Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Alureon.H mit CF gelöscht (https://www.trojaner-board.de/88253-alureon-h-cf-geloescht.html)

Kraketsch 15.07.2010 22:09
Alureon.H mit CF gelöscht
 
Hallo,
ich habe mich bisher nicht wirklich viel mit dem Thema Viren und Trojaner auseinander gesetzt. Da ich meiner Meinung nach mit Antivir immer gut klargekommen bin. Nun habe ich aber beim surfen mit Firefox bemerkt, dass ab und zu einiges nich stimmte und immer mehr Probleme auf meinem PC aufgetaucht sind. Ein komplettscan von Antivir hat nie Infektionen angezeigt.
Ein Freund hat mir dan MSE empfohlen was ich sofort installiert habe. Dies zeigte mir dann den Virus Alureon.H an, welcher aber nicht gelöscht wurde. Nach der suche im Internet habe ich CF gefunden und einfach ausprobiert. Das Problem scheint gelöst, allerdings habe ich erst später (unter anderem hier) gelesen, dass CF nicht automatisch alle Probleme entfernt und nicht direkt ausgeführt werden soll... zu spät

Vlt. kann mir ja jemand weiterhelfen und die LOG-File von CF einmal anschauen ob noch Viren vorhanden sind und wenn, wie ich diese entferne.

Vielen Dank schonmal für die Hilfe!

Hier die LOG-File:
Combofix Logfile:
Code:
ComboFix 10-07-15.01 - Kraketsch 15.07.2010  22:10:01.1.2 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.3071.1909 [GMT 2:00]
ausgeführt von:: c:\users\Kraketsch\Downloads\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Kraketsch\AppData\Roaming\Xyyv
c:\users\Kraketsch\AppData\Roaming\Xyyv\utpi.exe
D:\install.exe
F:\install.exe

Infizierte Kopie von c:\windows\system32\DRIVERS\vdrvroot.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2010-06-15 bis 2010-07-15  ))))))))))))))))))))))))))))))
.

2010-07-15 20:15 . 2010-07-15 20:17        --------        d-----w-        c:\users\Kraketsch\AppData\Local\temp
2010-07-15 20:15 . 2010-07-15 20:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-15 19:23 . 2010-07-15 19:23        --------        d-----w-        c:\program files\Microsoft Security Essentials
2010-07-15 15:21 . 2010-07-15 15:21        126024        ----a-w-        c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\exami.exe
2010-07-08 08:58 . 2009-07-14 01:16        62976        ----a-w-        c:\users\Kraketsch\AppData\Local\wolagp.dll
2010-06-24 16:17 . 2010-06-24 16:18        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\Notepad++
2010-06-24 16:17 . 2010-06-24 16:17        --------        d-----w-        c:\program files\Notepad++
2010-06-24 13:47 . 2008-03-16 12:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
2010-06-24 13:47 . 2007-02-21 10:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2010-06-24 13:47 . 2006-05-03 09:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2010-06-24 07:51 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-06-24 07:51 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-06-24 07:51 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-06-24 07:51 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-06-24 07:51 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-06-23 15:26 . 2010-06-23 15:26        --------        d-----w-        c:\program files\directx
2010-06-23 12:30 . 2010-06-24 14:01        --------        d-----w-        c:\programdata\SWiSHMax2WorkFolder
2010-06-21 17:02 . 2010-06-21 17:02        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\Carl Zeiss
2010-06-21 17:01 . 2010-06-21 17:01        --------        d-----w-        c:\program files\Common Files\Carl Zeiss
2010-06-21 16:53 . 2007-01-14 20:45        368912        ----a-w-        c:\windows\system32\VBAR332.DLL
2010-06-21 16:53 . 2007-01-14 20:45        252176        ----a-w-        c:\windows\system32\MSRD2X35.DLL
2010-06-21 16:53 . 2007-01-14 20:45        24848        ----a-w-        c:\windows\system32\msjter35.dll
2010-06-21 16:53 . 2007-01-14 20:45        123664        ----a-w-        c:\windows\system32\msjint35.dll
2010-06-21 16:53 . 2007-01-14 20:45        1045776        ----a-w-        c:\windows\system32\msjet35.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 20:17 . 2009-11-02 18:45        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2010-07-15 20:13 . 2009-07-14 08:47        647376        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-15 20:13 . 2009-07-14 08:47        127404        ----a-w-        c:\windows\system32\perfc007.dat
2010-07-15 19:54 . 2010-01-07 10:17        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\Anzo
2010-07-10 08:56 . 2009-11-15 14:27        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\vlc
2010-07-10 08:47 . 2009-12-04 16:02        --------        d-----w-        c:\program files\JDownloader
2010-06-24 13:14 . 2010-02-05 17:50        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\Audacity
2010-06-23 15:26 . 2009-11-01 16:53        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-06-21 19:03 . 2009-11-01 16:27        109600        ----a-w-        c:\users\Kraketsch\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-21 17:01 . 2009-11-01 16:24        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2010-06-13 12:29 . 2010-06-13 12:09        --------        d-----w-        c:\programdata\National Instruments
2010-06-13 12:15 . 2010-06-13 12:12        --------        d-----w-        c:\program files\Common Files\Merge Modules
2010-06-12 14:13 . 2009-11-02 17:51        --------        d-----w-        c:\programdata\Microsoft Help
2010-06-07 19:05 . 2010-06-07 19:05        --------        d-----w-        c:\program files\Common Files\Deterministic Networks
2010-06-04 16:14 . 2009-11-02 18:28        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-06-02 12:18 . 2010-06-02 12:18        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\.sane
2010-05-30 11:16 . 2009-11-18 21:29        --------        d-----w-        c:\program files\7-Zip
2010-05-27 07:24 . 2010-06-12 11:25        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-12 11:25        293888        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-11-01 16:44        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-12 11:25        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-05-01 14:49 . 2010-06-12 11:25        2326528        ----a-w-        c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-05-29 11:56        2048        ----a-w-        c:\windows\system32\tzres.dll
2007-02-08 08:48 . 2007-02-08 08:48        133920        ----a-w-        c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-12-10 12:50 . 2008-12-10 12:50        118784        ----a-w-        c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2006-05-03 09:06 . 2010-06-24 13:47        163328        --sh--r-        c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2010-06-24 13:47        31232        --sh--r-        c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2010-06-24 13:47        216064        --sh--r-        c:\windows\System32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-12-01 389120]
"Miranda Fusion"="c:\program files\MirandaFusion\mfstart.exe" [2010-02-14 918788]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-02 7518752]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-24 159744]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-11-01 47672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5082488]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357800]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-6-7 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

R1 MpKsla022f17a;MpKsla022f17a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68EFD88C-1C06-4D0B-B823-3A4F30588B65}\MpKsla022f17a.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-01 29472]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 211216]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2009-11-04 902432]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-11-04 2326920]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-11-04 159168]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv86win32.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-{E6471645-544E-428A-86CB-6F4CAC87AFC0} - c:\users\Kraketsch\AppData\Roaming\Xyyv\utpi.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3572)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
d:\program files\National Instruments\MAX\nimxs.exe
d:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
d:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\system32\taskhost.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft Security Essentials\MpCmdRun.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\MirandaFusion\miranda32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\MirandaFusion\mfwd.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-15  22:20:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-07-15 20:20

Vor Suchlauf: 10 Verzeichnis(se), 74.309.558.272 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 74.808.725.504 Bytes frei

- - End Of File - - 747ACCA4D6123385A8233314E3706833
--- --- ---

kira 16.07.2010 00:21
Hallo und Herzlich Willkommen! :)

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:
Deine persönlichen Angaben/Daten (die persönliche Merkmale enthalten, wie Name, Seriennummer etc) kannst Du aus dem geposteten Logs heraus löschen[/u]

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Malwarebytes Anti-Malware

2.
lade Dir von TrendMicro™ HijackThis™/Version 2.0.4 herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

3.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

4.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:[code]
hier kommt dein Logfile rein
→ dahinter:[/code]
gruß
Coverflow

Kraketsch 16.07.2010 07:31
Hallo,
thx schonmal für die schnelle Antwort.

Hier der Malwarebytes-Log:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4317

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.07.2010 08:08:19
mbam-log-2010-07-16 (08-08-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 465263
Laufzeit: 1 Stunde(n), 49 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
E:\Program Files\Image-Line\Toxic Biohazard\Toxic Biohazard.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.
Hijackthis:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:13:55, on 16.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kraketsch\Desktop\DXTraffic.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kraketsch\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Miranda Fusion] C:\Program Files\MirandaFusion\mfstart.exe
O4 - .DEFAULT User Startup: exami.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - D:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - D:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 10353 bytes
HJTscanlist:
Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7600]
 
 
C:

  16.07.2010 06:15    C:\ProgramData --------- 8192 
  16.07.2010 06:15    C:\Program Files --------- 20480 
  15.07.2010 22:20    C:\Qoobox --------- 0 
  15.07.2010 22:20    C:\Windows --------- 28672 
  15.07.2010 22:20    C:\ComboFix.txt --------- 18291 
  15.07.2010 22:17    C:\$RECYCLE.BIN --------- 0 
      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  23.01.2010 18:32    C:\Sandbox --------- 0 
  20.11.2009 16:14    C:\AIM --------- 0 
  02.11.2009 20:49    C:\System Volume Information --------- 4096 
  02.11.2009 19:51    C:\MSOCache --------- 0 
  01.11.2009 22:38    C:\MSDOS.SYS --------- 0 
  01.11.2009 22:38    C:\IO.SYS --------- 0 
  01.11.2009 19:06    C:\Intel --------- 0 
  01.11.2009 18:23    C:\NVIDIA --------- 0 
  01.11.2009 12:30    C:\Users --------- 4096 
  01.11.2009 12:30    C:\Recovery --------- 0 
  01.11.2009 12:30    C:\Programme --------- 0 
  01.11.2009 12:30    C:\Dokumente und Einstellungen --------- 0 
  14.07.2009 06:53    C:\Documents and Settings --------- 0 
  14.07.2009 04:37    C:\PerfLogs --------- 0 
  10.06.2009 23:42    C:\config.sys --------- 10 
  10.06.2009 23:42    C:\autoexec.bat --------- 24 
----------------------------------------

 
C:\Windows

  16.07.2010 07:24    C:\Windows\WindowsUpdate.log --------- 1959363 
  15.07.2010 22:17    C:\Windows\system.ini --------- 215 
  15.07.2010 22:16    C:\Windows\setupact.log --------- 34244 
  15.07.2010 22:16    C:\Windows\bootstat.dat --------- 67584 
  15.07.2010 22:16    C:\Windows\PFRO.log --------- 15368 
  23.06.2010 17:26    C:\Windows\DirectX.log --------- 111823 
  23.06.2010 16:51    C:\Windows\Sandboxie.ini --------- 1588 
  07.06.2010 21:05    C:\Windows\VPNInstall.MIF --------- 1594 
  07.06.2010 21:01    C:\Windows\VPNUnInstall.MIF --------- 1594 
  07.06.2010 20:43    C:\Windows\MEMORY.DMP --------- 343032012 
  16.05.2010 14:16    C:\Windows\AsDebug.log --------- 6662 
  16.05.2010 14:16    C:\Windows\AsCDProc.log --------- 8048 
  26.04.2010 15:58    C:\Windows\PEV.exe --------- 256512 
  27.02.2010 01:39    C:\Windows\msxml4-KB954430-deu.LOG --------- 280408 
  27.02.2010 01:39    C:\Windows\msxml4-KB973688-deu.LOG --------- 284136 
  25.02.2010 10:24    C:\Windows\Menu.INI --------- 32 
  22.02.2010 00:55    C:\Windows\LPLAY.INI --------- 670 
  05.01.2010 16:37    C:\Windows\win.ini --------- 478 
  25.11.2009 15:28    C:\Windows\diagwrn.xml --------- 2562 
  25.11.2009 15:28    C:\Windows\diagerr.xml --------- 1908 
  25.11.2009 15:28    C:\Windows\setuperr.log --------- 0 
  02.11.2009 19:02    C:\Windows\nsreg.dat --------- 0 
  02.11.2009 18:51    C:\Windows\SynInst.log --------- 53 
  02.11.2009 18:48    C:\Windows\DPINST.LOG --------- 79540 
  01.11.2009 22:36    C:\Windows\ATKPF.ini --------- 24 
  01.11.2009 20:54    C:\Windows\ASUS Camera ScreenSaver.exe --------- 4814371 
  01.11.2009 20:54    C:\Windows\AsScrProlog.exe --------- 47672 
  01.11.2009 20:54    C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe --------- 281144 
  01.11.2009 12:23    C:\Windows\TSSysprep.log --------- 1313 
  01.11.2009 12:20    C:\Windows\DtcInstall.log --------- 1774 
  31.10.2009 07:45    C:\Windows\explorer.exe --------- 2614272 
  25.10.2009 06:11    C:\Windows\MBR.exe --------- 77312 
  14.07.2009 06:41    C:\Windows\WindowsShell.Manifest --------- 749 
  14.07.2009 03:16    C:\Windows\twain_32.dll --------- 51200 
  14.07.2009 03:14    C:\Windows\write.exe --------- 9216 
  14.07.2009 03:14    C:\Windows\winhlp32.exe --------- 9728 
  14.07.2009 03:14    C:\Windows\twunk_32.exe --------- 31232 
  14.07.2009 03:14    C:\Windows\regedit.exe --------- 398336 
  14.07.2009 03:14    C:\Windows\notepad.exe --------- 179712 
  14.07.2009 03:14    C:\Windows\hh.exe --------- 15360 
  14.07.2009 03:14    C:\Windows\HelpPane.exe --------- 497152 
  14.07.2009 03:14    C:\Windows\fveupdate.exe --------- 13824 
  14.07.2009 03:14    C:\Windows\bfsvc.exe --------- 65024 
  14.07.2009 00:58    C:\Windows\mib.bin --------- 43131 
  10.06.2009 23:42    C:\Windows\_default.pif --------- 707 
  10.06.2009 23:42    C:\Windows\winhelp.exe --------- 256192 
  10.06.2009 23:41    C:\Windows\twunk_16.exe --------- 49680 
  10.06.2009 23:41    C:\Windows\twain.dll --------- 94784 
  10.06.2009 23:34    C:\Windows\WMSysPr9.prx --------- 316640 
  10.06.2009 23:19    C:\Windows\msdfmap.ini --------- 1405 
  10.06.2009 23:14    C:\Windows\Starter.xml --------- 48201 
  10.06.2009 23:14    C:\Windows\Professional.xml --------- 53551 
  20.04.2009 12:56    C:\Windows\NIRCMD.exe --------- 31232 
  16.04.2009 18:23    C:\Windows\RtlExUpd.dll --------- 540672 
  28.03.2008 07:47    C:\Windows\agrsmdel.exe --------- 54824 
  29.03.2004 16:23    C:\Windows\unvise32.exe --------- 90112 
  31.08.2000 08:00    C:\Windows\SWREG.exe --------- 161792 
  31.08.2000 08:00    C:\Windows\SWSC.exe --------- 136704 
  31.08.2000 08:00    C:\Windows\grep.exe --------- 80412 
  31.08.2000 08:00    C:\Windows\zip.exe --------- 68096 
  31.08.2000 08:00    C:\Windows\SWXCACLS.exe --------- 212480 
  31.08.2000 08:00    C:\Windows\sed.exe --------- 98816 
----------------------------------------

 
C:\Windows\System

 13.07.2009 23:41      C:\Windows\System\OLESVR.DLL --------- 24064
 13.07.2009 23:41      C:\Windows\System\WFWNET.DRV --------- 12704
 13.07.2009 23:41      C:\Windows\System\COMMDLG.DLL --------- 32816
 13.07.2009 23:41      C:\Windows\System\TIMER.DRV --------- 4048
 13.07.2009 23:41      C:\Windows\System\MMSYSTEM.DLL --------- 68992
 13.07.2009 23:41      C:\Windows\System\mmtask.tsk --------- 1152
 13.07.2009 23:41      C:\Windows\System\mouse.drv --------- 2032
 13.07.2009 23:41      C:\Windows\System\vga.drv --------- 2176
 13.07.2009 23:41      C:\Windows\System\sound.drv --------- 1744
 13.07.2009 23:41      C:\Windows\System\keyboard.drv --------- 2000
 13.07.2009 23:41      C:\Windows\System\SHELL.DLL --------- 5120
 13.07.2009 23:41      C:\Windows\System\system.drv --------- 3360
 10.06.2009 23:42      C:\Windows\System\ver.dll --------- 9008
 10.06.2009 23:42      C:\Windows\System\olecli.dll --------- 82944
 10.06.2009 23:42      C:\Windows\System\lzexpand.dll --------- 9936
 10.06.2009 23:25      C:\Windows\System\stdole.tlb --------- 5532
 10.06.2009 23:21      C:\Windows\System\msvideo.dll --------- 126912
 10.06.2009 23:21      C:\Windows\System\mciwave.drv --------- 28160
 10.06.2009 23:21      C:\Windows\System\mciseq.drv --------- 25264
 10.06.2009 23:21      C:\Windows\System\mciavi.drv --------- 73376
 10.06.2009 23:21      C:\Windows\System\avifile.dll --------- 109456
 10.06.2009 23:21      C:\Windows\System\avicap.dll --------- 69584
----------------------------------------

 
C:\Windows\System32

 16.07.2010 06:15    C:\Windows\system32\drivers --------- 65536 
 16.07.2010 03:24    C:\Windows\system32\config --------- 12288 
 15.07.2010 22:37    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 13248 
 15.07.2010 22:37    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 13248 
 15.07.2010 22:21    C:\Windows\system32\perfh009.dat --------- 610094 
 15.07.2010 22:21    C:\Windows\system32\perfc009.dat --------- 104412 
 15.07.2010 22:21    C:\Windows\system32\perfh007.dat --------- 647376 
 15.07.2010 22:21    C:\Windows\system32\perfc007.dat --------- 127404 
 15.07.2010 22:21    C:\Windows\system32\PerfStringBackup.INI --------- 1480602 
 15.07.2010 22:17    C:\Windows\system32\acovcnt.exe --------- 45056 
 15.07.2010 21:23    C:\Windows\system32\catroot --------- 4096 
 11.07.2010 23:48    C:\Windows\system32\catroot2 --------- 12288 
 22.06.2010 15:13    C:\Windows\system32\wdi --------- 4096 
 22.06.2010 08:46    C:\Windows\system32\FNTCACHE.DAT --------- 2337488 
 13.06.2010 14:12    C:\Windows\system32\cvirte --------- 0 
 12.06.2010 21:22    C:\Windows\system32\migration --------- 0 
 07.06.2010 21:05    C:\Windows\system32\DriverStore --------- 4096 
 29.05.2010 17:38    C:\Windows\system32\de-DE --------- 327680 
 28.05.2010 21:37    C:\Windows\system32\MRT.exe --------- 32472008 
 27.05.2010 09:24    C:\Windows\system32\atmlib.dll --------- 34304 
 27.05.2010 05:49    C:\Windows\system32\atmfd.dll --------- 293888 
 21.05.2010 14:14    C:\Windows\system32\MpSigStub.exe --------- 221568 
 21.05.2010 07:18    C:\Windows\system32\wininet.dll --------- 977920 
 21.05.2010 07:14    C:\Windows\system32\jsproxy.dll --------- 48128 
 16.05.2010 15:59    C:\Windows\system32\NDF --------- 0 
 06.05.2010 14:42    C:\Windows\system32\urlmon.dll --------- 1225216 
 06.05.2010 14:41    C:\Windows\system32\mstime.dll --------- 606208 
 06.05.2010 14:41    C:\Windows\system32\mshtml.dll --------- 5970944 
 06.05.2010 14:41    C:\Windows\system32\msfeedsbs.dll --------- 64512 
 06.05.2010 14:41    C:\Windows\system32\ieframe.dll --------- 10984448 
 06.05.2010 14:41    C:\Windows\system32\iedkcs32.dll --------- 381440 
 01.05.2010 16:49    C:\Windows\system32\win32k.sys --------- 2326528 
 23.04.2010 09:13    C:\Windows\system32\tzres.dll --------- 2048 
 12.04.2010 21:53    C:\Windows\system32\Asus_Camera_ScreenSaver dir --------- 0 
 23.03.2010 13:26    C:\Windows\system32\vpnapi.dll --------- 201512 
 08.03.2010 23:33    C:\Windows\system32\vbscript.dll --------- 427520 
 05.03.2010 09:42    C:\Windows\system32\asycfilt.dll --------- 67584 
 04.03.2010 09:33    C:\Windows\system32\inetcomm.dll --------- 740864 
 27.02.2010 14:07    C:\Windows\system32\ntkrnlpa.exe --------- 3954568 
 27.02.2010 14:07    C:\Windows\system32\ntoskrnl.exe --------- 3899280 
 18.02.2010 09:34    C:\Windows\system32\shell32.dll --------- 12867072 
 11.02.2010 09:10    C:\Windows\system32\browserchoice.exe --------- 293376 
 27.01.2010 19:37    C:\Windows\system32\o6xhtaz.tgz --------- 218 
 27.01.2010 19:37    C:\Windows\system32\o6xhtaz.dll --------- 204 
 27.01.2010 19:37    C:\Windows\system32\prsgrc.tgz --------- 114 
 27.01.2010 19:37    C:\Windows\system32\prsgrc.dll --------- 100 
 27.01.2010 19:37    C:\Windows\system32\ssprs.tgz --------- 86 
 27.01.2010 19:37    C:\Windows\system32\ssprs.dll --------- 72 
 27.01.2010 19:37    C:\Windows\system32\v4tu0r9.tgz --------- 1025 
 27.01.2010 19:37    C:\Windows\system32\clauth1.dll --------- 1025 
 27.01.2010 19:37    C:\Windows\system32\v4tu0r9.dll --------- 1025 
 27.01.2010 19:37    C:\Windows\system32\clauth2.dll --------- 1025 
 26.01.2010 16:28    C:\Windows\system32\grcauth1.dll --------- 1025 
 26.01.2010 16:28    C:\Windows\system32\grcauth2.dll --------- 1025 
 23.01.2010 18:30    C:\Windows\system32\Tasks --------- 4096 
 20.01.2010 11:18    C:\Windows\system32\quicktime --------- 0 
 17.01.2010 14:26    C:\Windows\system32\xlive --------- 0 
 09.01.2010 08:52    C:\Windows\system32\cabview.dll --------- 132608 
 29.12.2009 08:55    C:\Windows\system32\wintrust.dll --------- 172032 
 19.12.2009 11:02    C:\Windows\system32\tsbyuv.dll --------- 12288 
 19.12.2009 11:02    C:\Windows\system32\quartz.dll --------- 1328640 
 19.12.2009 11:02    C:\Windows\system32\msyuv.dll --------- 22016 
 19.12.2009 11:02    C:\Windows\system32\msvidc32.dll --------- 31744 
 19.12.2009 11:02    C:\Windows\system32\msrle32.dll --------- 13312 
 19.12.2009 11:02    C:\Windows\system32\mciavi32.dll --------- 84480 
 19.12.2009 11:02    C:\Windows\system32\iyuv_32.dll --------- 50176 
 19.12.2009 11:02    C:\Windows\system32\avifil32.dll --------- 91648 
 11.12.2009 09:38    C:\Windows\system32\lsasrv.dll --------- 1037312 
 08.12.2009 13:33    C:\Windows\system32\kernel32.dll --------- 857088 
 08.12.2009 13:32    C:\Windows\system32\apphelp.dll --------- 292864 
 04.12.2009 18:02    C:\Windows\system32\javaws.exe --------- 149280 
 04.12.2009 18:02    C:\Windows\system32\javaw.exe --------- 145184 
 04.12.2009 18:02    C:\Windows\system32\java.exe --------- 145184 
 04.12.2009 18:02    C:\Windows\system32\deploytk.dll --------- 411368 
 02.12.2009 10:17    C:\Windows\system32\jscript.dll --------- 716800 
 25.11.2009 12:47    C:\Windows\system32\netfxperf.dll --------- 49472 
 25.11.2009 12:47    C:\Windows\system32\PresentationHostProxy.dll --------- 99176 
 25.11.2009 12:47    C:\Windows\system32\dfshim.dll --------- 1130824 
 25.11.2009 12:47    C:\Windows\system32\PresentationHost.exe --------- 295264 
 25.11.2009 12:47    C:\Windows\system32\mscoree.dll --------- 297808 
 03.11.2009 05:11    C:\Windows\system32\setupsup.dll --------- 245760 
 03.11.2009 04:47    C:\Windows\system32\SBE6_000.CNT --------- 10915 
 03.11.2009 04:47    C:\Windows\system32\sbe6_000.hlp --------- 609234 
 03.11.2009 04:46    C:\Windows\system32\INETWH32.dll --------- 49152 
 03.11.2009 04:43    C:\Windows\system32\SB6ENT.OCX --------- 491520 
 03.11.2009 04:43    C:\Windows\system32\SBE6_32.DLL --------- 1167410 
 02.11.2009 20:43    C:\Windows\system32\Boot --------- 0 
 02.11.2009 20:08    C:\Windows\system32\appmgmt --------- 0 
 02.11.2009 01:34    C:\Windows\system32\GroupPolicy --------- 0 
 02.11.2009 00:59    C:\Windows\system32\LogFiles --------- 4096 
 01.11.2009 20:54    C:\Windows\system32\Asus_Camera_ScreenSaver.scr --------- 520192 
 01.11.2009 20:50    C:\Windows\system32\Microsoft --------- 0 
 01.11.2009 18:53    C:\Windows\system32\RTCOM --------- 0 
 01.11.2009 18:24    C:\Windows\system32\AGEIA --------- 0 
 01.11.2009 18:20    C:\Windows\system32\CodeIntegrity --------- 0 
 01.11.2009 18:15    C:\Windows\system32\Macromed --------- 0 
 01.11.2009 12:31    C:\Windows\system32\wbem --------- 65536 
 01.11.2009 12:24    C:\Windows\system32\license.rtf --------- 57035 
 01.11.2009 12:23    C:\Windows\system32\sysprep --------- 0 
 28.10.2009 08:17    C:\Windows\system32\winlogon.exe --------- 285696 
----------------------------------------

 
C:\Windows\Prefetch

 16.07.2010 08:15    C:\Windows\Prefetch\CMD.EXE-4A81B364.pf --------- 7144 
 16.07.2010 08:15    C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf --------- 15644 
 16.07.2010 08:14    C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf --------- 104970 
 16.07.2010 08:14    C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf --------- 13582 
 16.07.2010 08:14    C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf --------- 24880 
 16.07.2010 08:14    C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf --------- 31998 
 16.07.2010 08:13    C:\Windows\Prefetch\HIJACKTHIS.EXE-AA5671FE.pf --------- 34732 
 16.07.2010 08:13    C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf --------- 18916 
 16.07.2010 08:12    C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf --------- 34394 
 16.07.2010 08:12    C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf --------- 45304 
 16.07.2010 08:12    C:\Windows\Prefetch\MPCMDRUN.EXE-8791CC49.pf --------- 25308 
 16.07.2010 08:10    C:\Windows\Prefetch\NOTEPAD++.EXE-72A5A810.pf --------- 41030 
 16.07.2010 08:08    C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1704337 
 16.07.2010 08:08    C:\Windows\Prefetch\AgGlFaultHistory.db --------- 572968 
 16.07.2010 08:08    C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 3264779 
 16.07.2010 08:08    C:\Windows\Prefetch\AgRobust.db --------- 100408 
 16.07.2010 08:08    C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf --------- 48796 
 16.07.2010 08:06    C:\Windows\Prefetch\EXCEL.EXE-C6BEF51C.pf --------- 168468 
 16.07.2010 07:54    C:\Windows\Prefetch\ADOBEARM.EXE-719325FF.pf --------- 62368 
 16.07.2010 07:54    C:\Windows\Prefetch\ACRORD32.EXE-172CF576.pf --------- 73128 
 16.07.2010 07:29    C:\Windows\Prefetch\OFFICELIVESIGNIN.EXE-B83AEDE8.pf --------- 14618 
 16.07.2010 07:29    C:\Windows\Prefetch\WINWORD.EXE-C91725A1.pf --------- 145044 
 16.07.2010 07:29    C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf --------- 8844 
 16.07.2010 07:26    C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-855748498-1251889708-178539298-1001.db --------- 1045223 
 16.07.2010 07:26    C:\Windows\Prefetch\AgGlUAD_S-1-5-21-855748498-1251889708-178539298-1001.db --------- 1479405 
 16.07.2010 06:45    C:\Windows\Prefetch\OUTLOOK.EXE-183FA0F0.pf --------- 382482 
 16.07.2010 06:16    C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf --------- 75692 
 16.07.2010 06:16    C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf --------- 22924 
 16.07.2010 06:15    C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf --------- 9804 
 16.07.2010 06:15    C:\Windows\Prefetch\MBAM-SETUP-1.46.TMP-1438A59D.pf --------- 20620 
 16.07.2010 06:15    C:\Windows\Prefetch\MBAM-SETUP-1.46.EXE-98117021.pf --------- 16246 
 16.07.2010 06:04    C:\Windows\Prefetch\Layout.ini --------- 499280 
 16.07.2010 03:15    C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf --------- 19660 
 16.07.2010 03:14    C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf --------- 29984 
 16.07.2010 02:29    C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf --------- 14370 
 16.07.2010 02:29    C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf --------- 21024 
 16.07.2010 02:29    C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf --------- 2014 
 16.07.2010 02:22    C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf --------- 15196 
 16.07.2010 02:22    C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf --------- 114694 
 16.07.2010 00:45    C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf --------- 476990 
 16.07.2010 00:40    C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-7226D1F8.pf --------- 128618 
 16.07.2010 00:03    C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf --------- 38810 
 16.07.2010 00:02    C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf --------- 142912 
 16.07.2010 00:02    C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf --------- 28908 
 15.07.2010 23:41    C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf --------- 33116 
 15.07.2010 22:33    C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf --------- 185442 
 15.07.2010 22:30    C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf --------- 26236 
 15.07.2010 22:25    C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf --------- 222242 
 15.07.2010 22:19    C:\Windows\Prefetch\SWREG.CFXXE-A63F9012.pf --------- 10494 
 15.07.2010 22:19    C:\Windows\Prefetch\NIRCMD.CFXXE-AC413B53.pf --------- 10102 
 15.07.2010 22:19    C:\Windows\Prefetch\ReadyBoot --------- 0 
 15.07.2010 22:18    C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf --------- 102072 
 15.07.2010 22:18    C:\Windows\Prefetch\SVCHOST.EXE-C871F054.pf --------- 30028 
 15.07.2010 22:18    C:\Windows\Prefetch\MFWD.EXE-AB26895C.pf --------- 135806 
 15.07.2010 22:18    C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf --------- 79096 
 15.07.2010 22:08    C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508 
 15.07.2010 21:20    C:\Windows\Prefetch\AVWSC.EXE-4630B658.pf --------- 38250 
 15.07.2010 20:48    C:\Windows\Prefetch\AgCx_SC4.db --------- 310689 
 15.07.2010 20:47    C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf --------- 23896 
 15.07.2010 19:48    C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf --------- 29928 
 15.07.2010 19:35    C:\Windows\Prefetch\ACRORD32INFO.EXE-1C0557AA.pf --------- 76290 
 15.07.2010 17:03    C:\Windows\Prefetch\AgCx_SC2.db --------- 689762 
 19.06.2010 20:45    C:\Windows\Prefetch\AgCx_SC1.db --------- 537031 
 19.06.2010 20:44    C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 94468 
 01.11.2009 12:21    C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1614164 
 01.11.2009 12:21    C:\Windows\Prefetch\AgAppLaunch.db --------- 332116 
----------------------------------------

 
C:\Windows\Tasks

 15.07.2010 22:16    C:\Windows\Tasks\SA.DAT --------- 6 
 01.06.2010 18:27    C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632 
----------------------------------------

 
C:\Windows\Temp

 16.07.2010 08:12    C:\Windows\Temp\MpCmdRun.log --------- 9586 
 15.07.2010 23:41    C:\Windows\Temp\fwtsqmfile00.sqm --------- 608 
 15.07.2010 22:22    C:\Windows\Temp\dneinst.log --------- 607 
----------------------------------------

 
C:\Users\KRAKET~1\AppData\Local\Temp

 16.07.2010 08:12    C:\Users\KRAKET~1\AppData\Local\Temp\~DF44CB609E54DB0561.TMP --------- 512 
 16.07.2010 08:07    C:\Users\KRAKET~1\AppData\Local\Temp\msohtmlclip1 --------- 0 
 16.07.2010 08:07    C:\Users\KRAKET~1\AppData\Local\Temp\msohtmlclip --------- 0 
 16.07.2010 08:06    C:\Users\KRAKET~1\AppData\Local\Temp\VBE --------- 0 
 16.07.2010 07:54    C:\Users\KRAKET~1\AppData\Local\Temp\AdobeARM.log --------- 1058 
 16.07.2010 07:48    C:\Users\KRAKET~1\AppData\Local\Temp\~DF7B97EEF8A4CF8FD9.TMP --------- 512 
 16.07.2010 07:48    C:\Users\KRAKET~1\AppData\Local\Temp\~DF4A084BF9248BB575.TMP --------- 512 
 16.07.2010 07:30    C:\Users\KRAKET~1\AppData\Local\Temp\EndNote --------- 0 
 16.07.2010 07:29    C:\Users\KRAKET~1\AppData\Local\Temp\~DF28E3FF9A4F4CD375.TMP --------- 512 
 16.07.2010 07:29    C:\Users\KRAKET~1\AppData\Local\Temp\33182941.od --------- 134 
 16.07.2010 07:29    C:\Users\KRAKET~1\AppData\Local\Temp\CVR54DD.tmp.cvr --------- 0 
 16.07.2010 06:45    C:\Users\KRAKET~1\AppData\Local\Temp\30510035.od --------- 134 
 16.07.2010 06:45    C:\Users\KRAKET~1\AppData\Local\Temp\CVR8BC4.tmp.cvr --------- 0 
 16.07.2010 06:16    C:\Users\KRAKET~1\AppData\Local\Temp\~DFD87758A17B0AA7EA.TMP --------- 65536 
 16.07.2010 00:56    C:\Users\KRAKET~1\AppData\Local\Temp\plugtmp --------- 0 
 15.07.2010 22:45    C:\Users\KRAKET~1\AppData\Local\Temp\1751095.od --------- 134 
 15.07.2010 22:45    C:\Users\KRAKET~1\AppData\Local\Temp\CVRB837.tmp.cvr --------- 0 
 15.07.2010 22:18    C:\Users\KRAKET~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 
----------------------------------------

 
C:\Program Files

 16.07.2010 06:15    C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 
 15.07.2010 22:13    C:\Program Files\Common Files --------- 4096 
 15.07.2010 21:23    C:\Program Files\Microsoft Security Essentials --------- 4096 
 15.07.2010 20:52    C:\Program Files\Mozilla Firefox --------- 28672 
 10.07.2010 10:47    C:\Program Files\JDownloader --------- 0 
 24.06.2010 18:17    C:\Program Files\Notepad++ --------- 4096 
 23.06.2010 17:26    C:\Program Files\directx --------- 0 
 23.06.2010 17:26    C:\Program Files\InstallShield Installation Information --------- 4096 
 13.06.2010 14:14    C:\Program Files\Internet Explorer --------- 4096 
 04.06.2010 18:14    C:\Program Files\Microsoft Silverlight --------- 4096 
 30.05.2010 13:16    C:\Program Files\7-Zip --------- 4096 
 12.05.2010 19:57    C:\Program Files\Windows Mail --------- 0 
 03.04.2010 13:12    C:\Program Files\Microsoft Games --------- 0 
 31.03.2010 22:35    C:\Program Files\MirandaFusion --------- 0 
 19.03.2010 19:18    C:\Program Files\Adobe --------- 0 
 04.03.2010 13:56    C:\Program Files\Audacity 1.3 Beta (Unicode) --------- 0 
 25.02.2010 23:35    C:\Program Files\MSXML 4.0 --------- 0 
 05.02.2010 15:43    C:\Program Files\epson --------- 0 
 23.01.2010 18:30    C:\Program Files\Sandboxie --------- 4096 
 23.01.2010 00:00    C:\Program Files\TeamSpeak 3 Client --------- 0 
 20.01.2010 11:18    C:\Program Files\NimoCodec Pack --------- 0 
 20.01.2010 11:18    C:\Program Files\DivX --------- 8192 
 17.01.2010 14:21    C:\Program Files\Elaborate Bytes --------- 0 
 17.01.2010 12:43    C:\Program Files\ASUS --------- 4096 
 05.01.2010 16:38    C:\Program Files\Microsoft Works --------- 0 
 13.12.2009 13:01    C:\Program Files\MSECache --------- 0 
 08.12.2009 15:06    C:\Program Files\AviSynth 2.5 --------- 0 
 05.12.2009 21:20    C:\Program Files\AVS4YOU --------- 0 
 04.12.2009 18:02    C:\Program Files\Java --------- 0 
 25.11.2009 11:57    C:\Program Files\ImgBurn --------- 0 
 23.11.2009 13:57    C:\Program Files\EndNote X3 --------- 8192 
 18.11.2009 23:42    C:\Program Files\Cisco Systems --------- 0 
 15.11.2009 16:26    C:\Program Files\VideoLAN --------- 0 
 04.11.2009 12:08    C:\Program Files\Acronis --------- 0 
 02.11.2009 20:43    C:\Program Files\Windows Media Player --------- 4096 
 02.11.2009 20:33    C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0 
 02.11.2009 20:28    C:\Program Files\Microsoft --------- 0 
 02.11.2009 19:54    C:\Program Files\MSBuild --------- 0 
 02.11.2009 19:54    C:\Program Files\Microsoft Office --------- 4096 
 02.11.2009 19:53    C:\Program Files\Microsoft Visual Studio --------- 0 
 02.11.2009 19:53    C:\Program Files\Microsoft.NET --------- 0 
 02.11.2009 19:52    C:\Program Files\Microsoft Visual Studio 8 --------- 0 
 01.11.2009 20:50    C:\Program Files\WIDCOMM --------- 0 
 01.11.2009 20:47    C:\Program Files\Wireless Console 2 --------- 0 
 01.11.2009 20:16    C:\Program Files\ATKGFNEX --------- 4096 
 01.11.2009 20:11    C:\Program Files\Intel --------- 0 
 01.11.2009 20:06    C:\Program Files\P4G --------- 4096 
 01.11.2009 19:55    C:\Program Files\Synaptics --------- 0 
 01.11.2009 19:54    C:\Program Files\Fingerprint Sensor --------- 0 
 01.11.2009 19:20    C:\Program Files\Cisco --------- 0 
 01.11.2009 19:02    C:\Program Files\Temp --------- 0 
 01.11.2009 18:53    C:\Program Files\Realtek --------- 0 
 01.11.2009 18:24    C:\Program Files\AGEIA Technologies --------- 0 
 01.11.2009 12:30    C:\Program Files\Gemeinsame Dateien --------- 0 
 01.11.2009 12:30    C:\Program Files\Windows NT --------- 4096 
 14.07.2009 10:57    C:\Program Files\DVD Maker --------- 0 
 14.07.2009 10:57    C:\Program Files\Windows Journal --------- 0 
 14.07.2009 10:47    C:\Program Files\Windows Sidebar --------- 4096 
 14.07.2009 10:47    C:\Program Files\Windows Photo Viewer --------- 4096 
 14.07.2009 10:47    C:\Program Files\Windows Defender --------- 0 
 14.07.2009 06:53    C:\Program Files\Uninstall Information --------- 0 
 14.07.2009 06:52    C:\Program Files\Windows Portable Devices --------- 0 
 14.07.2009 06:52    C:\Program Files\Reference Assemblies --------- 0 
 14.07.2009 06:41    C:\Program Files\desktop.ini --------- 174 
----------------------------------------

 
C:\ProgramData\..

Default   
Public   
Kraketsch   
Default User   
All Users   
desktop.ini   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1      localhost

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0          364 K
smss.exe                      512 Services                  0          768 K
csrss.exe                      872 Services                  0        3.468 K
wininit.exe                    932 Services                  0        3.168 K
csrss.exe                      944 Console                    1        10.192 K
services.exe                  980 Services                  0        8.392 K
lsass.exe                    1004 Services                  0        9.472 K
lsm.exe                      1012 Services                  0        3.072 K
svchost.exe                  1100 Services                  0        7.120 K
nvvsvc.exe                    1176 Services                  0        2.816 K
svchost.exe                  1216 Services                  0        6.828 K
MsMpEng.exe                  1288 Services                  0        89.064 K
svchost.exe                  1340 Services                  0        17.300 K
svchost.exe                  1372 Services                  0      100.720 K
svchost.exe                  1396 Services                  0        37.608 K
svchost.exe                  1536 Services                  0        11.928 K
svchost.exe                  1668 Services                  0        12.904 K
winlogon.exe                  1760 Console                    1        4.540 K
AsLdrSrv.exe                  1800 Services                  0        2.592 K
GFNEXSrv.exe                  1828 Services                  0        2.064 K
wlanext.exe                  1836 Services                  0        12.580 K
conhost.exe                  1844 Services                  0        1.956 K
spoolsv.exe                  1972 Services                  0        9.764 K
svchost.exe                  2032 Services                  0        12.404 K
nvvsvc.exe                    648 Console                    1        6.340 K
schedul2.exe                  892 Services                  0        4.100 K
afcdpsrv.exe                  972 Services                  0        6.040 K
agrsmsvc.exe                  1604 Services                  0        1.832 K
btwdins.exe                    928 Services                  0        4.484 K
cvpnd.exe                    2068 Services                  0        5.612 K
E_S40RP7.EXE                  2108 Services                  0        2.136 K
EvtEng.exe                    2152 Services                  0        15.768 K
svchost.exe                  2192 Services                  0        11.024 K
lkcitdl.exe                  2248 Services                  0        5.460 K
lkads.exe                    2280 Services                  0        5.036 K
lktsrv.exe                    2304 Services                  0        5.232 K
mdm.exe                      2332 Services                  0        4.404 K
nimxs.exe                    2456 Services                  0        7.616 K
nidmsrv.exe                  2540 Services                  0        5.160 K
nisvcloc.exe                  2564 Services                  0        2.664 K
tagsrv.exe                    2628 Services                  0        12.752 K
RegSrvc.exe                  2676 Services                  0        3.888 K
SbieSvc.exe                  2736 Services                  0        3.128 K
svchost.exe                  2820 Services                  0        3.956 K
WLIDSVC.EXE                  2868 Services                  0        8.144 K
IAANTmon.exe                  2904 Services                  0        5.080 K
dwm.exe                      3732 Console                    1        37.136 K
taskhost.exe                  3832 Console                    1        8.164 K
BatteryLife.exe              4080 Console                    1        4.128 K
ACMON.exe                    4088 Console                    1        6.016 K
ACEngSvr.exe                  2844 Console                    1        11.460 K
ATKOSD.exe                    2664 Console                    1          532 K
unsecapp.exe                  3560 Services                  0        3.312 K
SearchIndexer.exe            3904 Services                  0        29.228 K
WmiPrvSE.exe                  3620 Services                  0        8.420 K
rundll32.exe                  4168 Console                    1        5.128 K
KBFiltr.exe                  4596 Console                    1          532 K
WDC.exe                      4604 Console                    1          532 K
WLIDSVCM.EXE                  4792 Services                  0        2.180 K
RtHDVCpl.exe                  4968 Console                    1        10.680 K
iFrmewrk.exe                  4988 Console                    1        18.756 K
HControlUser.exe              5056 Console                    1        2.788 K
DMedia.exe                    5060 Console                    1        2.912 K
ATKOSD2.exe                  5164 Console                    1        10.076 K
SynTPEnh.exe                  5176 Console                    1        8.036 K
IAAnotif.exe                  5184 Console                    1        5.356 K
GrooveMonitor.exe            5240 Console                    1        9.488 K
SynTPHelper.exe              5260 Console                    1        2.284 K
SynAsus.exe                  3376 Console                    1        3.480 K
TrueImageMonitor.exe          5540 Console                    1        14.264 K
schedhlp.exe                  5560 Console                    1        3.552 K
VCDDaemon.exe                5576 Console                    1        4.572 K
msseces.exe                  5648 Console                    1        14.832 K
sidebar.exe                  5528 Console                    1        28.848 K
SbieCtrl.exe                  5728 Console                    1        9.384 K
unsecapp.exe                  5892 Console                    1        4.448 K
BTTray.exe                    6112 Console                    1        10.136 K
wmpnetwk.exe                  4552 Services                  0        10.908 K
svchost.exe                  4972 Services                  0        12.812 K
dllhost.exe                  4436 Services                  0        4.492 K
explorer.exe                  3572 Console                    1        81.916 K
firefox.exe                  6004 Console                    1      159.876 K
DXTraffic.exe                1304 Console                    1        4.540 K
audiodg.exe                  3988 Services                  0        21.564 K
wmplayer.exe                  5664 Console                    1        62.016 K
wuauclt.exe                  4920 Console                    1        5.200 K
mbam.exe                      5756 Console                    1      101.028 K
WINWORD.EXE                  1780 Console                    1      129.568 K
OfficeLiveSignIn.exe          4408 Console                    1        4.052 K
AcroRd32.exe                  4592 Console                    1        76.852 K
notepad.exe                  4624 Console                    1        5.844 K
SearchProtocolHost.exe        4876 Services                  0        6.048 K
WMIADAP.exe                  3252 Services                  0        3.864 K
SearchFilterHost.exe          2232 Services                  0        4.372 K
cmd.exe                      4316 Console                    1        3.248 K
conhost.exe                  3828 Console                    1        4.868 K
dllhost.exe                  5020 Console                    1        4.080 K
tasklist.exe                  1392 Console                    1        4.160 K
WmiPrvSE.exe                  2216 Services                  0        4.812 K

 
***** Ende des Scans 16.07.2010 um  8:15:32,34 ***
Und zu guter letzt:
Code:
7-Zip 9.13 beta                28.05.2010               
Acronis*True*Image*Home        Acronis        03.11.2009        153,5MB        13.0.5055
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        31.10.2009                10.0.32.18
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        12.06.2010        6,00MB        10.1.53.64
Adobe Photoshop CS4        Adobe Systems Incorporated        18.03.2010        1.249,3MB        11.0
Adobe Reader 9.3.3 - Deutsch        Adobe Systems Incorporated        07.07.2010        168,6MB        9.3.3
Agere Systems HDA Modem        Agere Systems        31.10.2009               
Airline Tycoon - Deluxe        Spellbound Entertainment AG        04.04.2010               
ASUS MultiFrame                31.10.2009                1.0.0017
ASUS Power4Gear eXtreme        ASUS        31.10.2009        7,15MB        1.0.19
ASUS Splendid Video Enhancement Technology        ASUS        31.10.2009        25,0MB        1.02.0021
Asus_Camera_ScreenSaver        ASUS        31.10.2009                2.0.0008
ATK Generic Function Service        ATK        31.10.2009                1.00.0008
ATK Hotkey        ASUS        31.10.2009        6,01MB        1.0.0038
ATK Media        ASUS        31.10.2009        0,18MB        2.0.0000
ATKOSD2        ASUS        31.10.2009        7,28MB        7.0.0001
Audacity 1.3.11 (Unicode)        Audacity Team        04.02.2010        32,8MB       
AVS Update Manager 1.0        Online Media Technologies Ltd.        04.12.2009               
AVS Video Converter 6        Online Media Technologies Ltd.        04.12.2009               
AVS4YOU Software Navigator 1.3        Online Media Technologies Ltd.        04.12.2009               
CCleaner        Piriform        15.07.2010                2.33
Cisco Systems VPN Client 5.0.07.0290        Cisco Systems, Inc.        06.06.2010        11,6MB        5.0.6
ClustalX2        University College Dublin        23.06.2010        13,2MB        2.0.12
DivX Plus Web Player        DivX,Inc.        08.01.2010                2.0.0
EndNote X3        Thomson Reuters        22.11.2009        75,3MB        13.0.0.4094
EPSON Copy Utility 3                04.02.2010                3.2.0.0
EPSON Scan                04.02.2010               
EPSON-Drucker-Software        SEIKO EPSON Corporation        09.11.2009               
FlatOut Ultimate Carnage        Empire Interactive        16.01.2010               
GTA2                22.06.2010                1.00.001
ImgBurn        LIGHTNING UK!        24.11.2009                2.5.0.0
Intel(R) Matrix Storage Manager        Intel Corporation        31.10.2009               
Intel(R) PROSet/Wireless WiFi-Software        Intel Corporation        31.10.2009        120,9MB        13.00.0000
ITECIR        ITE        31.10.2009                1.00.0000
Java(TM) 6 Update 15        Sun Microsystems, Inc.        03.12.2009        95,0MB        6.0.150
JDownloader        AppWork UG (haftungsbeschränkt)        03.12.2009                0.89
Left 4 Dead 2 - 2.0.0.8        hohesC        19.01.2010        76,4MB       
LSM Image Browser, Release 4.2                20.06.2010               
Malwarebytes' Anti-Malware        Malwarebytes Corporation        15.07.2010        8,51MB       
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        16.01.2010        28,4MB        1.2.0241
Microsoft Office Live Add-in 1.4        Microsoft Corporation        01.11.2009        0,49MB        2.0.3008.0
Microsoft Office Ultimate 2007        Microsoft Corporation        04.01.2010                12.0.6425.1000
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs        Microsoft Corporation        12.12.2009        0,13MB        12.0.4518.1014
Microsoft Security Essentials        Microsoft Corporation        14.07.2010                1.0.1963.0
Microsoft Silverlight        Microsoft Corporation        03.06.2010        60,8MB        4.0.50524.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        05.12.2009        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        24.02.2010        2,38MB        8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        02.11.2009        0,20MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        16.01.2010        1,42MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        01.11.2009        0,58MB        9.0.30729
Miranda Fusion 2.0.21        Miranda Fusion Team        30.03.2010        27,5MB        2.0.21
Mozilla Firefox (3.6.6)        Mozilla        14.07.2010                3.6.6 (de)
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        26.02.2010        47,00KB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        26.02.2010        1,35MB        4.20.9876.0
MSXML 4.0 SP2 Parser und SDK        Microsoft Corporation        24.02.2010        1,24MB        4.20.9818.0
National Instruments-Software        National Instruments        12.06.2010               
Nimo Codecs Pack v5.0 (Remove Only)                19.01.2010               
Notepad++                23.06.2010                5.6.8
NVIDIA Drivers        NVIDIA Corporation        31.10.2009                1.9
NVIDIA PhysX        NVIDIA Corporation        31.10.2009        120,0MB        9.09.0428
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        31.10.2009                6.0.1.5864
ResearchSoft Direct Export Helper                22.11.2009               
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01                31.10.2009                3.55.01
Sandboxie 3.42                22.01.2010               
SigmaPlot 11.2.0        Systat Software, Inc.        26.01.2010        93,3MB        11.2.0
SUPER © Version 2010.bld.38 (May 2, 2010)        eRightSoft        23.06.2010                Version 2010.bld.38 (May 2, 2010)
SWiSH Max2                07.12.2009               
Synaptics Pointing Device Driver        Synaptics        31.10.2009                11.1.21.0
TeamSpeak 3 Client        TeamSpeak Systems GmbH        22.01.2010               
UltraStar Deluxe        USDX Team        12.05.2010                1.1beta
VirtualCloneDrive        Elaborate Bytes        16.01.2010               
VLC media player 1.0.3        VideoLAN Team        14.11.2009                1.0.3
WIDCOMM Bluetooth Software        Broadcom Corporation        31.10.2009        88,4MB        6.2.0.9600
Windows Live ID-Anmelde-Assistent        Microsoft Corporation        01.11.2009        5,52MB        6.500.3146.0
Windows Media Player Firefox Plugin        Microsoft Corp        01.11.2009        0,29MB        1.0.0.8
WinFlash                31.10.2009               
Wireless Console 2        ATK        31.10.2009                2.0.10
ZEN 2009 Light Edition        Carl Zeiss MicroImaging GmbH        20.06.2010        29,6MB        5.5.285
Gruß
Kraketsch

kira 17.07.2010 05:31
1.
→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
Tipps für die Suche nach Dateien
Code:
C:\Windows\system32\o6xhtaz.dll
C:\Windows\system32\prsgrc.dll
C:\Windows\system32\v4tu0r9.dll
C:\Windows\system32\grcauth1.dll
C:\Windows\system32\grcauth2.dll
→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:
Code:
Datei <hier kommt die Dateiname> empfangen 2009.xx.xx xx:xx:xx (CET)
Antivirus        Version        letzte aktualisierung        Ergebnis
a-squared        4.0.0.73        2009.01.28        -
AhnLab-V3        5.0.0.2        2009.01.28        -
AntiVir        7.9.0.60        2009.01.28        -
Authentium        5.1.0.4        2009.01.27        -

...über 40 Virenscannern...also Geduld!!
2.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
C:\Qoobox
oder C:\ComboFix.txt

Kraketsch 17.07.2010 07:23
o6xhtaz.dll
Code:
File o6xhtaz.dll received on 2010.07.17 06:13:41 (UTC)
Antivirus        Version        Last Update        Result
a-squared        5.0.0.31        2010.07.16        -
AhnLab-V3        2010.07.17.00        2010.07.16        -
AntiVir        8.2.4.12        2010.07.16        -
Antiy-AVL        2.0.3.7        2010.07.15        -
Authentium        5.2.0.5        2010.07.17        -
Avast        4.8.1351.0        2010.07.16        -
Avast5        5.0.332.0        2010.07.16        -
AVG        9.0.0.836        2010.07.16        -
BitDefender        7.2        2010.07.17        -
CAT-QuickHeal        11.00        2010.07.16        -
ClamAV        0.96.0.3-git        2010.07.17        -
Comodo        5451        2010.07.16        -
DrWeb        5.0.2.03300        2010.07.17        -
eSafe        7.0.17.0        2010.07.15        -
eTrust-Vet        36.1.7715        2010.07.16        -
F-Prot        4.6.1.107        2010.07.17        -
F-Secure        9.0.15370.0        2010.07.17        -
Fortinet        4.1.143.0        2010.07.16        -
GData        21        2010.07.17        -
Ikarus        T3.1.1.84.0        2010.07.16        -
Jiangmin        13.0.900        2010.07.17        -
Kaspersky        7.0.0.125        2010.07.17        -
McAfee        5.400.0.1158        2010.07.17        -
McAfee-GW-Edition        2010.1        2010.07.16        -
Microsoft        1.6004        2010.07.17        -
NOD32        5285        2010.07.16        -
Norman        6.05.11        2010.07.16        -
nProtect        2010-07-17.01        2010.07.17        -
Panda        10.0.2.7        2010.07.16        -
PCTools        7.0.3.5        2010.07.17        -
Rising        22.56.04.04        2010.07.16        -
Sophos        4.55.0        2010.07.17        -
Sunbelt        6596        2010.07.17        -
SUPERAntiSpyware        4.40.0.1006        2010.07.17        -
Symantec        20101.1.1.7        2010.07.17        -
TheHacker        6.5.2.1.318        2010.07.16        -
TrendMicro        9.120.0.1004        2010.07.16        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.17        -
VBA32        3.12.12.6        2010.07.16        -
ViRobot        2010.7.12.3932        2010.07.17        -
VirusBuster        5.0.27.0        2010.07.16        -
Additional information
File size: 204 bytes
MD5  : 6ea9e93a2070bd540f886e21778f7be5
SHA1  : d1e0866f056279de156f88727da82fc94862bfff
SHA256: 8a1636d7f16d6ddb52ea1751e2731449c1f54e9f95780d654a9f3010b57a6618
TrID  : File type identification
file seems to be plain text/ASCII (0.0%)
ssdeep: 3:pCtw1IFA+yhYLFBlsPBqRZZpFRBFPBaGH8EGFvCkKqfGH8EGFvAHqXnv7tLQ1JLi:gI9+LLSP0RZV9BV+7ImW1acBa6GXQs
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD  : -
RDS  : NSRL Reference Data Set
-
prsgrc.dll
Code:
File prsgrc.dll received on 2010.07.17 06:12:33 (UTC)
Antivirus          Version          Last Update          Result
a-squared        5.0.0.31        2010.07.16        -
AhnLab-V3        2010.07.17.00        2010.07.16        -
AntiVir        8.2.4.12        2010.07.16        -
Antiy-AVL        2.0.3.7        2010.07.15        -
Authentium        5.2.0.5        2010.07.17        -
Avast        4.8.1351.0        2010.07.16        -
Avast5        5.0.332.0        2010.07.16        -
AVG        9.0.0.836        2010.07.16        -
BitDefender        7.2        2010.07.17        -
CAT-QuickHeal        11.00        2010.07.16        -
ClamAV        0.96.0.3-git        2010.07.17        -
Comodo        5451        2010.07.16        -
DrWeb        5.0.2.03300        2010.07.17        -
eSafe        7.0.17.0        2010.07.15        -
eTrust-Vet        36.1.7715        2010.07.16        -
F-Prot        4.6.1.107        2010.07.17        -
F-Secure        9.0.15370.0        2010.07.17        -
Fortinet        4.1.143.0        2010.07.16        -
GData        21        2010.07.17        -
Ikarus        T3.1.1.84.0        2010.07.16        -
Jiangmin        13.0.900        2010.07.17        -
Kaspersky        7.0.0.125        2010.07.17        -
McAfee        5.400.0.1158        2010.07.17        -
McAfee-GW-Edition        2010.1        2010.07.16        -
Microsoft        1.6004        2010.07.17        -
NOD32        5285        2010.07.16        -
Norman        6.05.11        2010.07.16        -
nProtect        2010-07-17.01        2010.07.17        -
Panda        10.0.2.7        2010.07.16        -
PCTools        7.0.3.5        2010.07.17        -
Prevx        3.0        2010.07.17        -
Rising        22.56.04.04        2010.07.16        -
Sophos        4.55.0        2010.07.17        -
Sunbelt        6596        2010.07.17        -
Symantec        20101.1.1.7        2010.07.17        -
TheHacker        6.5.2.1.318        2010.07.16        -
TrendMicro        9.120.0.1004        2010.07.16        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.17        -
VBA32        3.12.12.6        2010.07.16        -
ViRobot        2010.7.12.3932        2010.07.17        -
VirusBuster        5.0.27.0        2010.07.16        -
Additional information
File size: 100 bytes
MD5...: fa96882b530ef0fd9eedd0900795091e
SHA1..: 54263c64829a5756fbdf8bf474029d718c119d91
SHA256: 3201bc0a2928fe5584e5b0a2937714e3ed50d1fb738b502f4981f7a88ea12a9f
ssdeep: 3:pCtw1IFA+ymspk12BssPBqRVVk3YDvxDv:gI9+1spk21P0RVVkI
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: file seems to be plain text/ASCII (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
v4tu0r9.dll
Code:
File v4tu0r9.dll received on 2010.07.17 06:11:03 (UTC)
Antivirus          Version          Last Update          Result
a-squared        5.0.0.31        2010.07.16        -
AhnLab-V3        2010.07.17.00        2010.07.16        -
AntiVir        8.2.4.12        2010.07.16        -
Antiy-AVL        2.0.3.7        2010.07.15        -
Authentium        5.2.0.5        2010.07.17        -
Avast        4.8.1351.0        2010.07.16        -
Avast5        5.0.332.0        2010.07.16        -
AVG        9.0.0.836        2010.07.16        -
BitDefender        7.2        2010.07.17        -
CAT-QuickHeal        11.00        2010.07.16        -
ClamAV        0.96.0.3-git        2010.07.17        -
Comodo        5451        2010.07.16        -
DrWeb        5.0.2.03300        2010.07.17        -
eSafe        7.0.17.0        2010.07.15        -
eTrust-Vet        36.1.7715        2010.07.16        -
F-Prot        4.6.1.107        2010.07.17        -
F-Secure        9.0.15370.0        2010.07.17        -
Fortinet        4.1.143.0        2010.07.16        -
GData        21        2010.07.17        -
Ikarus        T3.1.1.84.0        2010.07.16        -
Jiangmin        13.0.900        2010.07.17        -
Kaspersky        7.0.0.125        2010.07.17        -
McAfee        5.400.0.1158        2010.07.17        -
McAfee-GW-Edition        2010.1        2010.07.16        -
Microsoft        1.6004        2010.07.17        -
NOD32        5285        2010.07.16        -
Norman        6.05.11        2010.07.16        -
nProtect        2010-07-17.01        2010.07.17        -
Panda        10.0.2.7        2010.07.16        -
PCTools        7.0.3.5        2010.07.17        -
Prevx        3.0        2010.07.17        -
Rising        22.56.04.04        2010.07.16        -
Sophos        4.55.0        2010.07.17        -
Sunbelt        6596        2010.07.17        -
SUPERAntiSpyware        4.40.0.1006        2010.07.17        -
Symantec        20101.1.1.7        2010.07.17        -
TheHacker        6.5.2.1.318        2010.07.16        -
TrendMicro        9.120.0.1004        2010.07.16        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.17        -
VBA32        3.12.12.6        2010.07.16        -
ViRobot        2010.7.12.3932        2010.07.17        -
VirusBuster        5.0.27.0        2010.07.16        -
Additional information
File size: 1025 bytes
MD5...: 83699ff1c6d354118106387fd5a2900f
SHA1..: fff21c3b8b2a9b7d3d7226fc5e555eb56cff8fe7
SHA256: c7fb936414202012dd9c3c814153d6bc61d0bcce1ede227da3e33ff0d274b244
ssdeep: 6:qgG7JmxeP7qvcWdc2QleLuMbuxdX3C9adw+PNvHWn2wy:e7AC7FWK8uHVwUC2w
y
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
grcauth1.dll
Code:
File grcauth1.dll received on 2010.07.17 06:05:52 (UTC)

Result: 0/41 (0%)
Antivirus          Version          Last Update          Result
a-squared        5.0.0.31        2010.07.16        -
AhnLab-V3        2010.07.17.00        2010.07.16        -
AntiVir        8.2.4.12        2010.07.16        -
Antiy-AVL        2.0.3.7        2010.07.15        -
Authentium        5.2.0.5        2010.07.17        -
Avast        4.8.1351.0        2010.07.16        -
Avast5        5.0.332.0        2010.07.16        -
AVG        9.0.0.836        2010.07.16        -
BitDefender        7.2        2010.07.17        -
CAT-QuickHeal        11.00        2010.07.16        -
ClamAV        0.96.0.3-git        2010.07.17        -
Comodo        5451        2010.07.16        -
DrWeb        5.0.2.03300        2010.07.17        -
eSafe        7.0.17.0        2010.07.15        -
eTrust-Vet        36.1.7715        2010.07.16        -
F-Prot        4.6.1.107        2010.07.17        -
F-Secure        9.0.15370.0        2010.07.17        -
Fortinet        4.1.143.0        2010.07.16        -
GData        21        2010.07.17        -
Ikarus        T3.1.1.84.0        2010.07.16        -
Jiangmin        13.0.900        2010.07.17        -
Kaspersky        7.0.0.125        2010.07.17        -
McAfee        5.400.0.1158        2010.07.17        -
McAfee-GW-Edition        2010.1        2010.07.16        -
Microsoft        1.6004        2010.07.17        -
NOD32        5285        2010.07.16        -
Norman        6.05.11        2010.07.16        -
nProtect        2010-07-17.01        2010.07.17        -
Panda        10.0.2.7        2010.07.16        -
PCTools        7.0.3.5        2010.07.17        -
Prevx        3.0        2010.07.17        -
Rising        22.56.04.04        2010.07.16        -
Sophos        4.55.0        2010.07.17        -
Sunbelt        6596        2010.07.17        -
Symantec        20101.1.1.7        2010.07.17        -
TheHacker        6.5.2.1.318        2010.07.16        -
TrendMicro        9.120.0.1004        2010.07.16        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.17        -
VBA32        3.12.12.6        2010.07.16        -
ViRobot        2010.7.12.3932        2010.07.17        -
VirusBuster        5.0.27.0        2010.07.16        -
Additional information
File size: 1025 bytes
MD5...: cd08e60c0a2928fecf9d9e67fb65eff9
SHA1..: 3536e6d38fdb693f903267808ac18b0ff0962e93
SHA256: f463e575526d3190866bd3dfaae269a4fa42332856c4acb12999d04ecdde5214
ssdeep: 6:r+6XCC7Jmx12AIvxG+0Wdc2QleLuMbuxdX3Cmadw+PNvVmF:r+yf7A72AoxG+0
WK8uHEwUVmF
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
grcauth2.dll
Code:
File grcauth2.dll received on 2010.07.17 06:09:48 (UTC)
Antivirus          Version          Last Update          Result
a-squared        5.0.0.31        2010.07.16        -
AhnLab-V3        2010.07.17.00        2010.07.16        -
AntiVir        8.2.4.12        2010.07.16        -
Antiy-AVL        2.0.3.7        2010.07.15        -
Authentium        5.2.0.5        2010.07.17        -
Avast        4.8.1351.0        2010.07.16        -
Avast5        5.0.332.0        2010.07.16        -
AVG        9.0.0.836        2010.07.16        -
BitDefender        7.2        2010.07.17        -
CAT-QuickHeal        11.00        2010.07.16        -
ClamAV        0.96.0.3-git        2010.07.17        -
Comodo        5451        2010.07.16        -
DrWeb        5.0.2.03300        2010.07.17        -
eSafe        7.0.17.0        2010.07.15        -
eTrust-Vet        36.1.7715        2010.07.16        -
F-Prot        4.6.1.107        2010.07.17        -
F-Secure        9.0.15370.0        2010.07.17        -
Fortinet        4.1.143.0        2010.07.16        -
GData        21        2010.07.17        -
Ikarus        T3.1.1.84.0        2010.07.16        -
Jiangmin        13.0.900        2010.07.17        -
Kaspersky        7.0.0.125        2010.07.17        -
McAfee        5.400.0.1158        2010.07.17        -
McAfee-GW-Edition        2010.1        2010.07.16        -
Microsoft        1.6004        2010.07.17        -
NOD32        5285        2010.07.16        -
Norman        6.05.11        2010.07.16        -
nProtect        2010-07-17.01        2010.07.17        -
Panda        10.0.2.7        2010.07.16        -
PCTools        7.0.3.5        2010.07.17        -
Prevx        3.0        2010.07.17        -
Rising        22.56.04.04        2010.07.16        -
Sophos        4.55.0        2010.07.17        -
Sunbelt        6596        2010.07.17        -
SUPERAntiSpyware        4.40.0.1006        2010.07.17        -
Symantec        20101.1.1.7        2010.07.17        -
TheHacker        6.5.2.1.318        2010.07.16        -
TrendMicro        9.120.0.1004        2010.07.16        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.17        -
VBA32        3.12.12.6        2010.07.16        -
ViRobot        2010.7.12.3932        2010.07.17        -
VirusBuster        5.0.27.0        2010.07.16        -
Additional information
File size: 1025 bytes
MD5...: cd08e60c0a2928fecf9d9e67fb65eff9
SHA1..: 3536e6d38fdb693f903267808ac18b0ff0962e93
SHA256: f463e575526d3190866bd3dfaae269a4fa42332856c4acb12999d04ecdde5214
ssdeep: 6:r+6XCC7Jmx12AIvxG+0Wdc2QleLuMbuxdX3Cmadw+PNvVmF:r+yf7A72AoxG+0
WK8uHEwUVmF
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Ich habe den Rechner nochmals mit MSE vollständig überprüft, nachdem ich Combofix ausgeführt hatte, dabei konnte MSE einiges entfernen. Eine weitere Überprüfung zeigte auch keine Ergebnisse.

C:\Combofix.txt
Code:
ComboFix 10-07-15.01 - Kraketsch 15.07.2010  22:10:01.1.2 - x86
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.3071.1909 [GMT 2:00]
ausgeführt von:: c:\users\Kraketsch\Downloads\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Kraketsch\AppData\Roaming\Xyyv
c:\users\Kraketsch\AppData\Roaming\Xyyv\utpi.exe
D:\install.exe
F:\install.exe

Infizierte Kopie von c:\windows\system32\DRIVERS\vdrvroot.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2010-06-15 bis 2010-07-15  ))))))))))))))))))))))))))))))
.

2010-07-15 20:15 . 2010-07-15 20:17        --------        d-----w-        c:\users\Kraketsch\AppData\Local\temp
2010-07-15 20:15 . 2010-07-15 20:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-15 19:23 . 2010-07-15 19:23        --------        d-----w-        c:\program files\Microsoft Security Essentials
2010-07-15 15:21 . 2010-07-15 15:21        126024        ----a-w-        c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\exami.exe
2010-07-08 08:58 . 2009-07-14 01:16        62976        ----a-w-        c:\users\Kraketsch\AppData\Local\wolagp.dll
2010-06-24 16:17 . 2010-06-24 16:18        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\Notepad++
2010-06-24 16:17 . 2010-06-24 16:17        --------        d-----w-        c:\program files\Notepad++
2010-06-24 13:47 . 2008-03-16 12:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
2010-06-24 13:47 . 2007-02-21 10:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2010-06-24 13:47 . 2006-05-03 09:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2010-06-24 07:51 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-06-24 07:51 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-06-24 07:51 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-06-24 07:51 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-06-24 07:51 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-06-23 15:26 . 2010-06-23 15:26        --------        d-----w-        c:\program files\directx
2010-06-23 12:30 . 2010-06-24 14:01        --------        d-----w-        c:\programdata\SWiSHMax2WorkFolder
2010-06-21 17:02 . 2010-06-21 17:02        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\Carl Zeiss
2010-06-21 17:01 . 2010-06-21 17:01        --------        d-----w-        c:\program files\Common Files\Carl Zeiss
2010-06-21 16:53 . 2007-01-14 20:45        368912        ----a-w-        c:\windows\system32\VBAR332.DLL
2010-06-21 16:53 . 2007-01-14 20:45        252176        ----a-w-        c:\windows\system32\MSRD2X35.DLL
2010-06-21 16:53 . 2007-01-14 20:45        24848        ----a-w-        c:\windows\system32\msjter35.dll
2010-06-21 16:53 . 2007-01-14 20:45        123664        ----a-w-        c:\windows\system32\msjint35.dll
2010-06-21 16:53 . 2007-01-14 20:45        1045776        ----a-w-        c:\windows\system32\msjet35.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 20:17 . 2009-11-02 18:45        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2010-07-15 20:13 . 2009-07-14 08:47        647376        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-15 20:13 . 2009-07-14 08:47        127404        ----a-w-        c:\windows\system32\perfc007.dat
2010-07-15 19:54 . 2010-01-07 10:17        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\Anzo
2010-07-10 08:56 . 2009-11-15 14:27        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\vlc
2010-07-10 08:47 . 2009-12-04 16:02        --------        d-----w-        c:\program files\JDownloader
2010-06-24 13:14 . 2010-02-05 17:50        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\Audacity
2010-06-23 15:26 . 2009-11-01 16:53        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-06-21 19:03 . 2009-11-01 16:27        109600        ----a-w-        c:\users\Kraketsch\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-21 17:01 . 2009-11-01 16:24        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2010-06-13 12:29 . 2010-06-13 12:09        --------        d-----w-        c:\programdata\National Instruments
2010-06-13 12:15 . 2010-06-13 12:12        --------        d-----w-        c:\program files\Common Files\Merge Modules
2010-06-12 14:13 . 2009-11-02 17:51        --------        d-----w-        c:\programdata\Microsoft Help
2010-06-07 19:05 . 2010-06-07 19:05        --------        d-----w-        c:\program files\Common Files\Deterministic Networks
2010-06-04 16:14 . 2009-11-02 18:28        --------        d-----w-        c:\program files\Microsoft Silverlight
2010-06-02 12:18 . 2010-06-02 12:18        --------        d-----w-        c:\users\Kraketsch\AppData\Roaming\.sane
2010-05-30 11:16 . 2009-11-18 21:29        --------        d-----w-        c:\program files\7-Zip
2010-05-27 07:24 . 2010-06-12 11:25        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-12 11:25        293888        ----a-w-        c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-11-01 16:44        221568        ------w-        c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-12 11:25        977920        ----a-w-        c:\windows\system32\wininet.dll
2010-05-01 14:49 . 2010-06-12 11:25        2326528        ----a-w-        c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-05-29 11:56        2048        ----a-w-        c:\windows\system32\tzres.dll
2007-02-08 08:48 . 2007-02-08 08:48        133920        ----a-w-        c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-12-10 12:50 . 2008-12-10 12:50        118784        ----a-w-        c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2006-05-03 09:06 . 2010-06-24 13:47        163328        --sh--r-        c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2010-06-24 13:47        31232        --sh--r-        c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2010-06-24 13:47        216064        --sh--r-        c:\windows\System32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-12-01 389120]
"Miranda Fusion"="c:\program files\MirandaFusion\mfstart.exe" [2010-02-14 918788]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-02 7518752]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1206544]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-24 159744]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-11-01 47672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5082488]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357800]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-6-7 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

R1 MpKsla022f17a;MpKsla022f17a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68EFD88C-1C06-4D0B-B823-3A4F30588B65}\MpKsla022f17a.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-01 29472]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 211216]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2009-11-04 902432]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-11-04 2326920]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-11-04 159168]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv86win32.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-{E6471645-544E-428A-86CB-6F4CAC87AFC0} - c:\users\Kraketsch\AppData\Roaming\Xyyv\utpi.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3572)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
d:\program files\National Instruments\MAX\nimxs.exe
d:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
d:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\windows\system32\taskhost.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft Security Essentials\MpCmdRun.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\MirandaFusion\miranda32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\MirandaFusion\mfwd.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-15  22:20:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-07-15 20:20

Vor Suchlauf: 10 Verzeichnis(se), 74.309.558.272 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 74.808.725.504 Bytes frei

- - End Of File - - 747ACCA4D6123385A8233314E3706833

kira 20.07.2010 09:15
Bevor wir nun loslegen mit der Reinigung,laden wir die unbekannten Dateien hoch, damit sie von den AV-Programm-Herstellern in die Signaturen aufgenommen werden können bzw zur weitere Analyse:

Datei Upload
C:\Windows\system32\o6xhtaz.dll
C:\Windows\system32\prsgrc.dll
C:\Windows\system32\v4tu0r9.dll
C:\Windows\system32\grcauth1.dll
C:\Windows\system32\grcauth2.dll
  • Gib im Kommentarfeld Folgendes an:
  • "Unknown file"
  • diese Information:
Code:
File o6xhtaz.dll received on 2010.07.17 06:13:41 (UTC)
Antivirus        Version        Last Update        Result
a-squared        5.0.0.31        2010.07.16        -
AhnLab-V3        2010.07.17.00        2010.07.16        -
AntiVir        8.2.4.12        2010.07.16        -
Antiy-AVL        2.0.3.7        2010.07.15        -
Authentium        5.2.0.5        2010.07.17        -
Avast        4.8.1351.0        2010.07.16        -
Avast5        5.0.332.0        2010.07.16        -
AVG        9.0.0.836        2010.07.16        -
BitDefender        7.2        2010.07.17        -
CAT-QuickHeal        11.00        2010.07.16        -
ClamAV        0.96.0.3-git        2010.07.17        -
Comodo        5451        2010.07.16        -
DrWeb        5.0.2.03300        2010.07.17        -
eSafe        7.0.17.0        2010.07.15        -
eTrust-Vet        36.1.7715        2010.07.16        -
F-Prot        4.6.1.107        2010.07.17        -
F-Secure        9.0.15370.0        2010.07.17        -
Fortinet        4.1.143.0        2010.07.16        -
GData        21        2010.07.17        -
Ikarus        T3.1.1.84.0        2010.07.16        -
Jiangmin        13.0.900        2010.07.17        -
Kaspersky        7.0.0.125        2010.07.17        -
McAfee        5.400.0.1158        2010.07.17        -
McAfee-GW-Edition        2010.1        2010.07.16        -
Microsoft        1.6004        2010.07.17        -
NOD32        5285        2010.07.16        -
Norman        6.05.11        2010.07.16        -
nProtect        2010-07-17.01        2010.07.17        -
Panda        10.0.2.7        2010.07.16        -
PCTools        7.0.3.5        2010.07.17        -
Rising        22.56.04.04        2010.07.16        -
Sophos        4.55.0        2010.07.17        -
Sunbelt        6596        2010.07.17        -
SUPERAntiSpyware        4.40.0.1006        2010.07.17        -
Symantec        20101.1.1.7        2010.07.17        -
TheHacker        6.5.2.1.318        2010.07.16        -
TrendMicro        9.120.0.1004        2010.07.16        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.17        -
VBA32        3.12.12.6        2010.07.16        -
ViRobot        2010.7.12.3932        2010.07.17        -
VirusBuster        5.0.27.0        2010.07.16        -
Additional information
File size: 204 bytes
MD5  : 6ea9e93a2070bd540f886e21778f7be5
SHA1  : d1e0866f056279de156f88727da82fc94862bfff
SHA256: 8a1636d7f16d6ddb52ea1751e2731449c1f54e9f95780d654a9f3010b57a6618
TrID  : File type identification
file seems to be plain text/ASCII (0.0%)
ssdeep: 3:pCtw1IFA+yhYLFBlsPBqRZZpFRBFPBaGH8EGFvCkKqfGH8EGFvAHqXnv7tLQ1JLi:gI9+LLSP0RZV9BV+7ImW1acBa6GXQs
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD  : -
RDS  : NSRL Reference Data Set
-


File prsgrc.dll received on 2010.07.17 06:12:33 (UTC)
Antivirus          Version          Last Update          Result
a-squared        5.0.0.31        2010.07.16        -
AhnLab-V3        2010.07.17.00        2010.07.16        -
AntiVir        8.2.4.12        2010.07.16        -
Antiy-AVL        2.0.3.7        2010.07.15        -
Authentium        5.2.0.5        2010.07.17        -
Avast        4.8.1351.0        2010.07.16        -
Avast5        5.0.332.0        2010.07.16        -
AVG        9.0.0.836        2010.07.16        -
BitDefender        7.2        2010.07.17        -
CAT-QuickHeal        11.00        2010.07.16        -
ClamAV        0.96.0.3-git        2010.07.17        -
Comodo        5451        2010.07.16        -
DrWeb        5.0.2.03300        2010.07.17        -
eSafe        7.0.17.0        2010.07.15        -
eTrust-Vet        36.1.7715        2010.07.16        -
F-Prot        4.6.1.107        2010.07.17        -
F-Secure        9.0.15370.0        2010.07.17        -
Fortinet        4.1.143.0        2010.07.16        -
GData        21        2010.07.17        -
Ikarus        T3.1.1.84.0        2010.07.16        -
Jiangmin        13.0.900        2010.07.17        -
Kaspersky        7.0.0.125        2010.07.17        -
McAfee        5.400.0.1158        2010.07.17        -
McAfee-GW-Edition        2010.1        2010.07.16        -
Microsoft        1.6004        2010.07.17        -
NOD32        5285        2010.07.16        -
Norman        6.05.11        2010.07.16        -
nProtect        2010-07-17.01        2010.07.17        -
Panda        10.0.2.7        2010.07.16        -
PCTools        7.0.3.5        2010.07.17        -
Prevx        3.0        2010.07.17        -
Rising        22.56.04.04        2010.07.16        -
Sophos        4.55.0        2010.07.17        -
Sunbelt        6596        2010.07.17        -
Symantec        20101.1.1.7        2010.07.17        -
TheHacker        6.5.2.1.318        2010.07.16        -
TrendMicro        9.120.0.1004        2010.07.16        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.17        -
VBA32        3.12.12.6        2010.07.16        -
ViRobot        2010.7.12.3932        2010.07.17        -
VirusBuster        5.0.27.0        2010.07.16        -
Additional information
File size: 100 bytes
MD5...: fa96882b530ef0fd9eedd0900795091e
SHA1..: 54263c64829a5756fbdf8bf474029d718c119d91
SHA256: 3201bc0a2928fe5584e5b0a2937714e3ed50d1fb738b502f4981f7a88ea12a9f
ssdeep: 3:pCtw1IFA+ymspk12BssPBqRVVk3YDvxDv:gI9+1spk21P0RVVkI
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: file seems to be plain text/ASCII (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


File v4tu0r9.dll received on 2010.07.17 06:11:03 (UTC)
Antivirus          Version          Last Update          Result
a-squared        5.0.0.31        2010.07.16        -
AhnLab-V3        2010.07.17.00        2010.07.16        -
AntiVir        8.2.4.12        2010.07.16        -
Antiy-AVL        2.0.3.7        2010.07.15        -
Authentium        5.2.0.5        2010.07.17        -
Avast        4.8.1351.0        2010.07.16        -
Avast5        5.0.332.0        2010.07.16        -
AVG        9.0.0.836        2010.07.16        -
BitDefender        7.2        2010.07.17        -
CAT-QuickHeal        11.00        2010.07.16        -
ClamAV        0.96.0.3-git        2010.07.17        -
Comodo        5451        2010.07.16        -
DrWeb        5.0.2.03300        2010.07.17        -
eSafe        7.0.17.0        2010.07.15        -
eTrust-Vet        36.1.7715        2010.07.16        -
F-Prot        4.6.1.107        2010.07.17        -
F-Secure        9.0.15370.0        2010.07.17        -
Fortinet        4.1.143.0        2010.07.16        -
GData        21        2010.07.17        -
Ikarus        T3.1.1.84.0        2010.07.16        -
Jiangmin        13.0.900        2010.07.17        -
Kaspersky        7.0.0.125        2010.07.17        -
McAfee        5.400.0.1158        2010.07.17        -
McAfee-GW-Edition        2010.1        2010.07.16        -
Microsoft        1.6004        2010.07.17        -
NOD32        5285        2010.07.16        -
Norman        6.05.11        2010.07.16        -
nProtect        2010-07-17.01        2010.07.17        -
Panda        10.0.2.7        2010.07.16        -
PCTools        7.0.3.5        2010.07.17        -
Prevx        3.0        2010.07.17        -
Rising        22.56.04.04        2010.07.16        -
Sophos        4.55.0        2010.07.17        -
Sunbelt        6596        2010.07.17        -
SUPERAntiSpyware        4.40.0.1006        2010.07.17        -
Symantec        20101.1.1.7        2010.07.17        -
TheHacker        6.5.2.1.318        2010.07.16        -
TrendMicro        9.120.0.1004        2010.07.16        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.17        -
VBA32        3.12.12.6        2010.07.16        -
ViRobot        2010.7.12.3932        2010.07.17        -
VirusBuster        5.0.27.0        2010.07.16        -
Additional information
File size: 1025 bytes
MD5...: 83699ff1c6d354118106387fd5a2900f
SHA1..: fff21c3b8b2a9b7d3d7226fc5e555eb56cff8fe7
SHA256: c7fb936414202012dd9c3c814153d6bc61d0bcce1ede227da3e33ff0d274b244
ssdeep: 6:qgG7JmxeP7qvcWdc2QleLuMbuxdX3C9adw+PNvHWn2wy:e7AC7FWK8uHVwUC2w
y
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


File grcauth1.dll received on 2010.07.17 06:05:52 (UTC)

Result: 0/41 (0%)
Antivirus          Version          Last Update          Result
a-squared        5.0.0.31        2010.07.16        -
AhnLab-V3        2010.07.17.00        2010.07.16        -
AntiVir        8.2.4.12        2010.07.16        -
Antiy-AVL        2.0.3.7        2010.07.15        -
Authentium        5.2.0.5        2010.07.17        -
Avast        4.8.1351.0        2010.07.16        -
Avast5        5.0.332.0        2010.07.16        -
AVG        9.0.0.836        2010.07.16        -
BitDefender        7.2        2010.07.17        -
CAT-QuickHeal        11.00        2010.07.16        -
ClamAV        0.96.0.3-git        2010.07.17        -
Comodo        5451        2010.07.16        -
DrWeb        5.0.2.03300        2010.07.17        -
eSafe        7.0.17.0        2010.07.15        -
eTrust-Vet        36.1.7715        2010.07.16        -
F-Prot        4.6.1.107        2010.07.17        -
F-Secure        9.0.15370.0        2010.07.17        -
Fortinet        4.1.143.0        2010.07.16        -
GData        21        2010.07.17        -
Ikarus        T3.1.1.84.0        2010.07.16        -
Jiangmin        13.0.900        2010.07.17        -
Kaspersky        7.0.0.125        2010.07.17        -
McAfee        5.400.0.1158        2010.07.17        -
McAfee-GW-Edition        2010.1        2010.07.16        -
Microsoft        1.6004        2010.07.17        -
NOD32        5285        2010.07.16        -
Norman        6.05.11        2010.07.16        -
nProtect        2010-07-17.01        2010.07.17        -
Panda        10.0.2.7        2010.07.16        -
PCTools        7.0.3.5        2010.07.17        -
Prevx        3.0        2010.07.17        -
Rising        22.56.04.04        2010.07.16        -
Sophos        4.55.0        2010.07.17        -
Sunbelt        6596        2010.07.17        -
Symantec        20101.1.1.7        2010.07.17        -
TheHacker        6.5.2.1.318        2010.07.16        -
TrendMicro        9.120.0.1004        2010.07.16        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.17        -
VBA32        3.12.12.6        2010.07.16        -
ViRobot        2010.7.12.3932        2010.07.17        -
VirusBuster        5.0.27.0        2010.07.16        -
Additional information
File size: 1025 bytes
MD5...: cd08e60c0a2928fecf9d9e67fb65eff9
SHA1..: 3536e6d38fdb693f903267808ac18b0ff0962e93
SHA256: f463e575526d3190866bd3dfaae269a4fa42332856c4acb12999d04ecdde5214
ssdeep: 6:r+6XCC7Jmx12AIvxG+0Wdc2QleLuMbuxdX3Cmadw+PNvVmF:r+yf7A72AoxG+0
WK8uHEwUVmF
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


File grcauth2.dll received on 2010.07.17 06:09:48 (UTC)
Antivirus          Version          Last Update          Result
a-squared        5.0.0.31        2010.07.16        -
AhnLab-V3        2010.07.17.00        2010.07.16        -
AntiVir        8.2.4.12        2010.07.16        -
Antiy-AVL        2.0.3.7        2010.07.15        -
Authentium        5.2.0.5        2010.07.17        -
Avast        4.8.1351.0        2010.07.16        -
Avast5        5.0.332.0        2010.07.16        -
AVG        9.0.0.836        2010.07.16        -
BitDefender        7.2        2010.07.17        -
CAT-QuickHeal        11.00        2010.07.16        -
ClamAV        0.96.0.3-git        2010.07.17        -
Comodo        5451        2010.07.16        -
DrWeb        5.0.2.03300        2010.07.17        -
eSafe        7.0.17.0        2010.07.15        -
eTrust-Vet        36.1.7715        2010.07.16        -
F-Prot        4.6.1.107        2010.07.17        -
F-Secure        9.0.15370.0        2010.07.17        -
Fortinet        4.1.143.0        2010.07.16        -
GData        21        2010.07.17        -
Ikarus        T3.1.1.84.0        2010.07.16        -
Jiangmin        13.0.900        2010.07.17        -
Kaspersky        7.0.0.125        2010.07.17        -
McAfee        5.400.0.1158        2010.07.17        -
McAfee-GW-Edition        2010.1        2010.07.16        -
Microsoft        1.6004        2010.07.17        -
NOD32        5285        2010.07.16        -
Norman        6.05.11        2010.07.16        -
nProtect        2010-07-17.01        2010.07.17        -
Panda        10.0.2.7        2010.07.16        -
PCTools        7.0.3.5        2010.07.17        -
Prevx        3.0        2010.07.17        -
Rising        22.56.04.04        2010.07.16        -
Sophos        4.55.0        2010.07.17        -
Sunbelt        6596        2010.07.17        -
SUPERAntiSpyware        4.40.0.1006        2010.07.17        -
Symantec        20101.1.1.7        2010.07.17        -
TheHacker        6.5.2.1.318        2010.07.16        -
TrendMicro        9.120.0.1004        2010.07.16        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.17        -
VBA32        3.12.12.6        2010.07.16        -
ViRobot        2010.7.12.3932        2010.07.17        -
VirusBuster        5.0.27.0        2010.07.16        -
Additional information
File size: 1025 bytes
MD5...: cd08e60c0a2928fecf9d9e67fb65eff9
SHA1..: 3536e6d38fdb693f903267808ac18b0ff0962e93
SHA256: f463e575526d3190866bd3dfaae269a4fa42332856c4acb12999d04ecdde5214
ssdeep: 6:r+6XCC7Jmx12AIvxG+0Wdc2QleLuMbuxdX3Cmadw+PNvVmF:r+yf7A72AoxG+0
WK8uHEwUVmF
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
  • Drücke nun auf den Button "Send File"
  • **Damit wir mit dem nächsten Schritt fortfahren können, teile uns mit, ob es dir gelungen ist, die Datei/en hochzuladen.
    .

Kraketsch 20.07.2010 09:51
Hallo,
habe die Dateien erfolgreich hochladen können:
Code:
Your file (o6xhtaz.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

Your file (prsgrc.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

Your file (v4tu0r9.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

Your file (grcauth1.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

Your file (grcauth2.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

kira 20.07.2010 11:15
1.
Malwarebytes Anti-Malware - bitte aus dem Autostart herausnehmen!:
- den Autostart-Programmen zu gelangen: "Start-> Alle Programme-> Autostart...Reiter "Systemstart"
- oder "Programme-> Dateien durchsuchen-> im Startmenü schreibst Du "msconfig" rein und wählst Du den "Systemstart" aus
- auch Ccleaner kann dabei helfen:
starten-> Extras-> Autostart...

2.
Zitat:
**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.
Temp Ordner leeren:
C:\Users\xxxxx\AppData\Local\Temp--> lösche nur den Inhalt der Ordner, nicht die Ordner selbst
oder klicke auf Start-> Suche-> %temp% reinschreiben...

3.
Öffne CCleaner
  • "Cleaner"-->"Analysieren"-->Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"--> "Fehler beheben"-->"Alle beheben"
  • Starte dein System neu auf

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...(Update 21 schon fällig!)

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.

→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ InternetoptionenSicherheit":
→ alles auf Standardstufe stellen
Active X erlauben - damit die neue Virendefinitionen installiert werden können

7.
poste erneut - nach der vorgenommenen Reinigungsaktion:
► TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
► hjtscanlist v2.0 - Dateiliste

Kraketsch 22.07.2010 06:29
1.
Habe versucht Malwarebytes aus dem Autostart zu entfernen, war aber wohl schon weg, habe es nicht gefunden.

2.
Alles Dateien gelöscht, bis auf die Ordner.

3.
Alle Fehler behoben und System neu gestartet.

4. Hier der SuperAntipyware Report Teil I (wegen der 10k Zeichengrenze):
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/20/2010 at 04:07 PM

Application Version : 4.40.1002

Core Rules Database Version : 5233
Trace Rules Database Version: 3045

Scan type      : Complete Scan
Total Scan Time : 00:52:59

Memory items scanned      : 858
Memory threats detected  : 0
Registry items scanned    : 11236
Registry threats detected : 0
File items scanned        : 54831
File threats detected    : 885

Adware.Tracking Cookie
        ad.zanox.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .doubleclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adtech.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .zanox-affiliate.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .atdmt.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.zanox.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.zanox.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .zanox.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tto2.traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .komtrack.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.zanox-affiliate.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .googleadservices.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adbrite.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adbrite.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.zanox-affiliate.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.zanox-affiliate.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.usenext.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adbrite.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adserver.71i.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .usenext.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .imrworldwide.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .imrworldwide.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .apmebf.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .apmebf.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adopt.euroclick.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .media6degrees.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .media6degrees.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .bs.serving-sys.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .casalemedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .casalemedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .casalemedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .yadro.ru [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .media6degrees.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .media6degrees.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .media6degrees.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .burstnet.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .burstnet.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        statse.webtrendslive.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .partypoker.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .partypoker.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        eas.apm.emediate.eu [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .fastclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .fastclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .mediaplex.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rotator.adjuggler.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rotator.adjuggler.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adsrv.admediate.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adsrv.admediate.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ice.112.2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.performance-adserver.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .doubleclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .mediaplex.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.3gnet.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        data.coremetrics.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .sevenoneintermedia.112.2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a2.adserver01.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .chitika.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .weborama.fr [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .xiti.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .weborama.fr [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .weborama.fr [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .kontera.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .kontera.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .euros4click.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .im.banner.t-online.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .smartadserver.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .smartadserver.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .smartadserver.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        eas.apm.emediate.eu [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.3gnet.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tacoda.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tacoda.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tacoda.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .at.atwola.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .at.atwola.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .fastclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a2.adserver01.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .euros4click.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .euros4click.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .247realmedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .247realmedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ad.adnet.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ad.adnet.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.euros4click.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .euroclick.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .www.traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertstream.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertstream.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertstream.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.3gnet.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adviva.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adviva.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.3gnet.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adtech.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.adition.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.adition.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www5.addfreestats.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .atdmt.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .collective-media.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertstream.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertstream.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .atdmt.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .atwola.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .fastclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .casalemedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .zedo.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .revsci.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .www.traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        eas.apm.emediate.eu [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .burstnet.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.3gnet.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .www.traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        server.cpmstar.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .eaeacom.112.2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webstats4u.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .cyonix.to [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .videoegg.adbureau.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .www.traffictrack.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .track.webgains.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .at.atwola.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .kontera.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .zedo.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .clicksor.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .clicksor.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adsrv1.admediate.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webstats4u.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .bluestreak.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .roitracking.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        de.sitestat.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.mindshare.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .partypoker.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.partypoker.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .pro-market.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .pointroll.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        go.dynamic-tracking.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .questionmarket.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        de.sitestat.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .pointroll.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .clickbank.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .microsoftsto.112.2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        cdn5.specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        cdn5.specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.asustreiber.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .interclick.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .interclick.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .game-advertising-online.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .divx.112.2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .clickandload.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .clickandload.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .clickandload.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .clickandload.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .clickandload.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .clickandload.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .track.webgains.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        stan.xxxturbo.biz [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .vodafonegroup.122.2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a7.adserver01.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traditionalmusic.co.uk [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traditionalmusic.co.uk [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.active-tracking.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.active-tracking.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.active-tracking.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertstream.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .smartadserver.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adserver.adtechus.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.highfi-stats.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.highfi-stats.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        s03.flagcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ddl-warez.org [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ddl-warez.org [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        track.ads-mall.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .casalemedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .casalemedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        advertiser.contextmatters.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rts.pgmediaserve.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rts.pgmediaserve.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rts.pgmediaserve.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rts.pgmediaserve.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adbrite.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .hookedmediagroup.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .hookedmediagroup.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        track.750industries.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        track.750industries.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        track.750industries.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .euros4click.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.soundtrack-board.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.soundtrack-board.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .soundtrack-board.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .soundtrack-board.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .soundtrack-board.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adserver.adreactor.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .overture.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .overture.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        de.partypoker.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .overture.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.etracker.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .casalemedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .casalemedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        nedstat.hostelbookers.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        nedstat.hostelbookers.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adserver.jugendherberge.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .media.photobucket.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .mmedia.t134.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        server.iad.liveperson.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        server.iad.liveperson.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adx.chip.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .realmedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .trafficmp.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .trafficmp.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .trafficmp.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a7.adserver01.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a7.adserver01.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .azjmp.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.usenext.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adservern.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www7.addfreestats.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        s3.trafficmaxx.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.trafficmaxx.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adserv.quality-channel.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .msnportal.112.2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adtech.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .uk.at.atwola.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adserver.adremedy.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        metroleap.rotator.hadj7.adjuggler.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        metroleap.rotator.hadj7.adjuggler.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        dc.tremormedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .komtrack.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a7.adserver01.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a7.adserver01.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adserver.kino-zeit.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .aimfar.solution.weborama.fr [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .oxygen-warez.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .oxygen-warez.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .revsci.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adrevolver.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adrevolver.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        media.adrevolver.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.quisma.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .zedo.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .revsci.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .revsci.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.googleadservices.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.googleadservices.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .agofev.122.2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adfarm1.adition.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        server.lon.liveperson.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        server.lon.liveperson.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .valueclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.trackingcenter.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .toplist.cz [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.googleadservices.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.mindshare.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        stats.searchtrack.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        stats.searchtrack.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        stats.searchtrack.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        stats.searchtrack.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        stats.searchtrack.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        stats.searchtrack.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        stats.searchtrack.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webstats4u.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.etracker.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        openxxx.viragemedia.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        fl01.ct2.comclick.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        fl01.ct2.comclick.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .server.cpmstar.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .server.cpmstar.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .content.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .zedo.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tripod.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tripod.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .wissende.122.2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .guj.122.2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .euros4click.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .euros4click.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .himedia.individuad.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .himedia.individuad.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.smartadserver.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .viacom.adbureau.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .viacom.adbureau.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .viacom.adbureau.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .questionmarket.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        gr.burstnet.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .smartadserver.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tacoda.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .fastclick.net [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adfarm1.adition.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        top-hitz.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .top-hitz.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .top-hitz.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.cyonix.to [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.cyonix.to [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        vote4warez.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .cyonix.to [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.alternads.info [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        logging.ourstats.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.etracker.de [ C:\Sandbox\Kraketsch\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        cdn5.specificclick.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SQ69WHXG ]
        acvs.mediaonenetwork.net [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        cdn1.eyewonder.com [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        cdn4.specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        cdn5.specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        enterotracker.de [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        googleads.g.doubleclick.net [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        interclick.com [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        kunden.wundermedia.de [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        media.jambocast.com [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        media.scanscout.com [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        media.socialvibe.com [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        media01.kyte.tv [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        media1.break.com [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        msnbcmedia.msn.com [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        naiadsystems.com [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        pornoprinzen.com [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        video.unrulymedia.com [ E:\Users\Kraketsch\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\X7RK6D5F ]
        E:\Users\Kraketsch\AppData\Roaming\Microsoft\Windows\Cookies\kraketsch@eaeacom.112.2o7[1].txt
        E:\Users\Kraketsch\AppData\Roaming\Microsoft\Windows\Cookies\kraketsch@www.mediasoftwareapps[1].txt
        E:\Users\Kraketsch\AppData\Roaming\Microsoft\Windows\Cookies\Low\kraketsch@atdmt[2].txt
        E:\Users\Kraketsch\AppData\Roaming\Microsoft\Windows\Cookies\Low\kraketsch@xxx.nightclub[2].txt
        .doubleclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adtech.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .atdmt.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.zanox.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.zanox.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tto2.traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .googleadservices.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adbrite.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adbrite.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.zanox-affiliate.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.zanox-affiliate.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertising.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webmasterplan.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adserver.71i.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .usenext.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .imrworldwide.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .imrworldwide.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .apmebf.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .apmebf.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ad.yieldmanager.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adopt.euroclick.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .bs.serving-sys.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .casalemedia.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .yadro.ru [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .burstnet.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .burstnet.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        statse.webtrendslive.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .partypoker.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        eas.apm.emediate.eu [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .fastclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .fastclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .mediaplex.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rotator.adjuggler.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rotator.adjuggler.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adsrv.admediate.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adsrv.admediate.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ice.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.performance-adserver.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .doubleclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .mediaplex.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.3gnet.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        data.coremetrics.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .sevenoneintermedia.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        zbox.zanox.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a2.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .chitika.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .weborama.fr [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .xiti.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .cz8.clickzs.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .cz8.clickzs.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .kontera.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .kontera.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.quartermedia.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .im.banner.t-online.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .smartadserver.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .smartadserver.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .smartadserver.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        eas.apm.emediate.eu [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.3gnet.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tacoda.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tacoda.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .at.atwola.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .fastclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a2.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .euros4click.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .247realmedia.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .247realmedia.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .trafficmp.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .trafficmp.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        de.sitestat.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox

Kraketsch 22.07.2010 06:30
Teil II:
Code:
\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.adservex.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ad.adnet.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ad.adnet.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.euros4click.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .euroclick.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adviva.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adviva.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.adition.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.adition.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www5.addfreestats.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .atdmt.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .collective-media.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a7.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a7.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .advertstream.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a6.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        waldemartraffic.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        in.bubblestat.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .atdmt.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a6.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .zedo.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .revsci.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .media.photobucket.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        eas.apm.emediate.eu [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .burstnet.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adultadworld.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tracking.3gnet.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .www.traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .party-discount.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www7.addfreestats.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        server.cpmstar.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .eaeacom.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tribalfusion.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a9.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tsprotraffic.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .oxygen-warez.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a6.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ddl-warez.org [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webstats4u.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .cyonix.to [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .msnbc.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .xm.xtendmedia.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .videoegg.adbureau.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        eulge.acecounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        eulge.acecounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .lgeeurope.122.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .mediafire.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .mediafire.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .skype.122.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .msnaccountservices.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        track.webtrekk.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.smartadserver.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .fr.at.atwola.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        track.webtrekk.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        de.sitestat.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        de.sitestat.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .kunden.wundermedia.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .azjmp.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .azjmp.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .smileycentral.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .smileycentral.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.ad-track.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a3.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .www.traffictrack.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        c.trafficed.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        track.webtrekk.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .eb.adbureau.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adrevolver.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adrevolver.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        media.adrevolver.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .track.webgains.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.bigtracker.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .valueclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        it.sitestat.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        it.sitestat.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rm.yieldmanager.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rm.yieldmanager.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        rm.yieldmanager.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adinterax.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .adinterax.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .wlw.122.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .n4061ad.de.doubleclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .medialand.ru [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .medialand.ru [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .medialand.ru [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .at.atwola.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        secure.partyaccount.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .partyaccount.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .kontera.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .zedo.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .guj.122.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        webstats.liberale.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .statcounter.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .bubblestat.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www8.addfreestats.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .stats.adbrite.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        counter.hitslink.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .partygaming.122.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .stats.citypromedia.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .paypal.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .countomat.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        eas4.emediate.eu [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .trackalyzer.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adsrv1.admediate.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .wissende.122.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .webstats4u.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ehg-illumina.hitbox.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .hitbox.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .bluestreak.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .roitracking.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        de.sitestat.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        beacons.hottraffic.nl [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.publicidees.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.publicidees.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.publicidees.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .cunda.122.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .agofev.122.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adserver.sevenload.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .microsoftoffice.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .revsci.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .revsci.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .revsci.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .serving-sys.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .partypoker.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.partypoker.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .deutschepostag.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .comparenetworks.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .cbs.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        cdn4.specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        cdn4.specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        track.webtrekk.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a6.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.klicktel.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.klicktel.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .edsa.122.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificmedia.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .pro-market.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        adserv.chirurgie-portal.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .pointroll.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.yieldmanager.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .bravenet.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .bravenet.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .questionmarket.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .questionmarket.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        de.sitestat.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .ads.pointroll.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .pointroll.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.quisma.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .microsoftsto.112.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        cdn5.specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        cdn5.specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        tracking.asustreiber.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        a7.adserver01.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .vodafonegroup.122.2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .2o7.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .invitemedia.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .invitemedia.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .invitemedia.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .tradedoubler.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        ad.zanox.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .zanox.com [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        www.etracker.de [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]
        .specificclick.net [ E:\Users\Kraketsch\AppData\Roaming\Mozilla\Firefox\Profiles\5ni5i71o.default\cookies.sqlite ]

5.
Java ist bereits auf dem aktuellsten Stand wird angezeigt,

6.
Hier der Kaspersky Onlinescanner Report (er war wohl Fündug!):
Code:
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 22, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, July 21, 2010 11:32:38
Records in database: 4232069
Scan settings
scan using the following database        extended
Scan archives        yes
Scan e-mail databases        yes
Scan area        My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics
Objects scanned        347473
Threats found        2
Infected objects found        3
Suspicious objects found        0
Scan duration        06:26:09

File name        Threat        Threats count
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\exami.exe        Infected: Trojan-Spy.Win32.Zbot.almf        1       
E:\Users\Kraketsch\AppData\Roaming\Thunderbird\Profiles\26hqet1h.default\Mail\Local Folders\Inbox        Infected: Backdoor.Win32.Bredolab.aue        1       
E:\Users\Kraketsch\AppData\Roaming\Thunderbird\Profiles\26hqet1h.default\Mail\Local Folders\Trash        Infected: Backdoor.Win32.Bredolab.aue        1       
Selected area has been scanned.
7.HijackThis
[Code]
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:19:57, on 22.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Kraketsch\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Miranda Fusion] C:\Program Files\MirandaFusion\mfstart.exe
O4 - .DEFAULT User Startup: exami.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - D:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - D:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 10690 bytes
--- --- ---


hitscanlist
Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7600]
 
 
C:

  21.07.2010 08:35    C:\System Volume Information --------- 4096 
      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  20.07.2010 15:10    C:\ProgramData --------- 8192 
  20.07.2010 15:10    C:\Program Files --------- 20480 
  20.07.2010 15:07    C:\Windows --------- 28672 
  16.07.2010 08:33    C:\ComboFix --------- 49152 
  15.07.2010 22:20    C:\ComboFix.txt --------- 18291 
  15.07.2010 22:17    C:\$RECYCLE.BIN --------- 0 
  23.01.2010 18:32    C:\Sandbox --------- 0 
  20.11.2009 16:14    C:\AIM --------- 0 
  02.11.2009 19:51    C:\MSOCache --------- 0 
  01.11.2009 22:38    C:\MSDOS.SYS --------- 0 
  01.11.2009 22:38    C:\IO.SYS --------- 0 
  01.11.2009 19:06    C:\Intel --------- 0 
  01.11.2009 18:23    C:\NVIDIA --------- 0 
  01.11.2009 12:30    C:\Users --------- 4096 
  01.11.2009 12:30    C:\Recovery --------- 0 
  01.11.2009 12:30    C:\Programme --------- 0 
  01.11.2009 12:30    C:\Dokumente und Einstellungen --------- 0 
  14.07.2009 06:53    C:\Documents and Settings --------- 0 
  14.07.2009 04:37    C:\PerfLogs --------- 0 
  10.06.2009 23:42    C:\config.sys --------- 10 
  10.06.2009 23:42    C:\autoexec.bat --------- 24 
----------------------------------------

 
C:\Windows

  22.07.2010 07:07    C:\Windows\bootstat.dat --------- 67584 
  22.07.2010 07:12    C:\Windows\WindowsUpdate.log --------- 1306882 
  20.07.2010 16:28    C:\Windows\setupact.log --------- 112 
  20.07.2010 15:07    C:\Windows\setuperr.log --------- 0 
  17.07.2010 09:59    C:\Windows\Setup1.exe --------- 249856 
  17.07.2010 09:59    C:\Windows\ST6UNST.EXE --------- 73216 
  15.07.2010 22:17    C:\Windows\system.ini --------- 215 
  23.06.2010 16:51    C:\Windows\Sandboxie.ini --------- 1588 
  07.06.2010 21:05    C:\Windows\VPNInstall.MIF --------- 1594 
  07.06.2010 21:01    C:\Windows\VPNUnInstall.MIF --------- 1594 
  25.02.2010 10:24    C:\Windows\Menu.INI --------- 32 
  22.02.2010 00:55    C:\Windows\LPLAY.INI --------- 670 
  05.01.2010 16:37    C:\Windows\win.ini --------- 478 
  25.11.2009 15:28    C:\Windows\diagwrn.xml --------- 2562 
  25.11.2009 15:28    C:\Windows\diagerr.xml --------- 1908 
  02.11.2009 19:02    C:\Windows\nsreg.dat --------- 0 
  01.11.2009 22:36    C:\Windows\ATKPF.ini --------- 24 
  01.11.2009 20:54    C:\Windows\AsScrProlog.exe --------- 47672 
  01.11.2009 20:54    C:\Windows\ASUS Camera ScreenSaver.exe --------- 4814371 
  01.11.2009 20:54    C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe --------- 281144 
  31.10.2009 07:45    C:\Windows\explorer.exe --------- 2614272 
  14.07.2009 06:41    C:\Windows\WindowsShell.Manifest --------- 749 
  14.07.2009 03:16    C:\Windows\twain_32.dll --------- 51200 
  14.07.2009 03:14    C:\Windows\write.exe --------- 9216 
  14.07.2009 03:14    C:\Windows\winhlp32.exe --------- 9728 
  14.07.2009 03:14    C:\Windows\twunk_32.exe --------- 31232 
  14.07.2009 03:14    C:\Windows\regedit.exe --------- 398336 
  14.07.2009 03:14    C:\Windows\notepad.exe --------- 179712 
  14.07.2009 03:14    C:\Windows\hh.exe --------- 15360 
  14.07.2009 03:14    C:\Windows\HelpPane.exe --------- 497152 
  14.07.2009 03:14    C:\Windows\fveupdate.exe --------- 13824 
  14.07.2009 03:14    C:\Windows\bfsvc.exe --------- 65024 
  14.07.2009 00:58    C:\Windows\mib.bin --------- 43131 
  10.06.2009 23:42    C:\Windows\_default.pif --------- 707 
  10.06.2009 23:42    C:\Windows\winhelp.exe --------- 256192 
  10.06.2009 23:41    C:\Windows\twunk_16.exe --------- 49680 
  10.06.2009 23:41    C:\Windows\twain.dll --------- 94784 
  10.06.2009 23:34    C:\Windows\WMSysPr9.prx --------- 316640 
  10.06.2009 23:19    C:\Windows\msdfmap.ini --------- 1405 
  10.06.2009 23:14    C:\Windows\Starter.xml --------- 48201 
  10.06.2009 23:14    C:\Windows\Professional.xml --------- 53551 
  16.04.2009 18:23    C:\Windows\RtlExUpd.dll --------- 540672 
  28.03.2008 07:47    C:\Windows\agrsmdel.exe --------- 54824 
  29.03.2004 16:23    C:\Windows\unvise32.exe --------- 90112 
----------------------------------------

 
C:\Windows\System

 13.07.2009 23:41      C:\Windows\System\OLESVR.DLL --------- 24064
 13.07.2009 23:41      C:\Windows\System\WFWNET.DRV --------- 12704
 13.07.2009 23:41      C:\Windows\System\COMMDLG.DLL --------- 32816
 13.07.2009 23:41      C:\Windows\System\TIMER.DRV --------- 4048
 13.07.2009 23:41      C:\Windows\System\MMSYSTEM.DLL --------- 68992
 13.07.2009 23:41      C:\Windows\System\mmtask.tsk --------- 1152
 13.07.2009 23:41      C:\Windows\System\mouse.drv --------- 2032
 13.07.2009 23:41      C:\Windows\System\vga.drv --------- 2176
 13.07.2009 23:41      C:\Windows\System\sound.drv --------- 1744
 13.07.2009 23:41      C:\Windows\System\keyboard.drv --------- 2000
 13.07.2009 23:41      C:\Windows\System\SHELL.DLL --------- 5120
 13.07.2009 23:41      C:\Windows\System\system.drv --------- 3360
 10.06.2009 23:42      C:\Windows\System\ver.dll --------- 9008
 10.06.2009 23:42      C:\Windows\System\olecli.dll --------- 82944
 10.06.2009 23:42      C:\Windows\System\lzexpand.dll --------- 9936
 10.06.2009 23:25      C:\Windows\System\stdole.tlb --------- 5532
 10.06.2009 23:21      C:\Windows\System\msvideo.dll --------- 126912
 10.06.2009 23:21      C:\Windows\System\mciwave.drv --------- 28160
 10.06.2009 23:21      C:\Windows\System\mciseq.drv --------- 25264
 10.06.2009 23:21      C:\Windows\System\mciavi.drv --------- 73376
 10.06.2009 23:21      C:\Windows\System\avifile.dll --------- 109456
 10.06.2009 23:21      C:\Windows\System\avicap.dll --------- 69584
----------------------------------------

 
C:\Windows\System32

 22.07.2010 03:48    C:\Windows\system32\config --------- 12288 
 20.07.2010 18:51    C:\Windows\system32\perfh009.dat --------- 610094 
 20.07.2010 18:51    C:\Windows\system32\perfc009.dat --------- 104412 
 20.07.2010 18:51    C:\Windows\system32\perfh007.dat --------- 647376 
 20.07.2010 18:51    C:\Windows\system32\perfc007.dat --------- 127404 
 20.07.2010 18:51    C:\Windows\system32\PerfStringBackup.INI --------- 1480602 
 20.07.2010 16:35    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 13248 
 20.07.2010 16:35    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 13248 
 20.07.2010 05:58    C:\Windows\system32\acovcnt.exe --------- 45056 
 17.07.2010 10:01    C:\Windows\system32\temp.003 --------- 30749 
 17.07.2010 10:01    C:\Windows\system32\temp.002 --------- 380445 
 16.07.2010 23:33    C:\Windows\system32\drivers --------- 65536 
 16.07.2010 23:31    C:\Windows\system32\catroot --------- 4096 
 16.07.2010 23:31    C:\Windows\system32\DriverStore --------- 4096 
 16.07.2010 23:29    C:\Windows\system32\javaws.exe --------- 153376 
 16.07.2010 23:29    C:\Windows\system32\javaw.exe --------- 145184 
 16.07.2010 23:29    C:\Windows\system32\java.exe --------- 145184 
 16.07.2010 23:29    C:\Windows\system32\deployJava1.dll --------- 423656 
 16.07.2010 23:07    C:\Windows\system32\catroot2 --------- 12288 
 16.07.2010 12:43    C:\Windows\system32\restore --------- 0 
 02.07.2010 21:39    C:\Windows\system32\MRT.exe --------- 34045896 
 22.06.2010 15:13    C:\Windows\system32\wdi --------- 4096 
 22.06.2010 08:46    C:\Windows\system32\FNTCACHE.DAT --------- 2337488 
 13.06.2010 14:12    C:\Windows\system32\cvirte --------- 0 
 12.06.2010 21:22    C:\Windows\system32\migration --------- 0 
 01.06.2010 19:37    C:\Windows\system32\MpSigStub.exe --------- 221568 
 29.05.2010 17:38    C:\Windows\system32\de-DE --------- 327680 
 27.05.2010 09:24    C:\Windows\system32\atmlib.dll --------- 34304 
 27.05.2010 05:49    C:\Windows\system32\atmfd.dll --------- 293888 
 21.05.2010 07:18    C:\Windows\system32\wininet.dll --------- 977920 
 21.05.2010 07:14    C:\Windows\system32\jsproxy.dll --------- 48128 
 16.05.2010 15:59    C:\Windows\system32\NDF --------- 0 
 06.05.2010 14:42    C:\Windows\system32\urlmon.dll --------- 1225216 
 06.05.2010 14:41    C:\Windows\system32\mstime.dll --------- 606208 
 06.05.2010 14:41    C:\Windows\system32\mshtml.dll --------- 5970944 
 06.05.2010 14:41    C:\Windows\system32\msfeedsbs.dll --------- 64512 
 06.05.2010 14:41    C:\Windows\system32\ieframe.dll --------- 10984448 
 06.05.2010 14:41    C:\Windows\system32\iedkcs32.dll --------- 381440 
 01.05.2010 16:49    C:\Windows\system32\win32k.sys --------- 2326528 
 23.04.2010 09:13    C:\Windows\system32\tzres.dll --------- 2048 
 12.04.2010 21:53    C:\Windows\system32\Asus_Camera_ScreenSaver dir --------- 0 
 23.03.2010 13:26    C:\Windows\system32\vpnapi.dll --------- 201512 
 08.03.2010 23:33    C:\Windows\system32\vbscript.dll --------- 427520 
 05.03.2010 09:42    C:\Windows\system32\asycfilt.dll --------- 67584 
 04.03.2010 09:33    C:\Windows\system32\inetcomm.dll --------- 740864 
 27.02.2010 14:07    C:\Windows\system32\ntkrnlpa.exe --------- 3954568 
 27.02.2010 14:07    C:\Windows\system32\ntoskrnl.exe --------- 3899280 
 18.02.2010 09:34    C:\Windows\system32\shell32.dll --------- 12867072 
 11.02.2010 09:10    C:\Windows\system32\browserchoice.exe --------- 293376 
 27.01.2010 19:37    C:\Windows\system32\o6xhtaz.tgz --------- 218 
 27.01.2010 19:37    C:\Windows\system32\o6xhtaz.dll --------- 204 
 27.01.2010 19:37    C:\Windows\system32\prsgrc.dll --------- 100 
 27.01.2010 19:37    C:\Windows\system32\prsgrc.tgz --------- 114 
 27.01.2010 19:37    C:\Windows\system32\ssprs.tgz --------- 86 
 27.01.2010 19:37    C:\Windows\system32\ssprs.dll --------- 72 
 27.01.2010 19:37    C:\Windows\system32\clauth1.dll --------- 1025 
 27.01.2010 19:37    C:\Windows\system32\v4tu0r9.tgz --------- 1025 
 27.01.2010 19:37    C:\Windows\system32\v4tu0r9.dll --------- 1025 
 27.01.2010 19:37    C:\Windows\system32\clauth2.dll --------- 1025 
 26.01.2010 16:28    C:\Windows\system32\grcauth1.dll --------- 1025 
 26.01.2010 16:28    C:\Windows\system32\grcauth2.dll --------- 1025 
 23.01.2010 18:30    C:\Windows\system32\Tasks --------- 4096 
 20.01.2010 11:18    C:\Windows\system32\quicktime --------- 0 
 17.01.2010 14:26    C:\Windows\system32\xlive --------- 0 
 09.01.2010 08:52    C:\Windows\system32\cabview.dll --------- 132608 
 29.12.2009 08:55    C:\Windows\system32\wintrust.dll --------- 172032 
 19.12.2009 11:02    C:\Windows\system32\tsbyuv.dll --------- 12288 
 19.12.2009 11:02    C:\Windows\system32\quartz.dll --------- 1328640 
 19.12.2009 11:02    C:\Windows\system32\msyuv.dll --------- 22016 
 19.12.2009 11:02    C:\Windows\system32\msvidc32.dll --------- 31744 
 19.12.2009 11:02    C:\Windows\system32\msrle32.dll --------- 13312 
 19.12.2009 11:02    C:\Windows\system32\mciavi32.dll --------- 84480 
 19.12.2009 11:02    C:\Windows\system32\iyuv_32.dll --------- 50176 
 19.12.2009 11:02    C:\Windows\system32\avifil32.dll --------- 91648 
 11.12.2009 09:38    C:\Windows\system32\lsasrv.dll --------- 1037312 
 08.12.2009 13:33    C:\Windows\system32\kernel32.dll --------- 857088 
 08.12.2009 13:32    C:\Windows\system32\apphelp.dll --------- 292864 
 02.12.2009 10:17    C:\Windows\system32\jscript.dll --------- 716800 
 25.11.2009 12:47    C:\Windows\system32\netfxperf.dll --------- 49472 
 25.11.2009 12:47    C:\Windows\system32\mscoree.dll --------- 297808 
 25.11.2009 12:47    C:\Windows\system32\dfshim.dll --------- 1130824 
 25.11.2009 12:47    C:\Windows\system32\PresentationHost.exe --------- 295264 
 25.11.2009 12:47    C:\Windows\system32\PresentationHostProxy.dll --------- 99176 
 03.11.2009 05:11    C:\Windows\system32\setupsup.dll --------- 245760 
 03.11.2009 04:47    C:\Windows\system32\sbe6_000.hlp --------- 609234 
 03.11.2009 04:47    C:\Windows\system32\SBE6_000.CNT --------- 10915 
 03.11.2009 04:46    C:\Windows\system32\INETWH32.dll --------- 49152 
 03.11.2009 04:43    C:\Windows\system32\SBE6_32.DLL --------- 1167410 
 03.11.2009 04:43    C:\Windows\system32\SB6ENT.OCX --------- 491520 
 02.11.2009 20:43    C:\Windows\system32\Boot --------- 0 
 02.11.2009 20:08    C:\Windows\system32\appmgmt --------- 0 
 02.11.2009 01:34    C:\Windows\system32\GroupPolicy --------- 0 
 02.11.2009 00:59    C:\Windows\system32\LogFiles --------- 4096 
 01.11.2009 20:54    C:\Windows\system32\Asus_Camera_ScreenSaver.scr --------- 520192 
 01.11.2009 20:50    C:\Windows\system32\Microsoft --------- 0 
 01.11.2009 18:53    C:\Windows\system32\RTCOM --------- 0 
 01.11.2009 18:24    C:\Windows\system32\AGEIA --------- 0 
 01.11.2009 18:20    C:\Windows\system32\CodeIntegrity --------- 0 
 01.11.2009 18:15    C:\Windows\system32\Macromed --------- 0 
 01.11.2009 12:31    C:\Windows\system32\wbem --------- 65536 
----------------------------------------

 
C:\Windows\Prefetch

 22.07.2010 07:21    C:\Windows\Prefetch\CMD.EXE-4A81B364.pf --------- 6882 
 22.07.2010 07:21    C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf --------- 17004 
 22.07.2010 07:20    C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf --------- 23290 
 22.07.2010 07:19    C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf --------- 31070 
 22.07.2010 07:19    C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf --------- 13654 
 22.07.2010 07:19    C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf --------- 24268 
 22.07.2010 07:19    C:\Windows\Prefetch\HIJACKTHIS.EXE-AA5671FE.pf --------- 34804 
 22.07.2010 07:19    C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf --------- 22114 
 22.07.2010 07:17    C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf --------- 105438 
 22.07.2010 07:17    C:\Windows\Prefetch\JAVAW.EXE-91B81925.pf --------- 126034 
 22.07.2010 07:17    C:\Windows\Prefetch\JUCHECK.EXE-C527D46E.pf --------- 39368 
 22.07.2010 07:17    C:\Windows\Prefetch\JAVA.EXE-E27B75C2.pf --------- 95038 
 22.07.2010 07:17    C:\Windows\Prefetch\REG.EXE-E7E8BD26.pf --------- 8720 
 22.07.2010 07:17    C:\Windows\Prefetch\JAVACPL.EXE-D623213D.pf --------- 11918 
 22.07.2010 07:12    C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf --------- 253164 
 22.07.2010 07:12    C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf --------- 32648 
 22.07.2010 07:11    C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-855748498-1251889708-178539298-1001.db --------- 849164 
 22.07.2010 07:11    C:\Windows\Prefetch\AgGlUAD_S-1-5-21-855748498-1251889708-178539298-1001.db --------- 1281300 
 22.07.2010 07:10    C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf --------- 48544 
 22.07.2010 07:09    C:\Windows\Prefetch\AgCx_SC2.db --------- 809599 
 22.07.2010 06:37    C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf --------- 48428 
 22.07.2010 04:11    C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf --------- 175964 
 22.07.2010 04:11    C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf --------- 14246 
 22.07.2010 04:11    C:\Windows\Prefetch\Layout.ini --------- 463410 
 22.07.2010 03:39    C:\Windows\Prefetch\MPCMDRUN.EXE-8791CC49.pf --------- 31922 
 22.07.2010 03:38    C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf --------- 246282 
 21.07.2010 23:46    C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1718821 
 21.07.2010 23:46    C:\Windows\Prefetch\AgGlFaultHistory.db --------- 410965 
 21.07.2010 23:46    C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 3145577 
 21.07.2010 23:46    C:\Windows\Prefetch\AgRobust.db --------- 310968 
 21.07.2010 21:25    C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf --------- 13334 
 21.07.2010 21:25    C:\Windows\Prefetch\SCANNINGPROCESS.EXE-6727858E.pf --------- 544202 
 21.07.2010 21:25    C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf --------- 20034 
 21.07.2010 21:22    C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-7226D1F8.pf --------- 66012 
 21.07.2010 21:19    C:\Windows\Prefetch\JP2LAUNCHER.EXE-7C1F11C1.pf --------- 15876 
 21.07.2010 21:18    C:\Windows\Prefetch\HELPER.EXE-8AEDE3E3.pf --------- 22992 
 21.07.2010 21:18    C:\Windows\Prefetch\UPDATER.EXE-9A3F8B68.pf --------- 176120 
 21.07.2010 21:18    C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf --------- 172254 
 21.07.2010 21:09    C:\Windows\Prefetch\ACRORD32INFO.EXE-1C0557AA.pf --------- 74654 
 21.07.2010 20:51    C:\Windows\Prefetch\7ZFM.EXE-69B8961D.pf --------- 49366 
 21.07.2010 20:40    C:\Windows\Prefetch\RUNDLL32.EXE-0B061760.pf --------- 36070 
 21.07.2010 18:55    C:\Windows\Prefetch\ACRORD32.EXE-172CF576.pf --------- 107684 
 21.07.2010 18:48    C:\Windows\Prefetch\PHOTOSHOP.EXE-CF2C06FC.pf --------- 157800 
 21.07.2010 18:47    C:\Windows\Prefetch\FNPLICENSINGSERVICE.EXE-FAD19408.pf --------- 13320 
 21.07.2010 18:44    C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf --------- 623066 
 21.07.2010 18:15    C:\Windows\Prefetch\CALC.EXE-77FDF17F.pf --------- 25128 
 21.07.2010 18:00    C:\Windows\Prefetch\EXCEL.EXE-C6BEF51C.pf --------- 182302 
 21.07.2010 17:17    C:\Windows\Prefetch\ADOBEARM.EXE-719325FF.pf --------- 24598 
 21.07.2010 17:15    C:\Windows\Prefetch\ENDNOTE.EXE-C5C1BC87.pf --------- 125262 
 21.07.2010 15:19    C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf --------- 14898 
 21.07.2010 15:19    C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf --------- 50090 
 21.07.2010 15:19    C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf --------- 970 
 21.07.2010 15:12    C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf --------- 161512 
 21.07.2010 14:02    C:\Windows\Prefetch\OUTLOOK.EXE-183FA0F0.pf --------- 372748 
 21.07.2010 13:54    C:\Windows\Prefetch\MFSTART.EXE-1B69E09B.pf --------- 62498 
 21.07.2010 12:20    C:\Windows\Prefetch\POWERPNT.EXE-1404AEAA.pf --------- 122044 
 21.07.2010 12:05    C:\Windows\Prefetch\NOTEPAD++.EXE-72A5A810.pf --------- 51398 
 21.07.2010 08:35    C:\Windows\Prefetch\MPSIGSTUB.EXE-6CB27A06.pf --------- 341290 
 21.07.2010 08:35    C:\Windows\Prefetch\AM_DELTA_PATCH2.EXE-2B70D420.pf --------- 10576 
 21.07.2010 08:35    C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf --------- 29462 
 21.07.2010 08:29    C:\Windows\Prefetch\JAVAWS.EXE-5FA6EB7C.pf --------- 15590 
 21.07.2010 08:29    C:\Windows\Prefetch\JAUCHECK.EXE-7E60136B.pf --------- 32568 
 21.07.2010 08:27    C:\Windows\Prefetch\OFFICELIVESIGNIN.EXE-B83AEDE8.pf --------- 14618 
 21.07.2010 08:27    C:\Windows\Prefetch\WINWORD.EXE-C91725A1.pf --------- 295472 
 21.07.2010 08:26    C:\Windows\Prefetch\PDRAW32.EXE-3C8EE29E.pf --------- 29750 
 21.07.2010 08:25    C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf --------- 26174 
 21.07.2010 08:24    C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf --------- 17234 
 20.07.2010 20:15    C:\Windows\Prefetch\SETUP_WM.EXE-674F654A.pf --------- 33346 
 20.07.2010 19:50    C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf --------- 28542 
 20.07.2010 19:49    C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf --------- 126606 
 20.07.2010 18:54    C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf --------- 12718 
 20.07.2010 18:51    C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf --------- 16590 
 20.07.2010 17:47    C:\Windows\Prefetch\BVPLASMID.EXE-6356ED13.pf --------- 26002 
 20.07.2010 17:13    C:\Windows\Prefetch\DLLHOST.EXE-F2DCEF0D.pf --------- 16206 
 20.07.2010 17:12    C:\Windows\Prefetch\RUNDLL32.EXE-8AAB7BC0.pf --------- 24948 
 20.07.2010 16:54    C:\Windows\Prefetch\RUNDLL32.EXE-1D823B6A.pf --------- 36660 
 20.07.2010 16:30    C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf --------- 16354 
 20.07.2010 16:29    C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf --------- 20570 
 20.07.2010 16:29    C:\Windows\Prefetch\ReadyBoot --------- 0 
 20.07.2010 16:28    C:\Windows\Prefetch\SVCHOST.EXE-C871F054.pf --------- 33978 
 20.07.2010 16:28    C:\Windows\Prefetch\MFWD.EXE-AB26895C.pf --------- 25532 
 20.07.2010 16:28    C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf --------- 74806 
 20.07.2010 16:27    C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508 
 20.07.2010 16:26    C:\Windows\Prefetch\CACLS.EXE-D332D70E.pf --------- 7942 
 20.07.2010 15:11    C:\Windows\Prefetch\SUPERANTISPYWARE.EXE-D7978FB2.pf --------- 54156 
 20.07.2010 15:10    C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf --------- 33638 
 20.07.2010 15:10    C:\Windows\Prefetch\SUPERANTISPYWARE.EXE-E5A60F1A.pf --------- 48018 
 20.07.2010 15:03    C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf --------- 44962 
 20.07.2010 15:01    C:\Windows\Prefetch\MSCONFIG.EXE-3A52734E.pf --------- 64202 
 20.07.2010 14:39    C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf --------- 12076 
 20.07.2010 14:33    C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-17410B90.pf --------- 39012 
 20.07.2010 14:14    C:\Windows\Prefetch\PRESENTATIONFONTCACHE.EXE-74B3ADF6.pf --------- 41780 
 20.07.2010 14:13    C:\Windows\Prefetch\BTWUIEXT.EXE-196ACE43.pf --------- 134758 
 20.07.2010 14:12    C:\Windows\Prefetch\SVCHOST.EXE-9EFC97F2.pf --------- 17608 
 20.07.2010 14:12    C:\Windows\Prefetch\BTSTACKSERVER.EXE-917D6126.pf --------- 72770 
 20.07.2010 14:04    C:\Windows\Prefetch\MIRANDA32.EXE-F8E6B2F3.pf --------- 160910 
 20.07.2010 12:41    C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf --------- 100026 
 20.07.2010 12:39    C:\Windows\Prefetch\RUNDLL32.EXE-D9F4CD3C.pf --------- 36416 
 20.07.2010 06:02    C:\Windows\Prefetch\RUNDLL32.EXE-FF5F89E1.pf --------- 39682 
 20.07.2010 06:01    C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf --------- 26578 
 19.07.2010 21:24    C:\Windows\Prefetch\AM_DELTA_PATCH1.EXE-181B199B.pf --------- 8180 
 19.07.2010 21:23    C:\Windows\Prefetch\AgCx_SC4.db --------- 312444 
 19.07.2010 21:22    C:\Windows\Prefetch\UNSECAPP.EXE-A02905A6.pf --------- 16596 
 19.07.2010 21:22    C:\Windows\Prefetch\RTHDVCPL.EXE-48B6B8CC.pf --------- 27946 
 19.07.2010 21:22    C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf --------- 157962 
 19.07.2010 21:22    C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf --------- 26502 
 19.07.2010 21:22    C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf --------- 12698 
 19.07.2010 21:22    C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf --------- 17584 
 19.07.2010 21:22    C:\Windows\Prefetch\VPNGUI.EXE-63AD261B.pf --------- 20954 
 19.07.2010 21:21    C:\Windows\Prefetch\RUNDLL32.EXE-0FB84B4B.pf --------- 26824 
 19.07.2010 21:21    C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf --------- 15986 
 19.07.2010 21:21    C:\Windows\Prefetch\MPNOTIFY.EXE-83D4091E.pf --------- 10196 
 19.07.2010 18:51    C:\Windows\Prefetch\E_FARNCAE.EXE-A5F6A5D9.pf --------- 28324 
 19.07.2010 18:50    C:\Windows\Prefetch\RUNDLL32.EXE-F1BA4C21.pf --------- 24396 
 19.07.2010 15:05    C:\Windows\Prefetch\RUNDLL32.EXE-8BCC45BE.pf --------- 36576 
 19.07.2010 14:52    C:\Windows\Prefetch\PING.EXE-7E94E73E.pf --------- 13010 
 19.07.2010 14:51    C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf --------- 13464 
 19.07.2010 14:51    C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf --------- 119472 
 19.07.2010 14:51    C:\Windows\Prefetch\CSC.EXE-A3B8D95D.pf --------- 38768 
 19.07.2010 14:51    C:\Windows\Prefetch\CVTRES.EXE-069169FB.pf --------- 11774 
 19.07.2010 07:34    C:\Windows\Prefetch\RUNDLL32.EXE-8F368D7D.pf --------- 39688 
 19.07.2010 07:34    C:\Windows\Prefetch\BTTRAY.EXE-6D2138AD.pf --------- 14288 
 19.07.2010 07:23    C:\Windows\Prefetch\RUNDLL32.EXE-66DA9FBC.pf --------- 36778 
 19.07.2010 07:07    C:\Windows\Prefetch\SBIECTRL.EXE-768F2117.pf --------- 26370 
 18.07.2010 18:32    C:\Windows\Prefetch\E_FAMTCAE.EXE-78C527EE.pf --------- 23242 
 18.07.2010 13:55    C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf --------- 33858 
 18.07.2010 13:36    C:\Windows\Prefetch\SVCHOST.EXE-E2C2633A.pf --------- 20796 
 18.07.2010 08:52    C:\Windows\Prefetch\RUNDLL32.EXE-39C0CE9B.pf --------- 36706 
 18.07.2010 08:48    C:\Windows\Prefetch\RASERVER.EXE-3159827A.pf --------- 2686 
 17.07.2010 17:04    C:\Windows\Prefetch\CLVIEW.EXE-6DC7D7B9.pf --------- 120874 
 16.07.2010 23:30    C:\Windows\Prefetch\AgCx_S1_S-1-5-21-855748498-1251889708-178539298-1001.snp.db --------- 3377760 
 15.07.2010 21:20    C:\Windows\Prefetch\AVWSC.EXE-4630B658.pf --------- 38250 
 19.06.2010 20:45    C:\Windows\Prefetch\AgCx_SC1.db --------- 537031 
 19.06.2010 20:44    C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 94468 
 01.11.2009 12:21    C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1614164 
 01.11.2009 12:21    C:\Windows\Prefetch\AgAppLaunch.db --------- 332116 
----------------------------------------

 
C:\Windows\Tasks

 20.07.2010 16:28    C:\Windows\Tasks\SA.DAT --------- 6 
 01.06.2010 18:27    C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632 
----------------------------------------

 
C:\Windows\Temp

 22.07.2010 07:12    C:\Windows\Temp\dneinst.log --------- 417443 
 22.07.2010 03:39    C:\Windows\Temp\MpCmdRun.log --------- 14570 
 21.07.2010 08:35    C:\Windows\Temp\MpSigStub.log --------- 5860 
 21.07.2010 08:35    C:\Windows\Temp\5F40CD50-B8F8-4802-A6AB-DF308EA76A51-Sigs --------- 0 
 21.07.2010 08:24    C:\Windows\Temp\MPInstrumentation --------- 0 
 20.07.2010 21:33    C:\Windows\Temp\fwtsqmfile01.sqm --------- 608 
 20.07.2010 16:27    C:\Windows\Temp\fwtsqmfile00.sqm --------- 608 
 20.07.2010 11:59    C:\Windows\Temp\fwtsqmfile08.sqm --------- 608 
 19.07.2010 21:50    C:\Windows\Temp\fwtsqmfile07.sqm --------- 608 
 19.07.2010 18:53    C:\Windows\Temp\fwtsqmfile06.sqm --------- 608 
----------------------------------------

 
C:\Users\KRAKET~1\AppData\Local\Temp

 22.07.2010 07:19    C:\Users\KRAKET~1\AppData\Local\Temp\~DF0B9FA39C3F89318C.TMP --------- 114688 
 22.07.2010 07:17    C:\Users\KRAKET~1\AppData\Local\Temp\java_install_reg.log --------- 8398 
 22.07.2010 07:17    C:\Users\KRAKET~1\AppData\Local\Temp\jusched.log --------- 5758 
 22.07.2010 07:17    C:\Users\KRAKET~1\AppData\Local\Temp\hsperfdata_Kraketsch --------- 0 
 21.07.2010 21:23    C:\Users\KRAKET~1\AppData\Local\Temp\KAV Updater update files --------- 0 
 21.07.2010 21:15    C:\Users\KRAKET~1\AppData\Local\Temp\amt.log --------- 7587 
 21.07.2010 21:15    C:\Users\KRAKET~1\AppData\Local\Temp\alm.log --------- 13918 
 21.07.2010 21:15    C:\Users\KRAKET~1\AppData\Local\Temp\csxs-PHXS.log --------- 3582 
 21.07.2010 21:15    C:\Users\KRAKET~1\AppData\Local\Temp\ppcrlui_8028_2.ui --------- 0 
 21.07.2010 18:46    C:\Users\KRAKET~1\AppData\Local\Temp\swtag.log --------- 2076 
 21.07.2010 18:46    C:\Users\KRAKET~1\AppData\Local\Temp\TWAIN.LOG --------- 893 
 21.07.2010 18:46    C:\Users\KRAKET~1\AppData\Local\Temp\Twain001.Mtx --------- 2 
 21.07.2010 18:46    C:\Users\KRAKET~1\AppData\Local\Temp\Twunk001.MTX --------- 156 
 21.07.2010 18:46    C:\Users\KRAKET~1\AppData\Local\Temp\Twunk002.MTX --------- 0 
 21.07.2010 18:01    C:\Users\KRAKET~1\AppData\Local\Temp\msohtmlclip1 --------- 0 
 21.07.2010 18:01    C:\Users\KRAKET~1\AppData\Local\Temp\msohtmlclip --------- 0 
 21.07.2010 18:00    C:\Users\KRAKET~1\AppData\Local\Temp\VBE --------- 0 
 21.07.2010 17:23    C:\Users\KRAKET~1\AppData\Local\Temp\Adobe --------- 0 
 21.07.2010 17:17    C:\Users\KRAKET~1\AppData\Local\Temp\AdobeARM.log --------- 6440 
 21.07.2010 16:16    C:\Users\KRAKET~1\AppData\Local\Temp\EN_DbLinks --------- 0 
 21.07.2010 14:02    C:\Users\KRAKET~1\AppData\Local\Temp\77691446.od --------- 134 
 21.07.2010 14:02    C:\Users\KRAKET~1\AppData\Local\Temp\CVR7A36.tmp.cvr --------- 0 
 21.07.2010 12:20    C:\Users\KRAKET~1\AppData\Local\Temp\71548969.od --------- 134 
 21.07.2010 12:20    C:\Users\KRAKET~1\AppData\Local\Temp\CVRC029.tmp.cvr --------- 0 
 21.07.2010 08:29    C:\Users\KRAKET~1\AppData\Local\Temp\AUCHECK_CORE.txt --------- 302 
 21.07.2010 08:29    C:\Users\KRAKET~1\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 74 
 20.07.2010 20:15    C:\Users\KRAKET~1\AppData\Local\Temp\wmsetup.log --------- 406 
 20.07.2010 19:45    C:\Users\KRAKET~1\AppData\Local\Temp\11859086.od --------- 134 
 20.07.2010 19:45    C:\Users\KRAKET~1\AppData\Local\Temp\CVRF48E.tmp.cvr --------- 0 
 20.07.2010 19:45    C:\Users\KRAKET~1\AppData\Local\Temp\ppcrlui_2296_2.ui --------- 0 
 20.07.2010 19:45    C:\Users\KRAKET~1\AppData\Local\Temp\7zO70B0.tmp --------- 0 
 20.07.2010 19:45    C:\Users\KRAKET~1\AppData\Local\Temp\7zO9196.tmp --------- 0 
 20.07.2010 18:51    C:\Users\KRAKET~1\AppData\Local\Temp\BTN%Copy%1 --------- 0 
 20.07.2010 16:57    C:\Users\KRAKET~1\AppData\Local\Temp\jkos-Kraketsch --------- 4096 
 20.07.2010 16:28    C:\Users\KRAKET~1\AppData\Local\Temp\WPDNSE --------- 0 
 20.07.2010 15:10    C:\Users\KRAKET~1\AppData\Local\Temp\SUPERSetup --------- 0 
 20.07.2010 15:08    C:\Users\KRAKET~1\AppData\Local\Temp\nsvC949.tmp --------- 0 
 16.07.2010 09:04    C:\Users\KRAKET~1\AppData\Local\Temp\Low --------- 0 
 15.07.2010 22:18    C:\Users\KRAKET~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 
 17.01.2010 20:24    C:\Users\KRAKET~1\AppData\Local\Temp\ppcrlui_8028_2 --------- 253320 
 17.01.2010 20:24    C:\Users\KRAKET~1\AppData\Local\Temp\ppcrlui_2296_2 --------- 253320 
----------------------------------------

 
C:\Program Files

 21.07.2010 21:18    C:\Program Files\Mozilla Firefox --------- 28672 
 20.07.2010 15:10    C:\Program Files\SUPERAntiSpyware --------- 4096 
 16.07.2010 23:31    C:\Program Files\Common Files --------- 4096 
 16.07.2010 23:31    C:\Program Files\Sony Ericsson --------- 0 
 16.07.2010 23:28    C:\Program Files\Java --------- 0 
 16.07.2010 23:07    C:\Program Files\InstallShield Installation Information --------- 4096 
 16.07.2010 08:17    C:\Program Files\CCleaner --------- 0 
 16.07.2010 06:15    C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 
 15.07.2010 21:23    C:\Program Files\Microsoft Security Essentials --------- 4096 
 10.07.2010 10:47    C:\Program Files\JDownloader --------- 8192 
 24.06.2010 18:17    C:\Program Files\Notepad++ --------- 4096 
 23.06.2010 17:26    C:\Program Files\directx --------- 0 
 13.06.2010 14:14    C:\Program Files\Internet Explorer --------- 4096 
 04.06.2010 18:14    C:\Program Files\Microsoft Silverlight --------- 4096 
 30.05.2010 13:16    C:\Program Files\7-Zip --------- 4096 
 12.05.2010 19:57    C:\Program Files\Windows Mail --------- 0 
 03.04.2010 13:12    C:\Program Files\Microsoft Games --------- 4096 
 31.03.2010 22:35    C:\Program Files\MirandaFusion --------- 4096 
 19.03.2010 19:18    C:\Program Files\Adobe --------- 0 
 04.03.2010 13:56    C:\Program Files\Audacity 1.3 Beta (Unicode) --------- 4096 
 25.02.2010 23:35    C:\Program Files\MSXML 4.0 --------- 0 
 05.02.2010 15:43    C:\Program Files\epson --------- 0 
 23.01.2010 18:30    C:\Program Files\Sandboxie --------- 4096 
 23.01.2010 00:00    C:\Program Files\TeamSpeak 3 Client --------- 4096 
 20.01.2010 11:18    C:\Program Files\NimoCodec Pack --------- 4096 
 20.01.2010 11:18    C:\Program Files\DivX --------- 8192 
 17.01.2010 14:21    C:\Program Files\Elaborate Bytes --------- 0 
 17.01.2010 12:43    C:\Program Files\ASUS --------- 4096 
 05.01.2010 16:38    C:\Program Files\Microsoft Works --------- 0 
 13.12.2009 13:01    C:\Program Files\MSECache --------- 0 
 08.12.2009 15:06    C:\Program Files\AviSynth 2.5 --------- 0 
 05.12.2009 21:20    C:\Program Files\AVS4YOU --------- 4096 
 25.11.2009 11:57    C:\Program Files\ImgBurn --------- 0 
 23.11.2009 13:57    C:\Program Files\EndNote X3 --------- 8192 
 18.11.2009 23:42    C:\Program Files\Cisco Systems --------- 0 
 15.11.2009 16:26    C:\Program Files\VideoLAN --------- 0 
 04.11.2009 12:08    C:\Program Files\Acronis --------- 0 
 02.11.2009 20:43    C:\Program Files\Windows Media Player --------- 4096 
 02.11.2009 20:33    C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0 
 02.11.2009 20:28    C:\Program Files\Microsoft --------- 0 
 02.11.2009 19:54    C:\Program Files\MSBuild --------- 0 
 02.11.2009 19:54    C:\Program Files\Microsoft Office --------- 4096 
 02.11.2009 19:53    C:\Program Files\Microsoft Visual Studio --------- 0 
 02.11.2009 19:53    C:\Program Files\Microsoft.NET --------- 0 
 02.11.2009 19:52    C:\Program Files\Microsoft Visual Studio 8 --------- 4096 
 01.11.2009 20:50    C:\Program Files\WIDCOMM --------- 0 
 01.11.2009 20:47    C:\Program Files\Wireless Console 2 --------- 4096 
 01.11.2009 20:16    C:\Program Files\ATKGFNEX --------- 4096 
 01.11.2009 20:11    C:\Program Files\Intel --------- 0 
 01.11.2009 20:06    C:\Program Files\P4G --------- 4096 
 01.11.2009 19:55    C:\Program Files\Synaptics --------- 0 
 01.11.2009 19:54    C:\Program Files\Fingerprint Sensor --------- 0 
 01.11.2009 19:20    C:\Program Files\Cisco --------- 0 
 01.11.2009 19:02    C:\Program Files\Temp --------- 0 
 01.11.2009 18:53    C:\Program Files\Realtek --------- 0 
 01.11.2009 18:24    C:\Program Files\AGEIA Technologies --------- 8192 
 01.11.2009 12:30    C:\Program Files\Gemeinsame Dateien --------- 0 
 01.11.2009 12:30    C:\Program Files\Windows NT --------- 4096 
 14.07.2009 10:57    C:\Program Files\DVD Maker --------- 4096 
 14.07.2009 10:57    C:\Program Files\Windows Journal --------- 0 
 14.07.2009 10:47    C:\Program Files\Windows Sidebar --------- 4096 
 14.07.2009 10:47    C:\Program Files\Windows Photo Viewer --------- 4096 
 14.07.2009 10:47    C:\Program Files\Windows Defender --------- 4096 
 14.07.2009 06:53    C:\Program Files\Uninstall Information --------- 0 
 14.07.2009 06:52    C:\Program Files\Windows Portable Devices --------- 0 
 14.07.2009 06:52    C:\Program Files\Reference Assemblies --------- 0 
 14.07.2009 06:41    C:\Program Files\desktop.ini --------- 174 
----------------------------------------

 
C:\ProgramData\..

Default   
Public   
Kraketsch   
Default User   
All Users   
desktop.ini   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1      localhost

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0        2.828 K
smss.exe                      572 Services                  0          552 K
csrss.exe                      908 Services                  0        3.872 K
wininit.exe                    968 Services                  0        3.408 K
csrss.exe                      980 Console                    1        5.676 K
services.exe                  1016 Services                  0        7.388 K
lsass.exe                    1040 Services                  0        10.592 K
lsm.exe                      1048 Services                  0        3.248 K
svchost.exe                  1156 Services                  0        8.996 K
nvvsvc.exe                    1228 Services                  0        6.092 K
svchost.exe                  1268 Services                  0        9.672 K
MsMpEng.exe                  1328 Services                  0        55.364 K
svchost.exe                  1380 Services                  0        20.128 K
svchost.exe                  1432 Services                  0        87.612 K
svchost.exe                  1460 Services                  0        41.640 K
svchost.exe                  1620 Services                  0        14.472 K
svchost.exe                  1728 Services                  0        18.284 K
winlogon.exe                  1816 Console                    1        6.008 K
AsLdrSrv.exe                  1852 Services                  0        3.496 K
GFNEXSrv.exe                  1872 Services                  0        2.992 K
wlanext.exe                  1888 Services                  0        13.368 K
conhost.exe                  1908 Services                  0        3.636 K
spoolsv.exe                  2020 Services                  0        12.812 K
svchost.exe                    612 Services                  0        16.412 K
nvvsvc.exe                    916 Console                    1        10.364 K
schedul2.exe                  1720 Services                  0        7.832 K
afcdpsrv.exe                  1036 Services                  0        8.816 K
agrsmsvc.exe                  2080 Services                  0        2.964 K
btwdins.exe                  2100 Services                  0        9.288 K
cvpnd.exe                    2148 Services                  0        9.260 K
EmmaDeviceMgmt.exe            2196 Services                  0        5.880 K
EmmaUpdateMgmt.exe            2244 Services                  0        2.572 K
E_S40RP7.EXE                  2264 Services                  0        3.108 K
EvtEng.exe                    2288 Services                  0        16.208 K
svchost.exe                  2316 Services                  0        16.768 K
lkcitdl.exe                  2360 Services                  0        7.804 K
lkads.exe                    2384 Services                  0        7.280 K
lktsrv.exe                    2408 Services                  0        7.312 K
mdm.exe                      2448 Services                  0        5.376 K
nimxs.exe                    2544 Services                  0        8.252 K
nidmsrv.exe                  2628 Services                  0        7.360 K
nisvcloc.exe                  2656 Services                  0        3.288 K
tagsrv.exe                    2728 Services                  0        10.284 K
SupServ.exe                  2760 Services                  0        6.048 K
RegSrvc.exe                  2792 Services                  0        7.836 K
SbieSvc.exe                  2816 Services                  0        5.196 K
svchost.exe                  2940 Services                  0        7.656 K
WLIDSVC.EXE                  3000 Services                  0        13.540 K
IAANTmon.exe                  3032 Services                  0        9.096 K
unsecapp.exe                  3448 Services                  0        5.492 K
WmiPrvSE.exe                  3544 Services                  0        10.924 K
SearchIndexer.exe            3620 Services                  0        36.560 K
WLIDSVCM.EXE                  3668 Services                  0        5.068 K
taskeng.exe                  3532 Console                    1        5.992 K
dwm.exe                      4116 Console                    1        28.800 K
explorer.exe                  4140 Console                    1        96.796 K
HControl.exe                  4184 Console                    1        9.088 K
taskhost.exe                  4288 Console                    1        9.692 K
RtHDVCpl.exe                  4400 Console                    1        12.464 K
iFrmewrk.exe                  4456 Console                    1        18.352 K
HControlUser.exe              4476 Console                    1        5.420 K
DMedia.exe                    4572 Console                    1        3.740 K
ATKOSD2.exe                  4604 Console                    1        8.140 K
SynTPEnh.exe                  4620 Console                    1        13.868 K
IAAnotif.exe                  4648 Console                    1        9.652 K
GrooveMonitor.exe            4724 Console                    1        16.088 K
SynAsus.exe                  4736 Console                    1        4.768 K
SynTPHelper.exe              4752 Console                    1        3.532 K
TrueImageMonitor.exe          4776 Console                    1        16.096 K
schedhlp.exe                  4796 Console                    1        7.624 K
VCDDaemon.exe                4812 Console                    1        9.168 K
msseces.exe                  4916 Console                    1        15.580 K
jusched.exe                  4940 Console                    1        8.832 K
sidebar.exe                  4956 Console                    1        36.864 K
SUPERAntiSpyware.exe          5200 Console                    1          760 K
BTTray.exe                    5236 Console                    1        29.680 K
ATKOSD.exe                    5340 Console                    1        2.500 K
BatteryLife.exe              5392 Console                    1        8.028 K
ACMON.exe                    5412 Console                    1        5.840 K
wcourier.exe                  5424 Console                    1        4.148 K
unsecapp.exe                  5556 Console                    1        4.088 K
ACEngSvr.exe                  5584 Console                    1        4.424 K
KBFiltr.exe                  5676 Console                    1        1.484 K
WDC.exe                      5688 Console                    1        3.368 K
wmpnetwk.exe                  6012 Services                  0        9.288 K
svchost.exe                  4592 Services                  0        12.008 K
dllhost.exe                  1992 Services                  0        5.864 K
taskhost.exe                  7076 Console                    1        2.192 K
firefox.exe                  9924 Console                    1      109.932 K
jp2launcher.exe              4352 Console                    1        1.824 K
java.exe                    10160 Console                    1        78.988 K
conhost.exe                  9192 Console                    1        1.556 K
plugin-container.exe          5356 Console                    1        6.012 K
WUDFHost.exe                  9264 Services                  0        3.496 K
ScanningProcess.exe          1148 Console                    1          892 K
ScanningProcess.exe          8936 Console                    1        2.472 K
audiodg.exe                  4880 Services                  0        15.472 K
HijackThis.exe                7300 Console                    1        31.436 K
cmd.exe                      3896 Console                    1        3.088 K
conhost.exe                  7900 Console                    1        5.248 K
SearchProtocolHost.exe        7284 Services                  0        6.296 K
SearchFilterHost.exe          6692 Services                  0        4.376 K
dllhost.exe                  7420 Console                    1        4.068 K
tasklist.exe                  7872 Console                    1        4.148 K
WmiPrvSE.exe                  6652 Services                  0        4.816 K

 
***** Ende des Scans 22.07.2010 um  7:21:37,78 ***

kira 23.07.2010 06:39
hi

1.
starte HijackThis--> wähle Open the Misc Tools section --> dann Delete a file on reboot... --> wähle die zu löschende Datei (sehe der Inhalt dieser Code-Box), die Frage zum Neustart mit NEIN beantworten, wieder Delete a file on reboot wählen, nächste Datei auswählen usw., bis Du die letzte Datei ausgewählt hast, nun antwortest du auf die Frage zum Neustart mit JA
>> Text kopieren und einfügen (oder "Durchsuchen")::
Code:
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\exami.exe       
C:\Windows\system32\o6xhtaz.tgz
C:\Windows\system32\o6xhtaz.dll
C:\Windows\system32\prsgrc.dll
C:\Windows\system32\prsgrc.tgz
C:\Windows\system32\ssprs.tgz
C:\Windows\system32\ssprs.dll
C:\Windows\system32\clauth1.dll
C:\Windows\system32\v4tu0r9.tgz
C:\Windows\system32\v4tu0r9.dll
C:\Windows\system32\clauth2.dll
C:\Windows\system32\grcauth1.dll
C:\Windows\system32\grcauth2.dll
2.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
O4 - .DEFAULT User Startup: exami.exe (User 'Default user')
3.
Starte dein Mailprogramm, lösche den Inhalt aus der Inbox und leere dann den Papierkorb deines Mail-Programms:
1. Mail aus Inbox löschen
2. Mülleimer leeren
3. Inbox komprimieren - (im Menü Datei, Alle Ordner des Kontos komprimieren)

Thunderbird - Ordner komprimieren

4.
Führe dann einen Komplett-Systemcheck mit Nod32 - die Scanergebnis als *.txt Dateien speichern)
- (ESET Online Scanner
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben

5.
poste erneut - nach der vorgenommenen Reinigungsaktion:
► TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

** wie verhält sich den dein System?

Kraketsch 24.07.2010 23:19
Hi, habe alle Dateien soweit gelöscht - denk ich.
Die exami.exe war nach dem löschen zumindest nicht mehr im Autostart, sodass ich sie nicht mehr Fixen musste.
Was Thunderbird angeht, nutze ich das Programm nichtmehr. Ich hab von daher einfach den ganzen Ordner "Local Folder" gelöscht.

Der Komplettscan von NOD32 hat keine Bedrohungen gefunden, allerdings konnte ich den Log nicht speichern, sont hätte ich ihn hier an dieser Stelle eingefügt. Ist der Notwendig? und wenn ja wie komme ich an diesen Log?

Hier der aktuelle HijackThis-Log

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:06:57, on 25.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MirandaFusion\miranda32.exe
C:\Program Files\MirandaFusion\mfwd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kraketsch\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Miranda Fusion] C:\Program Files\MirandaFusion\mfstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - D:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - D:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 10594 bytes
--- --- ---


Was mein System angeht verhält es sich derzeit normal ohne das ich anzeichen von Schadsoftware merke. Ich bin allerdings sehr skeptisch geworden, nachdem anscheinend doch mehr Infektionen vorlagen als der Ursprüngliche Aluron.H oder rührten die alle von dem?

Nochmals vielen Dank, das du dir die Mühe gemacht und die Zeit genommen hast mein System zu fixen!

Gruss
Kraketsch

kira 26.07.2010 05:33
hi

1.
- den Quarantäne Ordner überall leeren - Antivirus bzw Anti-Spy-Programm usw

[color=rblue2.[/color]
Kannst du die Programme die wir verwendet haben und nicht brauchst entfernen, bis auf:
Code:
HijackThis/Trend Micro
hjtscanlist
CCleaner
Die sind nützliche Programme, die bei Probleme/Notfall sehr hilfreich sein können!

2.
Wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes:
Systemsteuerung/System und Sicherheit/System/Computerschutz/Systemeigenschaften poppt auf und dann einen Sicherungspunkt erstellen
Systemwiederherstellung deaktivieren: Windows 7 - einen manuellen Systemwiederherstellungspunkt erstellen
also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder aktiviert sein!

3.
- eventuell kannst Du noch dein Sytem mit mindestens 3 Onlinescanner prüfen/reinigen:
- Vor dem Scan Einstellungen im Internet Explorer: Extras → Internetoptionen → Sicherheit → Stufe anpassen: alles auf Standardstufe stellen
- Active X erlauben
- Nicht gleichzeitig scannen! Nach jedem Scanvorgang starte dein System neu auf
- speichere und poste das Logfile des Scans - die Ergebnisse als*.txt Datei speichern

Kraketsch 28.07.2010 18:12
Habe alle Quarantäne-Objekte entfernt, die Programme lösch ich dann bei bedarf.

Wiederherstellungspunkt konnte auch erstellt werden.

Hier die Logs der Scanner:
bitdefender:
Code:
BitDefender Online Scanner - Echtzeit-Virenmeldung
       

 
       

 

Erstellt am: Wed, Jul 28, 2010 - 14:41:08

 
       

 
       

 

Prüf-Info
       

 
       

 

Geprüfte Dateien
       

252833

Infizierte Dateien
       

0
       

 
       

 

 
       

 
       

 

Erkannte Viren
       

 
       

 

Keine Viren gefunden
       

       

 
       

 

 
       

 
       

 

 
       

 
       

 

Diese Zusammenfassung des Prüfvorgangs wird vom BitDefender Virus Labor dazu verwendet detaillierte Berichte über die weltweite Aktivität von Viren zu erstellen.
Emsisoft:
Code:
Emsisoft Web Malware Scan v. 4.0

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\, E:\, F:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:        28.07.2010 15:00:51

C:\Users\Kraketsch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\7670e223-7ab89b72/F.class        detected: JAVA.Agent!IK
C:\Users\Kraketsch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\7670e223-7ab89b72/Google.class        detected: Exploit.Java.Agent!IK
C:\Users\Kraketsch\Downloads\Party_Plugins.rar/PongPing.dll        detected: Backdoor.Win32.Vipdataend!IK
C:\Users\Kraketsch\Downloads\tdsskiller.zip/TDSSKiller.exe        detected: Trojan.Win32.SuspectCRC!IK
E:\Users\Kraketsch\Downloads\Setup_FreeFlvConverter64.exe        detected: Trojan-Downloader.Win32.Banload!IK
F:\Program Files\UltraStar Deluxe\plugins\PongPing.dll        detected: Backdoor.Win32.Vipdataend!IK

Scanned

Files:        680642
Traces:        9
Cookies:        24
Processes:        94

Found

Files:        6
Traces:        0
Cookies:        0
Processes:        0

Scan end:        28.07.2010 16:57:40
Scan time:        1:56:49
Wobei ich mir bei den funden nich sicher war ob das wirklich viren sind....

f-secure:
Code:
Scanbericht
Mittwoch, Juli 28, 2010 18:36:45 - 19:01:33

Name des Computers: KRAKETSCH-PC
Scantyp: Scansystem für Malware, Spyware und Rootkits
Ziel: C:\ D:\ E:\ F:\
3 Malware gefunden
TrackingCookie.Atdmt (Spyware)

    * System (Desinfiziert)

TrackingCookie.Doubleclick (Spyware)

    * System (Desinfiziert)

TrackingCookie.Webtrends (Spyware)

    * System (Desinfiziert)

Statistik
Gescannt:

    * Dateien: 54772
    * System: 4488
    * Nicht gescannt: 470

Aktionen:

    * Desinfiziert: 3
    * Umbenannt: 0
    * Gelöscht: 0
    * Nicht bereinigt: 0
    * Übermittelt: 0

Nicht gescannte Dateien:

    * C:\PAGEFILE.SYS
    * C:\HIBERFIL.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
    * C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
    * C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
    * C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\A22CED6663AA93621D91DCC48647847250261B0E.HOMEGROUPCLASSIFIER\116B482AF54000D6F1CF1AA48F548630\GROUPING\DB.MDB
    * C:\WINDOWS\CSC\V2.0.6\TEMP\EA-{07DB3FFD-C6D0-11DE-BDC5-D00894C8CD58}
    * C:\WINDOWS\CSC\V2.0.6\PQ
    * C:\USERS\KRAKETSCH\APPDATA\LOCAL\TEMP\HSPERFDATA_KRAKETSCH\5820
    * C:\USERS\KRAKETSCH\APPDATA\LOCAL\TEMP\HSPERFDATA_KRAKETSCH\6516
    * C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
    * C:\SYSTEM VOLUME INFORMATION\{BB196597-9A24-11DF-941C-002215F26893}{3808876B-C176-4E48-B7AE-04046E6CC752}
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0075A453347F2942D7AF43336A2E01C0_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00A44873FD2D8245CD1E9656F2238D19_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\015B384902BD553ADB21B8F1FD1069BC_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00B03A53514647B3B8779406281EA008_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02C9D46280E1DFD3148F229F73F9797D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04BB16325B3F66F12C6DB33D0E336328_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04335615C7B93865DBB075CC49ED9490_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\030163E39CA7C20EA8721B761D4BB45A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02DA6A4F7D1646504386001AABC7E3F0_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\052AAFCBCA3C228F4D820293BF6BB64D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05A2441A7F6D6E06038D13DD38DB6298_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0588C1F1EE85F82826610FB9E068B442_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0647EA87EDC0854EC1F7EE033CDF11C7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\06923679AEAAD0935D31B887DB58C74E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08E4F31BB99ABDB14833C1FDA767632B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0865B41F2963CF91A452B0C863010AA3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\07FFBCB682FEEC568B60B612E8828B42_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08CA37CA0065AD916988F3703DC4BF66_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09C7E8FFAEE67C702ED60B5C9CD2FF02_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0ACE20B6E8D2E8CC2B5680493AD38778_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09E9FF2BE08A36906F77B50E6EECAAEF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0BA55DCD585FCD5EDB81ABDF222B43EC_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C0AA1BDA9D24F131E92546AFB11767B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AA02177ADCD89EDFA292C122AEC7FD2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B4A8585E605B2A87329E5BB97EA4B87_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CB1678C6B8AC534E83321083360E8CB_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F3F6573A98EB0AACD8D686B7E609B71_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F85BBCFA6F12144571A9C237BC6079F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09F3EDFD21EC3252D60C49E3EB0292F4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C3F9C4E2C8342EC4EAFA6E6B77FC54A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\118C091C82EB44C08AD12AA8A89D7916_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D1E8607DD81EAD3B489E2CA0A2925F8_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\132246D19385DF84C1C97BE7D5278B31_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12E42964A36A35F95EE7C9C05CD2C80B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11CC2BAACEEBF9B2904C63D766347B1C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13FB31BAD625665251019B2CAA7C5E67_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\138E000D2001E143E4A56DCC95AD8E3B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\158358C4DD96833D9ABB0137E6947ED2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FAC71ABA5B58ECC8E73D876F8E83A46_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15BB8C33B458D86DE5FCAA0C5429A411_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14163D3125563EF031B5FEAC93546DA8_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\139F02BE261DFD2F989AAD5B1C4F4DBF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\168A07F0F750D83F2D86679373329B83_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15B71F334F7C1C11BECD006F949CB1E6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1625CD042D0111D1E2DFBB89675199B9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\17C29E3FACD7B76D3117D3966B7A10F7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\162F6CB465D9F3B3F718D3852718DC72_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19FC0EB293CBEC503AAE1F5F01E3E17B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\18CA7E4F9041B2A49921761053556F5D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1BB877F1EAF2E3AA08E9AC36764F31DD_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C3782F9CCA1C07E6E9C6266897A6FAD_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C7F46999715A2822429B05825909BF5_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16DF9D65A55C0C2117A401A31F15B743_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F15BAB7C4505103F0A5BDC80C8E0916_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D571BDCE0148B080AC34A1E22EA3258_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\177DE069AD2EC67603D88008896A7A56_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F8F60180DDFD84F8D90645CE99A4A12_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F22FE58B58AA141DC0306240F94384F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A8C4ACA047A19D7E70A5EA969AD53F9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\219A3BF8D9FF6C583A7EFB36CF014113_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\212BC3BC08EF4496C2051A142FF83EB2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22257B64319034A59FD4846CA1F5C832_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F6119B6F2FC303AA00F168245B440ED_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FD98F90F1758CF1474FCBF42414E3EC_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2240ED3BBFBD3193C10E85DF397D3CE9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2293BAF4501768DC1F0F4C36C62BAB6C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\221EFC572B8BD1DE2BFAF192C0D6E0F4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\235D114B8E682AF9A98AAD41DA8B38BD_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\238646BED1F9A6FAFC9DD2C5C8A85547_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2416C0D54B322CA060059FB93F921A27_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25A358371156BBFAE5B9AC499146FAD0_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24D0FE1FFC69FE997A163D25980C4B2A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\244FC4C0D038C1EEE3943242D06E9455_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26AC91284B199501E544DA6B55FCE442_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2675CC5382AB5F05099E195899FF2EF0_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\27DF745592C573242932A08D0B58FBB4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\27B07FEA9489B433A4A8DABF98CAAC79_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\294CBE8D3860AEDA75F597AAAD4735BB_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2529EBDFAED3008D36BC15E018A70F45_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26169C95E3E6BA21D77B833D65F9B676_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2AB6BAE15F44768AC1BE548A924F0491_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2840CBF10E1465F65B392730473F520D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29EAA8DBCF601653AC0AE6C737D164D5_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A36255E88C0EA00AF1DC9DAA16DDDA3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C68AA4F6D4751D319886DA08104C0D9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2BDB9F682E72B515F44DE42F5A6619B4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CBB327579DCA20F61E16AA146ADCE7F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2ADA41AF6309094BBE79BD71DF4883E3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DBDF7F3D503C9AD1EB32DFE2275E9B7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DC69D215B0C6052B077D9096F8873F3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E82082A62281E943743F8FA040D4283_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C014C769C1D336C18C4F1DDA0921A85_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C96B1FC6A43B9C9A9101CC9901AED4A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3068946D10361EAF558E7C5161ED4AE2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F9326194916A45D8A24DB673089BEA2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\30A0008EE8F5794744AD4EC21FE09D04_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31AFF29743311BFB86942D19D15F447E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31E2CDABADFD1CF8306BB2D3B8B06887_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2EFD3AE8C6BFD363D7A7346801647278_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32BDA38EE8111976D869781248CC603C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CEA95A263052B4708B295651680512C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\364676BDEF91C63E29434212016CC1B6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36AD3E9B149263B3FA6A5DE72D254532_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37EE406CE5D893256612182EB546EC71_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\381E623F1C2DEBAEA21226BCB90A969A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\30996DF26CD1850621049494E6D3DCA4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39640AD8700B7C84013460F070E595F4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3351C754B2B3BC89978F410C7049ED33_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3848D6CD7D6EB3C1D9E18C9080701A48_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31F2ACA39A6E0138F09655945BDF5B91_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39F32E9D82ED3D55985700BD8B6412DA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B4C3813BD853462C1A474E58E212FE2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B7384D524A0043E29B0F471745ECB0C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EA826AA90F0EE60F152AE5EFD03FB44_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EAA8743410F1E9A5F19723931EDFC28_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3ADABD63CF969005F65D88C0449426B3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C39558F2358D12F0DF2148737D8338B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F1058AE8903497E7D632A195987884C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EE62616C53827E4F39DC41FDC6D2049_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3DEDC0EA4803252D7811D090F9CD72D8_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3FAD47013E97DEAD776979D8E3293950_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F0A22C486A79CD504D2FA548AB237FC_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43432DD0212C2862347678E02FD933E3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\429FBB932278A5F5AE99EC7C4AF8BB79_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4392DA85A0DA52DF51FB00A389323282_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43579FCF4111C6A1057EB9EB288DCC3C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\401517E210084B8271C220D49373803B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43D0A8761EC86B0FD0DACD173F30D03B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F6140E50203C00075724B0D1A3B5CD7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\452E7DE8B8BB92BEDA23D3F7CAB45198_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44D743AB71AF112E456E6DD8F6493CB2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44EEBE5807221D285F442B931E6BD700_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4600D08C2E3619B4FB5F9C02BF88454E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48780E401844914F521954EA3D5C7181_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\491EDE9793649D793E032FAA94FEF166_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44E53090E9E5CC8A588F0AE26753FC30_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\465C13F7062F7CCA87FF1D9A61D34E16_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AB9DC655E1C01F4D6606909FC2B3A1B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47FABEC7A2DA2EA0C29A087C9227FD20_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AD3FA0FD0155820CE7B72322F54648D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B8F9730299B9C209332C968791FB169_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BD273E6971701209C362B5AB395BF30_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4BDF76ACD33178C4BA3D99A5320D373E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AE3A35BAE406D08FD81B84F5A631237_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B014F7EF0EB89BB6A4B21D1D85DAA49_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AFF26C0B299E479B982F2D772C78E54_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D490D936978C670D5CE4BA6D0D39922_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C78287F36B19E3331E91914D13E7341_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E48434905CD44CD01C2246A8EF5DA4A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4EBBF896DD0F32AAA77CFF3851A50059_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F12D996331A6690AE3A27B0E569C3AA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CFD39D549288A796D354DA3444F793C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50192A49882D4294795A149A5646E4A6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4E52C10350FB5DC0F9D62760BA537A01_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\501530E6B3794892258E4B731ADB0458_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\510F2AC92B24A16219A718051D74F0CB_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\502622F79D6E1DD2C270A44D150F57E2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\507A787E518BD6D8A81D8EFAAE4C4BEA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\534A1BBAEF44C00E23CA056822902794_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51159E3AA5A4FD3B562A2B8B8C0D76CF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C6A862D6E1C2BA0518ED834B4B33113_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\531508025E8EDC195574C6A82321C998_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\573CDA83782DEA4E165F1887F723386E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\581C39003E3720DCB8B4E740D064B006_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\561D7727C75565B846ADE14C8C00C630_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\57C6C8F41F901CACE88AE4DE38C37D44_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58E8F14241E795BA708823193EEA83FF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5861528B295ABA4FD36774DF332057BA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\57BF560352D93942BFE0BCCB23071473_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\596D0688327B7539FA550081392AB8B7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59B512FD678A2D9FB3D24C87CC8EF2C5_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C9510C1CB50E9CD76F9ADE3A6AC58AB_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E3C6391169554875BB157832450EC9B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D5C6CC0D220D50805C6AFDDBF5344A7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58C0F86586D4EFE408CB6BB54236C998_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F685D62D200494C288E20574B6F170A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DCF38B519E401B928433B23A3CD4147_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5FC69B536EA4702B982AFDBFA479AFEF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E5B4E04B1CE94B35EAC824C9813688D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60ACD8938A7FB28D889205329B389A8D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5ED4148365DF4A4E2A32197B1588C163_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F9DA2EAEE63EE6322F582865B99856A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60ADA220D20B1BEECBA342FC9662E6ED_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\61139557A18C997B3472D53E6BA21973_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\615CE3650C6C19BD5FEBEEFD27871393_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6265D47E7BA4B885AFC44DDA1BB6599A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\626B49D035C17E43C442656684D6DD52_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\613C7BC1EA04D835044FAF36484A85FD_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6018F1B841739980ED3911B45B518AF5_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6181C4648EC9BE90A4564D1DF03044EF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\62E5B3BD3C3314EBA2A847008161038E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6306B9621303D9F58396DD627FA35A7E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63468EA723C87D6E7CA60197A5385975_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\649DF71D63114CF59465F5E77209B0B7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6360F46A313EB96E5A35553A546097D2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63A45C59AD05C267B02DDA8131810C53_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\657DDB25F6C2744A8693B2F44DF0D25D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63CE45B8E8C53323C6E7D15836D949AF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\663900A5FFC5BEB218604869A76411AD_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\65A0C6962BB4092F07E43687DC8B4503_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67F4A0DBFC7CED5DC4F08323DD7F41B5_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6974BAFF865A5710CFB497B5EC714B91_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69D5CB5C61383F7B0E4F02B66F8E7929_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68C4941F5338249CE43896FAA43B8D91_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\683541D43AA75272E088498684AEA13F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\677E81BC43AACA6BA01C23D41542CF6C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B84EB10F02D39414B5538CF33BB1739_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B1A95F66F30FBD2050C7B98A066CACF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A20E246A1A3417DD9B6B2CD72433095_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D6BA6331DEC9DCC7EFD2107EF031829_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EF7787B0ECC9EDED13113BA6A628C5C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C3BE4971534CFD0C085EA1724AE3BA8_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F7855A58A75A4EA4EDEED7AAB61BF25_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F30779C1A9BA21ED3609E165E150BBA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7025E24242F2A026699547CD571B5EAD_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70606E289EFFA5F322DAE37061F8AB89_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7084B9575B4C6552CBDD3FC90867497F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B28C76F38CA791881DC1EE54D37A5FE_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FD516E96DF30D960E347270E8EF19F9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BE9ED4DD9CF1567E233066A0179A294_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\730145DAAAD73B6DF36AB58183F9B28E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70CEA382FCB53B18DF11E81A490FFCA4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\726DBD819B48731AD08CFC66B9FB7582_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\765948EF94946E6112424C1EA754DF04_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74622F9D4247F11EC667708D64AD29F1_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\752734CE9EAD30104A0686ECAD749E99_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7765FC800E9C471D88C55166D517CA58_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76AA8DE38403B2DC8C827986527F298F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7829C232E8E1F945F1D2FF2D2BF76489_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\786CEC842D8096CA44BFB3A9EEA2C922_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76E32847383CD5B3E0CEE2E31C59E430_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70B7720A81D0146228DE383E50BC68BB_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B2AF71E78809C2D3BCF75A2A58968A7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79878431E4973A72E762AB01A94CBA25_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7768C8AD1D272CDBA71134B7094F3D72_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7DADB20755009AE32BFC4F7F3A0C25B4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D5D1481929DFCFCB2B4F577B383F415_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\803860693328C374801E0CC34FD8B7C3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D79D427031F04D88D45C5F96E12EF1C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\80A677BA8F8D4FF2C38553FAA92623F9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\801AAF46013DC68AECFE2B499CEEF12B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\852B633BB7CF0A630AF05E9A3773018C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C9DF3DD6C5C67759DA058AEF9BFDEDC_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\808073BE401A8F96CE246FE1C5987427_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88FFBC22144D9DE69EEC9451C6165B96_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8570A26F316A2CFA436E64F5A07D8CA0_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87B7A037487B06599395096ABF423D2F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\829AD5267F4B99F4C633C12D33A3495A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8BD18665F8A4F904232E68AACAC6C03C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CEB28B3DF3B6D09A7452F67936E30D6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B43C82BD9FA62C81D622F1C4BC6BBCE_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8BB72FB093F17E05EBC2CE2EF215D279_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D5EE586B5C905521D354B0F5747C436_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8DA0584A10CF26BEB535A7211B1EFE53_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A4DB614377B563A08C0183A039BC9E6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\913EF022F0A11E44BCE54F6F616C793F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91B9B792D9CE9C6EEA22697E58FABFD1_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E1772AB78001B112FC02457763CD38D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91958937F62EA8EE252196A70290D929_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93A714B0C39446FC9A019C677A96D211_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\901F7FBC342547277E15AE7896AA97EA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93F137C43ACF645B61D303B8B57B4DAE_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94489301E1FDC68168607ADC7D9AEA0A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93BFCFADD494A491B8D54E1ADD4578DA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92A9AE7D323BBF2FAE1F8697246B52A0_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96323C27848CC013BB2EDE88EA87C992_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\948A76218A4C6049B6997014EBFCA4BC_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9821942BBCF60AE364F36604E04A179A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\983699797FB44874AE685F07EB3B3AF9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97933665BF2F9E0300C85AF38DDB0989_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9503285AF55E2C60AD4D050A36B618D7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98CAB1E7F58AE17D229040F84ED1DCF3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98FBFE99370F1851D476C6AFEE24A31C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A5D3A0EB95945851B36F41E1482F0FF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99B8F8CFD91C69473696754D65C76178_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\935260ACD7B5834045C02BC2F5222BA7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9BA5279DBBD70CB95C1E102683D68AA6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A36FEB5B203A489B01A4A81BFDD82E9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9ACA26229A7013782F21C28FC306385F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AEA8B0E26812871BEEAC4048E42813E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9BF08A69E48358021EC4B1EA8DEBB8F4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E3B372137BD06AEDD41324732D7564C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F9149051BBAAF491DC18FF57AD94A27_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C8786EC40B92B573EA1986002FDB9B6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9DD6574BAA646E18F46D1C9DB1DBF7DA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9C0B80853EC714370F5AAEA610C600F3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0EF6D9379D9F58DBE06C6B3E10AD501_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0A8C30C98400F4D956E9F97DBFC1F59_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A12AC09E9C93754641B4A33C50D8A81C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0C479618F9E1CAFE26EB7A0097F5EC7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A297B0E51BE06B2BCB6BB07B42436267_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A23E7A6BB0BA3E7DF437B87356CF0919_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A106A2F0128213F9B06F2CF5625FEB7E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A53D5ED0FC4BD71DE045340E5FB05FBC_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3077F6DFFAF4CED30EAC05EA5FD5CD9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A49636AF1D5A2206A0755C684F73C4B1_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A575D527C72E7B80D7D9BD144981B7F7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5438211C0EBEA701054957455A0A2D6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0240A6CBED4E91D58C7210C32A1C48D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7FC22BBD428B058D24AC75DD3F7EDA1_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5470DCBF0D71759412D179AD9123B2E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5E494697FB91385FE40615B22607D88_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7C6AF6A9475AB1AD4C5B316ED8CBEE8_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA86A30383C04D887B28C065D6BAC9F4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA7A2B475867B82208FE58DB969D1DDC_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A83D0B23F31B5715B978AE218DDC379E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABDAC488B275F31D057CC1BA80CE0BEC_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB25937A7662E9A7BD2E048C3EF01C0E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA3415ED879BAFF78F2CC653AEDD08FD_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACA1D8311E65FFC07221F44432CE9D07_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABE86A9C0D8E429B4DE73B42721AAA34_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ABEFBBE476C13C887C0407C6EEF677DB_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE0E60876554965E0E05DBA10BD1CDE3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACD31B86BC59C4A6C511DBCAC81CF432_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD758123E6F98A3D436D1F8CB7AD56E4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AED3DEB9715928C62BE6A354FAF6A7E0_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF0B71DA893E97C145C2B1D90D3C1028_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF26E74131865EF30AB1E5E0BAEB62F9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB9C0E410A24A9A975A0F4C858E4DF63_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE7E01B6B8214D556BD7C13D7724F816_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B017A358219BFE5AC0299656D23103A7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF5EFC9FD5B7164859A7D16B8B006F8F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE86982D8981DF9BFE41B2AFD250366F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AFD84E373DCC412DCE523529924D33EE_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B11F101A29CFD8DD2F56347418834C71_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4C1E255E329E38B2D519FF490CA084E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1F8305D2F5FB52207C53A7D88201417_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3E03697A3860EA558454D4E711EB16F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B16EB4A2DCFF65DD794CD901C34EE1B0_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4E4E58A721F0F1B2BD3DA61BEDEE8CA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7258926896284FC8C0B259D01D42945_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6DFEC1B8D3A91677D9ACB249B7CE2C4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4D84616BA8793A9634CCCE4968C5CF3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B751052BCD7DBE8854A12253D7CBA73C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7FBFD15952EAAA5DD128D0522F4C209_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B53919E792E7D6433870055FBE83D256_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7C55FBA137488D940E1B798D47EE03D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7BC394DD45C617C3808E1F6FD361F0A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B9848557A8D1F6D9093B0582C7E8AB9D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BAD72C002B52090F6295EDFA13A9C4FF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA7E1F97AE01132ABDFFBA8BE98C5E3D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BAE520BAFA60EF904734A82543371069_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD51F3AF4C2E19E04F39EB3817D29BA2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBBE2FCB0BE7A5F6C4E1D3542A82928D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC4CBE240FA5CB1195E74C640F37FF51_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BEC5CC54C5790F094566C7CF9B3C1DCD_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BDC3274AD1EA2285FCC836ED279F67ED_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE65801096C052A2658A2E0132B44989_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBDB1016C0D797B3FEC44DB97315DC3B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF53DE11A5E6CFA04A76DD98CF9DC0BF_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BEF87C71289E6CE815515C3EFD377AB3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF9623C9E2F45B113A67ED401C8EB7EB_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C01CB8E7D57FB4FEE5C2D1B0EF35BF2B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4448D238358442AE0B9F6604B7D5A67_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C597634751823BE1636729003AD53B59_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFBDB8325A5FBD027E40501F3F638B35_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5C3AB7DF4F27E9FD1C1ECC99E64F18A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C61C614D3136BECEF8DE1AFE446C8521_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6060286D2528BC72A8709C9640F8228_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8A4DAF12D706BAF554C92A0E52A4220_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CAC69D05B1E8CD1FC67937B60B4DE5ED_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD92D24BCC5D33FDEFF5E9C3E0E8A4C3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD1EB4674FBFE70BFD5FC62B9D406BF6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC5EC2AA8ACCA0AC830C81D749655814_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE06240CC33C78B72D8A012E50881191_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD945AC84BCBAC460DFCB3C1F1ABE829_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9A27B528D9FD9C23290FDE2BCED6A1A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D08AD93DBD934C3166E3294DE2EA8E6A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE8882B30653FECC2B8FF1C8A22A83C9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE637A93689A7022862394BB726C092D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D70127E86E66D11B2172E99B50CA2EA8_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDA3E7BE8B4A30A0EB570D4B2057353C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCE8857EBD625790698FBBCB25C94E94_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3E65AACFA390F12F8FB30CDBDAB4C6D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0EEFAA386B5A4A0AE79DF8134390EDE_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D2743BAB464DC9261CE2619578B12399_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E17144843AAF7BFD5543CC745274C1E7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E00FBF163F66A6911DF72E2CEF06400A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E1CD870D878DC045209CAB9A334DBAF7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E1EBFE42FAD4C928CC76BAE1AEF24F9F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E0F0E878F642C41F261AB4FC8200D598_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D70F302ED07F038DB9CB0543A6C1ACA4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E285975BB4021AEEEBE4573143CFDFA9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E1F900E85A2928906F1C0231A11A12B5_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E1C7D59A9B53B81F5D6C68C7DF792537_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E30B31A47C4CC0D4F04E903799D81C97_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3DD3B4E6776B41CCB454D91F265CB91_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3F60566934B74C29DD2DC8D8AF9827B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2604AB9B97AE3001664F274685330FA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4B503376BE801F3C4CB0BE38D05E54C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4631138E60CBACAAC7F5C8085A4C286_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6426EB95389BCB5A381F8B5F2F383B7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5447F973003D73E33AB0767E6007CE9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6C2F84386D09AA61537BA4690E139FB_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E68AF01768B9FB513EAE3C61F7C57916_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5D820071EFED26E7E9E302D920F1972_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4DDCADBAC5E1BD76216983B4E732312_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7DB1977A821142D3DBE651F0CC7194A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E812CCE496C9F1EE04A5BF7551656CB2_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9220A77DBCD8F29ED5143FE83B51D64_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E875BF669732607A039BC09C9AC4F46C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA14C1822DE3006909929D4E4D4B75BB_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8D8ECCDAD7534FEC0B0A993FFEF63D9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E7259BAE0D73D48F68E38E9ACE35C775_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9256BC26452B11163AA891EC2BCAC0B_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EAF24E7EA8CB79410FCD5C264E735307_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA705C9C5C18DA09723601707736312C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EACC72FD51B72452736808CC1A5F48F4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE6E2CADC71ED0C59A6B94B025436949_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBFEAEE6B721F862E5FA15E5CB38B6EB_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFEB02F74BB256C90B57E94A54306374_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA6DCCFEBF34CC830FD704132B72C343_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0D28A12E170342941E806ABB2A0A05C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED8601244DD0E9AA9025EFE957EB88E4_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F02F48F93AF8C243022B87959C080D76_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F28EC7047D1C23AF5FF83B0BF30CB103_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F239ABF24BDFA3A328EA9209682F71B9_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFBA8CEE0B9528497D93D7AEE5ED702C_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2F4004823C5FB0A1E2DCA37F42522FD_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3A64D29AFFB71CAF5C63904C4E64EB7_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4CE24EC185E109FEC37585357635749_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4F5F35BD70C9B32E83B1479EFFAB769_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4C6C3F0F4B2347D607D825286B3539A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F67BA96CCA6DDF549D17A94BA3177CB3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5F45143B0A98E0D4A8737A178C5CBA3_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2F10E6C9B1489C09B7320E420AAB6F6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F226ACA6748CA4CDF24ECD1D31D1B452_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F74DD3A47883A3F589CE8BCD51E65A88_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F710B338F84ED29E088215FF11FC108F_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F956EAE4AF2E3111F31051DAEE365D95_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F68667E7700220E2806CF594517B2484_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F85F6F3B0CC51E8E868B1ABA1F64C19D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB69A7F6E375FA06BA0CC672585968FC_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB9472DBB42D4E69DD24B58A20EC6A59_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA44D054B9F49B097B12098E7CA6387A_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F68D32CA5014BFA18FBA1197A13A5CD8_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD4591A9A35E1AA369B180EA4BD52F17_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC329F4B6A944502BD3B3D3084C6A53E_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FC8877FAE3B6910581573ED71261A0FA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA21C43BDD6664F43441E3FBE22E1E47_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE4AC3EAB917C9AF0D1B83A93F17CCCA_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE2E3D998769C317414BACEB94DBA616_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEB8F7B73C23D36933730B0E1BFE194D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FDE0B4E3E3CAAC90F0576CECEBB582D6_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD593FD4BC06713F50028B6EFAF09101_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE591029B19E362D21A73E2A93E2A81D_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFA4FD17F0B4CC876216F9B38C4E2C53_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF6C43044095015B3585EE927FA26A66_2F18A32F-D786-43C4-A597-24A40FD45787
    * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFE9FAD76108185EB86AAA435DFC0199_2F18A32F-D786-43C4-A597-24A40FD45787

Optionen
Scan-Engines:

Scanoptionen:

    * Festgelegte Dateien scannen: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
    * Erweiterte Heuristik verwenden

kira 05.08.2010 23:53
hi

den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick
über Systemsteuerung -> Java...

Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus

Lesestoff:
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
wünsch Dir alles Gute:)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131