Program Files (x86)\Wajam\
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Macromedia.FlashPlayer.Cookies
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayLSO.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\secureinclude.ebaystatic.com\ebayT.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.paypalobjects.com\PayPalLSO.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\aa.online-metrix.net\fpc.swf\session.sol
[i] 14-12-16 19:00:12 Already cleaned C:\Users\Rhea\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZZR93RHP\#AppContainer\www.ajaxcdn.org\swf.swf\dm_cookie.sol
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product DoubleClick
[i] 14-12-16 19:00:12 Already cleaned Cookie (Thunderbird: PE_C_PUBLIC (default)).doubleclick.net/ (id)
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product 7-Zip
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\7-ZIP\FM\FolderHistory
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Internet Explorer
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Internet Explorer\TypedURLs
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Media Player
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS DirectDraw
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Paint
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product MS Wordpad
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 14-12-16 19:00:12 Already cleaned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows Explorer
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Windows Media SDK
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
[i] 14-12-16 19:00:12 Already cleaned HKEY_USERS\S-1-5-21-3879709871-1962586687-2025067079-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Cookie
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cookies
[i] 14-12-16 19:00:12 Already cleaned Firefox (PE_C_PUBLIC (default))Cookies
[i] 14-12-16 19:00:12 Already cleaned Thunderbird (PE_C_PUBLIC (default))Cookies
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Cache
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)Cache
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Product Verlauf
[i] 14-12-16 19:00:12 Already cleaned Internet Explorer (Benutzer) (Rhea)History
[i] 14-12-16 19:00:12
[i] 14-12-16 19:00:12 Summary
[i] 14-12-16 19:00:12 Errors while cleaning 0
[i] 14-12-16 19:00:12 Files moved into quarantine 4
[i] 14-12-16 19:00:12 Files successfully cleaned 39