Lange Bootzeit und ständige Kaspersky 2013 Fehler

Roperi · 23.04.2013, 19:45

Hallo zusammen,

ich hoffe, Ihr könnt mir weiterhelfen. Ich bin gar nicht sicher, ob etwas im Argen ist, aber das Fehlerbild ist schon seltsam.

Ich habe seit einigen Tagen extrem lange Bootzeiten. Ich habe mich noch nicht mit der Stopuhr hingesetzt, würde aber auf 2 - 2,5 Minuten tippen bis der Rechner vollständig Einsatzfähig ist.

Weiterhin steigt im normalen Betrieb ständig mein Kaspersky Interner Security 2013 aus, meldet eine Deaktivierung und setzt sich dann im Regelfall innerhalb einer Minute wieder selber auf aktiv. Jedesmal kommt dann die Bitte eine Fehlerbericht an Kaspersky zu senden. Die müssen mich inzwischen hassen, so viele Berichte habe ich in den letzten Tagen geschickt.

Gefühlt habe ich kein akutes Problem, würde euch aber bitten, mal auf die Logs zu schauen, ob doch was im Argen ist.

Lieben Dank vorab.

Gruß Roperi

Defogger disable:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:28 on 23/04/2013 (Agando)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL:

Code:

ATTFilter

OTL logfile created on: 23.04.2013 20:22:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Agando\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,94 Gb Available Physical Memory | 74,44% Memory free
15,97 Gb Paging File | 13,77 Gb Available in Paging File | 86,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 244,14 Gb Free Space | 52,43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ROLFPC | User Name: Agando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.23 20:20:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Agando\Desktop\OTL.exe
PRC - [2013.03.24 10:46:23 | 000,976,672 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.03.24 10:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.24 10:40:57 | 001,074,976 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.02.28 13:34:23 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.09.19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012.09.19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012.09.19 22:03:58 | 005,236,664 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012.09.19 22:02:48 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.10.05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.27 08:38:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.03.27 08:37:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.03.27 08:36:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.03.27 08:36:42 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.03.27 08:36:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.03.27 08:36:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.03.27 08:36:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.03.27 08:36:20 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 23:57:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.24 10:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.03.13 19:19:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.28 13:34:23 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012.09.19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012.09.19 22:02:48 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011.11.14 11:16:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Agando\AppData\Local\Temp\7zS2B8F\hpslpsvc64.dll -- (HPSLPSVC)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.10.05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.22 17:17:43 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.04.22 17:17:43 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.04.22 17:17:43 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.10.25 13:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.10.25 13:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.21 02:00:00 | 000,982,784 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb5.sys -- (fwlanusb5)
DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.05.31 19:15:54 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2012.04.25 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.myvideo.de/"
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Agando\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Agando\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.11 07:16:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.22 17:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.22 17:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.22 17:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.22 17:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.22 17:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 19:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.11 07:16:59 | 000,000,000 | ---D | M]
 
[2012.03.04 17:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agando\AppData\Roaming\mozilla\Extensions
[2013.04.07 11:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agando\AppData\Roaming\mozilla\Firefox\Profiles\u5te949r.default\extensions
[2013.04.07 11:51:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Agando\AppData\Roaming\mozilla\Firefox\Profiles\u5te949r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.09 17:56:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Agando\AppData\Roaming\mozilla\Firefox\Profiles\u5te949r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.03.13 19:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.13 19:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.13 19:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.13 19:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.22 17:17:45 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.03.13 19:19:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.25 23:13:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.25 23:13:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.25 23:13:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.25 23:13:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.25 23:13:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.25 23:13:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.facebook.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Agando\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Java Populars! = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\oapojegdcjjaeehmicinhimakliedchj\1.2_0\
CHR - Extension: Google Mail = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.7\PriceGongIE.dll File not found
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Agando\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Agando\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0758D83C-510B-4085-B702-5F0D4DE28990}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A41C850-54AE-4DAF-BB2D-3E145A0047D7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B459486-0025-4C0D-BE15-AFD4513D71FE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{307e23a7-9942-11e2-94c9-f8d1110306fd}\Shell - "" = AutoRun
O33 - MountPoints2\{307e23a7-9942-11e2-94c9-f8d1110306fd}\Shell\AutoRun\command - "" = E:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.23 20:20:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Agando\Desktop\OTL.exe
[2013.04.23 20:05:36 | 000,000,000 | ---D | C] -- C:\Klaus
[2013.04.23 20:05:15 | 000,000,000 | ---D | C] -- C:\Users\Agando\Desktop\Neuer Ordner
[2013.04.23 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{0F7FBF1E-2403-4564-ADD7-E5C2FD375F2E}
[2013.04.22 06:36:00 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{C85DB167-C106-4B4D-AE41-DB11DF2E49AD}
[2013.04.21 08:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.21 08:29:31 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{F6936F8F-AA6F-4D03-A32A-3B60BF6DB2C6}
[2013.04.20 14:45:11 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{5F01CBAE-B0B0-4592-B2A4-165DE803675F}
[2013.04.19 06:00:19 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{A507DD92-9176-41B9-BD8C-42B6D352BE95}
[2013.04.18 06:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.17 15:11:28 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{7829254A-DC52-4C8E-9581-1027E3135537}
[2013.04.16 20:43:29 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{50D98442-B579-406F-B3D4-A15EFE44DF0E}
[2013.04.15 20:05:53 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{0AFE137F-AF7F-499A-BA9C-1D35A7670FCE}
[2013.04.14 22:55:05 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{FEAC9659-19AB-4C3B-AE73-1E9325FDC631}
[2013.04.13 17:02:23 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{7B6901DF-0C82-43FC-8BAA-1B1E3FCAFA4E}
[2013.04.12 06:44:47 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{5A50EB66-54CE-4D0B-A056-84D3C73AAB83}
[2013.04.10 22:32:49 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{526BB206-08F0-4675-8383-A920CEC73F72}
[2013.04.10 17:59:49 | 000,480,632 | ---- | C] (AVM Berlin) -- C:\Windows\instwcli.dex
[2013.04.10 17:50:12 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{6BEABDD2-DA10-4F1B-9CF8-B9A44F8F5C8B}
[2013.04.10 17:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Link
[2013.04.10 17:20:05 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\TP-LINK
[2013.04.10 17:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.04.10 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2013.04.10 17:19:07 | 001,918,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys
[2013.04.10 17:19:07 | 001,918,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys
[2013.04.10 17:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2013.04.08 19:10:33 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{D9A2798C-D554-4CB0-9524-5212FC6A9385}
[2013.04.07 20:16:43 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{3EE07C63-EF2C-48F3-A89C-D7597D9DDB5C}
[2013.04.07 00:52:24 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{D855DA1C-F2C4-4C3F-913A-353630E3596C}
[2013.04.06 08:48:56 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{FC3C76DC-A1AD-499F-B7C5-C6A3A895C8EB}
[2013.04.06 00:51:08 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Vampire aus Nr. 13
[2013.04.05 13:58:27 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{77F334E6-A082-4C0F-9B10-60F0526DC3E8}
[2013.04.04 21:28:29 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Milinda Wind
[2013.04.04 21:27:25 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Der Schatten der Dämmerung
[2013.04.04 21:08:03 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Das Geheimnis des Korsaren
[2013.04.04 15:35:09 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Das Geheimnis der ägyptischen Mumie
[2013.04.04 15:27:04 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\cerasus.media
[2013.04.04 15:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\100% Wimmelbild
[2013.04.04 15:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\100% Wimmelbild
[2013.04.04 15:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Stories - Expedition des Grauens
[2013.04.04 15:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery Stories - Expedition des Grauens
[2013.04.04 15:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Stories - Das Geisterschiff
[2013.04.04 15:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery Stories - Das Geisterschiff
[2013.04.04 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\Agando\Desktop\Wimmelbild
[2013.04.04 15:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery 2
[2013.04.04 15:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery 2
[2013.04.03 20:15:33 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{EC0443AC-B856-4D21-939D-8F65A4FAC56D}
[2013.04.03 14:13:55 | 000,000,000 | ---D | C] -- C:\Users\Agando\Desktop\Unitymedia Geschwindigkeitstest_files
[2013.04.02 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Magic3
[2013.04.02 23:49:37 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{C02F87BA-2B63-4ACA-8AC3-847389239BEA}
[2013.04.02 18:28:14 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\V-Games
[2013.04.02 18:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
[2013.04.02 18:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Purplehills
[2013.04.01 20:52:08 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{5DC72DA4-269A-4253-90A3-CD8CBF9CE2E9}
[2013.04.01 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{841EADA6-0C3C-4C7E-8B20-AD2864593404}
[2013.03.31 18:12:18 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{9514B1BE-5A26-4AB9-B531-66A60669A2DD}
[2013.03.30 16:20:56 | 000,982,784 | ---- | C] (AVM GmbH) -- C:\Windows\SysNative\drivers\fwlanusb5.sys
[2013.03.30 16:20:56 | 000,099,840 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\fwlan5ci.dll
[2013.03.30 16:20:52 | 000,014,120 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmeject.sys
[2013.03.30 16:20:52 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver
[2013.03.30 16:20:42 | 000,000,000 | ---D | C] -- C:\Users\Agando\AVM_Driver
[2013.03.30 16:04:18 | 000,025,056 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2013.03.29 23:20:57 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{D0330BBC-A4CA-416C-BF72-695CB2CDE4C5}
[2013.03.28 19:51:12 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{8AAC3347-921A-4F65-A713-56578312C248}
[2013.03.27 12:48:12 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{C4D1C1D9-EBE6-40E7-BCB4-0DCE16DF6006}
[2013.03.27 10:12:51 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{D243B813-E8AB-4EC2-B090-DE2BF069695C}
[2013.03.26 21:54:12 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{DC87DEF3-F605-4C21-AE94-6BB5500A0DA2}
[2013.03.26 07:13:44 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{534B057A-11EF-4324-8106-36011848C1BE}
[2013.03.25 18:10:32 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{1748C549-0A85-451D-9F97-08D3610AB663}
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.23 20:21:38 | 000,000,000 | ---- | M] () -- C:\Users\Agando\defogger_reenable
[2013.04.23 20:20:46 | 000,050,477 | ---- | M] () -- C:\Users\Agando\Desktop\Defogger.exe
[2013.04.23 20:20:38 | 000,377,856 | ---- | M] () -- C:\Users\Agando\Desktop\gmer_2.1.19163.exe
[2013.04.23 20:20:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Agando\Desktop\OTL.exe
[2013.04.23 20:08:06 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2683148460-86017118-230150774-1000UA.job
[2013.04.23 20:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.23 20:00:43 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 20:00:43 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 19:52:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.23 19:52:47 | 2134,347,775 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.23 17:08:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2683148460-86017118-230150774-1000Core.job
[2013.04.22 17:17:43 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.04.22 17:17:43 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013.04.22 17:17:43 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.04.22 17:17:43 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.04.17 09:21:13 | 001,614,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.17 09:21:13 | 000,697,292 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.17 09:21:13 | 000,652,610 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.17 09:21:13 | 000,148,330 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.17 09:21:13 | 000,121,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.15 18:30:36 | 000,002,029 | ---- | M] () -- C:\Users\Agando\Desktop\MyBookLive (192.168.0.103).lnk
[2013.04.11 05:09:07 | 000,002,363 | ---- | M] () -- C:\Users\Agando\Desktop\Google Chrome.lnk
[2013.04.10 19:19:36 | 000,344,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 18:01:03 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 17:38:30 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\WD Link.lnk
[2013.04.10 17:19:50 | 000,002,187 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
[2013.04.10 17:19:50 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK-Konfigurationstool.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.03 14:13:55 | 000,004,206 | ---- | M] () -- C:\Users\Agando\Desktop\Unitymedia Geschwindigkeitstest.htm
[2013.03.30 16:06:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2013.03.27 07:47:49 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.27 07:47:49 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.27 07:46:46 | 001,591,946 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.26 19:35:38 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.23 20:21:38 | 000,000,000 | ---- | C] () -- C:\Users\Agando\defogger_reenable
[2013.04.23 20:20:46 | 000,050,477 | ---- | C] () -- C:\Users\Agando\Desktop\Defogger.exe
[2013.04.23 20:20:38 | 000,377,856 | ---- | C] () -- C:\Users\Agando\Desktop\gmer_2.1.19163.exe
[2013.04.15 18:30:36 | 000,002,029 | ---- | C] () -- C:\Users\Agando\Desktop\MyBookLive (192.168.0.103).lnk
[2013.04.10 17:38:30 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\WD Link.lnk
[2013.04.10 17:19:50 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
[2013.04.10 17:19:50 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK-Konfigurationstool.lnk
[2013.04.10 17:19:07 | 000,021,215 | ---- | C] () -- C:\Windows\SysNative\netathurx.inf
[2013.04.10 17:19:07 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat
[2013.04.03 14:13:55 | 000,004,206 | ---- | C] () -- C:\Users\Agando\Desktop\Unitymedia Geschwindigkeitstest.htm
[2013.03.30 16:06:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2013.03.27 07:47:49 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.27 07:47:49 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.04 22:55:23 | 000,000,045 | ---- | C] () -- C:\ProgramData\.SimImages
[2013.01.17 15:45:14 | 000,003,584 | ---- | C] () -- C:\Users\Agando\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.11 07:13:22 | 000,245,553 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.05.11 07:13:22 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.03.09 17:28:15 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2012.03.09 17:28:13 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2012.03.04 16:39:39 | 000,017,408 | ---- | C] () -- C:\Users\Agando\AppData\Local\WebpageIcons.db
[2012.03.03 10:56:06 | 001,591,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.03 10:09:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012.03.03 10:05:25 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.20 06:58:38 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\AllDup
[2013.04.06 00:30:26 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\cerasus.media
[2013.04.04 15:55:41 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\Das Geheimnis der ägyptischen Mumie
[2013.04.04 21:27:09 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\Das Geheimnis des Korsaren
[2013.04.04 21:28:06 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\Der Schatten der Dämmerung
[2013.02.24 11:24:52 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\DesktopIconForAmazon
[2013.02.24 11:25:06 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\DVDVideoSoft
[2013.01.12 20:02:34 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\GHISLER
[2013.03.03 13:50:17 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\IN-MEDIAKG
[2012.07.30 21:23:32 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\IrfanView
[2013.04.02 23:49:52 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\Magic3
[2013.04.04 21:29:06 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\Milinda Wind
[2013.03.03 13:52:06 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\mresreg
[2012.03.04 20:03:27 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\Opera
[2012.11.21 22:06:45 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\pdf995
[2013.03.03 14:57:29 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\Picajet.com
[2012.06.28 23:01:17 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\PopCap Games
[2012.03.03 10:56:28 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\TP
[2013.04.10 17:22:07 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\TP-LINK
[2013.02.04 21:20:14 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\TS3Client
[2013.04.02 18:47:52 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\V-Games
[2013.04.06 00:53:02 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\Vampire aus Nr. 13
[2012.03.04 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\Windows Live Writer
[2012.12.12 20:11:19 | 000,000,000 | ---D | M] -- C:\Users\Agando\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 

< End of report >

Und Gmer:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-23 20:35:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.15.0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Agando\AppData\Local\Temp\uwldrpob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000074e11465 2 bytes [E1, 74]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000074e114bb 2 bytes [E1, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000074e11465 2 bytes [E1, 74]
.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            0000000074e114bb 2 bytes [E1, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000074e11465 2 bytes [E1, 74]
.text   C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[2472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000074e114bb 2 bytes [E1, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000074e11465 2 bytes [E1, 74]
.text   C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     0000000074e114bb 2 bytes [E1, 74]
.text   ...                                                                                                                                                    * 2
?       C:\Windows\system32\mssprxy.dll [3556] entry point in ".rdata" section                                                                                 00000000632371e6
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074e11465 2 bytes [E1, 74]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074e114bb 2 bytes [E1, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000074e11465 2 bytes [E1, 74]
.text   C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000074e114bb 2 bytes [E1, 74]
.text   ...                                                                                                                                                    * 2
?       C:\Windows\system32\mssprxy.dll [4828] entry point in ".rdata" section                                                                                 00000000632371e6
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                       000000007736fa88 5 bytes JMP 0000000171c4139e
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                0000000077370018 5 bytes JMP 0000000171c41a54

---- Kernel IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                                        [fffff88004f75d18] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5968:6720]                                                                                         000007fefb392a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5968:6728]                                                                                         000007feecb6d618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5968:7124]                                                                                         000007fef8555124
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5968:1584]                                                                                         000007feecb6d618
Thread  C:\Windows\System32\svchost.exe [1576:3200]                                                                                                            000007feeebb9688

---- EOF - GMER 2.1 ----

Danke fürs schauen.

M-K-D-B · 24.04.2013, 15:00

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Weißt du noch, was du getan hast, bevor dein Rechner so langsam wurde? Evtl. hast du neue Software (Treiber) oder Hardware installiert?
Wir checken deinen Rechner mal durch, auch wenn ich auf den ersten Blick nicht viel sehe.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von ComboFix.

Roperi · 24.04.2013, 17:33

Hallo Matthias,

zunächst einmal danke fürs nachschauen und helfen.

Seit wann ich diese Einschränkung habe, oder was der Indikator war kann ich ganz genau sagen. Ich habe vor 3 Wochen den Internetanbieter gewechselt und gehe nun nicht wie vorher über LAN online sondern über W LAN. Die Treibersoftware für meinen TP Link W LAN Adabter habe ich dazu installiert und auf den neuesten Stand gebracht. Ich bin mir ziemlich sicher, dass diese Umstellung zu den Performance Einschränkungen führte.

Ich möchte aber an der Stelle noch mal anmerken, dass ich NICHT meine Internet-Performance bemängel, sondern den Bootvorgang des Rechners und das ständige aussteigen von Kaspersky. :-)

Hier die Logfiles:

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.202 - Datei am 24/04/2013 um 18:04:01 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Agando - ROLFPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Agando\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Agando\AppData\Roaming\DesktopIconForAmazon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\u5te949r.default\prefs.js

C:\Users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\u5te949r.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\yvhlkd2r.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\Agando\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3252 octets] - [24/04/2013 18:03:35]
AdwCleaner[S1].txt - [3285 octets] - [24/04/2013 18:04:01]

########## EOF - C:\AdwCleaner[S1].txt - [3345 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Agando on 24.04.2013 at 18:07:12,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\install.res.1031.dll



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{008398DC-442C-4E54-A1CF-33D282678A8D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{008CE071-CE69-48AB-A0AC-FCB24DA15A4F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0192E673-AE20-42E2-A07A-2D7EC5A46D26}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{02F3E6EA-F57F-4E40-BD97-650EB41D27F3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0341350B-191C-41AC-99B6-62318546E475}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0411AE59-421E-43EC-92B5-6FE9755F0486}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{042A2308-FC38-4855-9299-0589CC8E878B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{062233B9-9387-4CED-BE37-C99282F5732F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0690A19D-C37D-485D-A97B-9EDA40E07605}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{07121272-12C4-4019-B4DA-5034D593815D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{073B0ACA-ACC7-4225-8E65-1A19D3822149}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{077E1E21-2F81-4265-8739-D299DC659EF1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{07BBF56A-029E-4D74-893A-94EF37FAF585}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{07C7FD39-6205-4A8D-82B1-C83237DAA026}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{07FA11A0-1028-4559-A121-3F2710BD8D6A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{07FF3651-9A90-4C4E-80A3-E55D458D7A7D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{083812A9-EF53-47BE-812E-F462B3A7C518}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{083AB076-8940-4BB0-8291-FC776E6EECC0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{08D425B9-CB00-42DE-9BB3-8CF6AAD14C22}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0901DD21-702E-4B04-A59F-CBEB4D5019D4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{09E898C9-D588-4EED-822E-34CD70993F6E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{09FEC330-1196-4E1F-B10D-CAB17D1FCE2B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0AFE137F-AF7F-499A-BA9C-1D35A7670FCE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0B343797-5D8E-43A1-81E8-7032F3F7E45F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0C7270BA-7890-4D78-8F85-B36593A9A2C1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0CDCC006-F03E-4895-9B57-E37491D6D9C4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0D2ECE6B-1B0D-4D9B-9D35-EA14EF7682C5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0D3132EE-F760-4689-B73F-4EEEF43D54C6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0D574EA0-421F-4B8B-86DA-935E66D3891D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0D5B5944-9782-492B-A582-FE5EAF36099C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0D6496DF-C121-4759-BAE9-92B4E7AC4165}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0E0AA7ED-0409-457D-9384-BA7A6F6DF030}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0E60CCB1-9538-4CF4-8A38-C2A29B21EAD8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0E638333-7015-4A78-807D-BAD3588C6AE5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0EEB9400-EFDD-4A5D-A812-EACA7D6EA410}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0F34C42E-C3F6-4EC3-BDC7-068A2DC727E1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0F7FBF1E-2403-4564-ADD7-E5C2FD375F2E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{0F89D340-EE47-4771-BF4F-4709FF31E572}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{101AE157-B720-42BE-A024-8AB734B50F3F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{10261A4D-918E-4FA0-A426-AD54059DE786}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{10B7F728-CB13-40F6-BE31-3360693F8918}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{10BF36F4-B8CC-4687-A145-EC7730C5AF56}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{10E926BD-2982-480F-90FA-B65B0A54E45E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{11196B61-DE1F-4BF2-A106-E2CB9D8B7571}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{11CF3879-57CE-40BE-BDC2-6C5B07B6BEEC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{12604DFD-DCC1-4659-9CE5-0322D444CC93}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1281E882-6F56-4725-BD53-63187C190EDA}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{12947AA4-4C4C-4AA9-A1C6-3905059EEB54}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{12C641FA-B2B3-464B-8206-8D9AA7A3145E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{12D6D25C-427B-4B88-85D4-E803DF0322B7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{132B6508-AF19-4A46-9673-BFAF91B96684}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{135C0E45-617F-4FCB-8958-24BC385892B4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{13876BAA-3AB9-43D2-8DF5-8EA91F9A8B54}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{13DB79F3-BA36-400E-A343-999EED3E9291}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{14B6096E-1366-4324-AC2E-2A7D82204BC0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{15855A65-9DD6-47FA-B0F1-680CDDFEEC9F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{15C3A36F-A656-434B-B641-8AC86DCE3D2B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{168D1559-D1E0-48D0-BEB4-C15B69200C07}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{17074676-5B44-4D75-9885-2071B54B65E0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1748C549-0A85-451D-9F97-08D3610AB663}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{17AA2BE3-78BD-45AC-AF89-9BA826C1570D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{17BA91E8-31B8-444F-B17F-1435093CA915}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1A93FC88-21B8-41C7-94D1-FC24CF05BA48}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1AA3DD00-25A7-4474-BF6D-9E49A5C44EB4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1B5737F5-6A41-410D-B82D-BB5E249BBA47}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1B924C8B-C6B0-4C6C-B812-76B8B3E4A66D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1B9594CD-CA25-4164-9FCA-434F83329431}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1C4A4CA1-0412-4D88-B460-8E793B81FF61}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1C6A22FD-98C8-42DD-8D24-6B8E4861628F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1DA204F2-64D7-425F-A774-D8039D6A5ED4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1E41FA3F-4F74-455D-9083-DCFD8A684C1E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1E6F1F69-7F21-48D7-934E-451943E4C993}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{1F1B833F-635E-40D1-9CD8-8EDE562BE34A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{21DD15E9-AE35-441E-A7B6-8ECDB6B56D86}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2256D2B3-1345-489F-918D-94EF56D42577}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{22B307EE-88F6-43F6-AC3D-93EDF957C8DB}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{22C2CDF2-70D1-47BB-BB1A-7FEBE877A808}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{232CAE8A-D05E-450A-AEDC-4B7D1583C96C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2361D3EA-7EB2-4029-8354-F75CED94901A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{24058126-045A-4A24-B1F9-8E579A223103}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{240AF944-969C-470B-8C78-BCE46964D726}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{24C0A0C8-A82A-4293-9A10-45783A26F735}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2565BEA7-29D6-41CC-8B9C-B7EE1BD36040}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2586CEF3-DE9E-47B0-B7D7-471F11DB862E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{25E8B282-A926-45E7-B485-6FCC40AD72CF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{25E8BD6A-5AC9-45BB-B93E-A1A43CF3CA20}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{25FE93A1-6092-4A06-BAF3-ABF7E37834F2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2620C99F-4194-4921-A8C4-0E7BE4AFF0C2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{26680573-27EC-4649-8716-E618C9362E1E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2670FF84-0680-401E-8714-9F2BF357CB10}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{26B51BEE-5116-4B57-8A65-490670F355F8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2715DF86-69ED-461A-ADB9-A909F096352E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{273C2973-E9DF-4F99-B552-68873CEC5038}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{278A8A87-0318-41FF-9088-1A3A49BB7A70}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{28B9FBD9-28AE-4D1B-AE31-5829A5BE26E0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{28BB0210-ED98-4BFC-ABDF-7AFD6BBEB9A9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{298C6B63-FB8A-4443-9E55-AF215E27DACC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2A376BD5-1CA8-42F3-A509-C717BFA9A899}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2B0F8D87-1C9A-4110-B50C-AC0A90C6CA64}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2B5A5B1D-B0A6-4B00-8D9D-5F8A87D17735}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2D1D533E-304B-4EA6-9BBF-305F5EBE2C2A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2D4FBEDC-44B2-4128-AA7D-C20A9857C209}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2D83C0C2-ABA7-4612-863D-D30CEEA8B077}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2E5182E2-686E-471E-B8E5-974150840F04}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2F1ADCD3-BF04-47D4-A615-820BCE992BF3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2F666744-5CDB-414C-8969-AB5F2B04CC57}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2FA32B83-77A8-463E-9F75-989AA5E5B8CD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{2FCC756C-2E3C-4E97-8297-AA92C693D779}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{31867277-6804-464D-B144-8D210B7B62E1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{32658D29-1D2E-4C4C-8375-0AAA975D05BC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{32BB437B-221A-4D14-B29C-C9565EAD74EC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{32EBCD4D-FC5D-49DD-A84C-312875271945}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{333DF1BF-4C7B-4ECE-88CC-896CBFD17022}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3472C307-BFA6-4B50-9DDA-6C593CC24FA7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{34C187C8-4A0B-4824-BA73-4FD37056DAF9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{34E220D9-2D30-40A0-8B19-A15313F98833}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{351CFBA6-936B-49CB-9D3C-01EA08FA8B5B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3530E4E0-FED7-400D-A817-C2EB5B9EFFE0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{354259D3-9B25-4E1E-AC52-A7A35047B079}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{36A43951-2854-4829-9A6F-B94558677CE8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{37A4987C-09EF-475B-B618-C7A3BBACDFEF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{37A53711-0D31-4E3C-9F49-9B86A2BEA337}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{37C6C90B-C150-45F9-95EE-5E8633328650}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{37E95D6A-EA60-4D17-931D-52AC7C0561BC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{37E99E5B-CD64-4D36-A350-44E290D87A52}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3825741D-95BD-4ED8-93BF-E1F18653EDEC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3934F13D-B9E9-413B-9337-B7014F4B2B39}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{39A0C1AE-19EB-4922-8973-DB1313EE9F4B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3A1FB6C9-C4C1-4D26-8BE4-7968679AFC25}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3AEB4ACE-24D2-4932-8E8E-E3D1EDD5223B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3B29C1E3-527F-487F-9D38-53EE763D7948}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3D99DE56-2E35-4B49-AFDD-4B3C91744F9E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3DF3F802-15DD-431D-A83B-0870D5540A87}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3E040223-E03C-46B0-801D-30B3C885140C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3E31281B-8CEF-40FE-8D49-9FCAC00946E3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3E4A7461-77B2-4631-BBD0-F8671B893988}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3E74F5A6-6F98-417A-BBD6-CD4EA4106F91}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3EE07C63-EF2C-48F3-A89C-D7597D9DDB5C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3FC03A12-D538-44EB-852A-943A9AD43273}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3FC1D677-3E5E-4E91-85F2-F82E1DC52CC5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{3FD1198B-53B6-47A0-A925-1EC58D4F2752}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{404DE446-208D-41A3-AFA1-7FB24B3CD07D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{406AB424-FD00-48C0-A3C0-2E31B96EB03F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{41875326-6302-460D-B178-C88E60227C38}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{419FC2A1-140E-48D7-A35A-2A2E343D18D4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{41AAC9B0-BE7C-4E38-8435-AD0C4FAD9A7E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4209A30E-BEB1-47A7-B0E3-6FDA89860773}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{429A2917-9D4E-4D71-912F-DE2EF4922C06}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{43276FDF-935E-443F-8A71-30DA8F6B54C0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{43D2EF24-84D7-4BC4-8CD5-B7CC6C393F6D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{440346AE-064B-4A07-B9BC-6C9E433855E4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{44CC2324-9F9A-4B2D-B0A4-E883FA2319B7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{44D83E5D-B35C-44BA-AF9E-42FF2877F76B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{45427D7D-C900-49A2-80FE-AD7482474D16}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{459FBB67-7B1F-4EE2-8B0E-E040D52C73AB}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{45BE4D49-813F-4730-B6B3-DCD6833BB3D0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{468230AA-5195-49D9-9DB9-5FBC06FD6B9C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{46E03131-AADB-4662-A582-28E931DD5D57}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{47328D40-DB37-4759-AD52-E761FDDC300E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{473DF289-B350-49FF-97B8-738882EF4093}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{485A6D5D-F442-40C5-811B-45726F799861}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{48A623C3-E821-4D29-B1A4-DD233798D0AB}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{49C6798E-5B98-4816-81FC-2D2EB5F90704}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{49E3B0C5-50BF-4DDB-8197-CBED92EA5EE8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4A8907BA-AAA5-4BFE-994E-1F519C4395E9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4B4E15A4-3B3D-425A-83EA-8864727C6953}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4B989399-8540-478F-9C55-C0EBF104012B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4C5EDD48-91E8-47F2-9BAF-233EA8213B6F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4F5147A8-213C-4DF4-8180-5F536519B184}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4F5C2EFC-FDF2-4A1A-9689-4B05FCE8FDC2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4F98B672-881F-4E63-AB80-358369FFD303}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4FB193CF-34DF-4781-AF07-D6D1C965C54A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4FC59E4A-1A07-49EB-BBF1-759964989CDC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4FD91028-7DAB-4FD0-8B93-162A3BDC3834}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{4FF4EE8A-D0B6-4F9A-8043-78013289D3A0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{50A1937A-B43F-48F3-8725-251B4C5ED018}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{50CB8934-11EB-4E94-9C49-087BD4EEF6CD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{50D2D360-4722-4BE0-9D9B-8818913E5672}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{50D98442-B579-406F-B3D4-A15EFE44DF0E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{50DBA711-05F3-4041-A590-A9E80CF4E1FA}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{50FE6FD6-2004-48E7-A8BD-774C0DD108A4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5192F861-163F-42EA-AE0B-2FDAF7DFA87D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{51B39EAA-3AD9-427E-9B34-8DDD140AAB7F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{51EBB751-5697-4A22-971C-DFA869C151E4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{520D3F89-BA92-4D66-A2D7-AAE3279C5795}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5229CC75-4714-4B9E-985E-C58194CF305F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{526BB206-08F0-4675-8383-A920CEC73F72}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{52BCF768-41E8-4D3E-A12B-3AFE77A17427}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{52FA4E44-6344-45DA-AC72-ABC1ED86A4FE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{534B057A-11EF-4324-8106-36011848C1BE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{534E52D2-EEBE-46CC-A3FD-38A3EF57BCA0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{535F980C-2927-44FA-AABC-2218459CEBEE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{543CD8C9-32C3-413B-BE52-EA741AC49499}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5469F1E9-E59C-4B46-8B98-2CB4CEF676A6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{54737589-F7CF-47DB-BC8D-4867AC149DB2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{559AC330-2350-4938-9E1F-201BA65F7C19}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{56C839CE-D0A1-46A2-BFDB-9A788BEC6AC2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{56DFEBD3-CC36-47F9-91CF-41BFA9E6FDE8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{57E3DFA1-E1E1-4734-A125-593E4747C118}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{57EAD0DD-A9CA-422F-83DA-0811D231B4D4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{57F1A111-2E44-4610-A80E-14BF3BF1B3E5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{58D2A733-1ECC-40EB-85E1-DAD71D53CE8E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5962AB2F-4FD6-4B83-B20E-67E91E73FA0E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{59C81ADA-3A49-495D-B485-C78AE1D3250A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5A0FC6F0-2888-489D-AE74-7B8AFFEC9823}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5A17F5EC-69CF-4ED2-B140-18902C969AFC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5A25B985-AAC5-439D-A529-183B5A6F506F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5A2BF07E-0CFC-40F6-9FAF-97835353678B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5A50EB66-54CE-4D0B-A056-84D3C73AAB83}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5AD93899-671F-4719-A99E-0E0585AED27A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5AEF0BDD-8C7F-4557-87E3-EC766BECBCB7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5B351C79-CE15-45C4-8A97-989A83C498C2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5C32254A-0ED5-4B0E-B37C-155A2B27D080}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5C6672E5-51EE-40BF-8739-1C0D2BE53124}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5C96E54F-8A1C-419D-AA25-7DE3754C3160}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5D533B0C-36B5-4C28-8EE7-AE6AA4746DA0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5DC72DA4-269A-4253-90A3-CD8CBF9CE2E9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5E8914B3-115C-4F89-BE31-40C80D33798F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5E9001D7-2517-42E9-8CCE-B862A91145F6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5F01CBAE-B0B0-4592-B2A4-165DE803675F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{5F7F207C-672E-4EEF-A1BF-1ABB3CC52843}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{600E3571-E4FA-41FA-A98B-E7B8CA1D0783}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{602C58DC-C96E-44AD-9DA9-08E05BEF096A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{60C588B9-70F0-4017-AB3B-6942D579D81A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6129D525-495C-4ACD-86B4-55C280F193FD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{619137C5-42E4-431F-8B65-C712FDB69A09}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{61B2F564-1A3E-43C6-AB4D-DB7BE7CFE579}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{61CD6D48-5B33-46B1-A989-19EA7DE63BE2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6270BF2A-054D-407F-824D-C828C468B1D4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{62C18B77-4856-47E7-908F-9E054F7FF1DD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{644FBD49-B50F-4BCB-A1DD-B980401221D3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{64E620F2-5EA4-487B-BE53-AD567E15FA5A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{658FB16D-0261-4FC4-8F2F-84E680C3B889}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6626D2CB-E487-44E8-A67F-C0AF392713D6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{66B6276A-D65B-4EB1-82D9-66D2602BE82B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{672D4E96-6936-436C-8AE1-6E86813044DC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{67B9853D-4F07-46EF-8406-25D97CBB6A31}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{67CE2FEA-9008-402B-B7CF-05658EEC0F7E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{67F3CC2C-8C7C-462B-8BC9-2CC620039FB3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{68389970-A277-4957-812A-88835D1660F5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6867A97D-858A-44D8-93D7-F224B8D95633}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{68D2DA67-285A-4B7D-B3E7-52EF9D53F28F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{68F3E4AB-8A7D-4E45-8E95-C85F574DBF24}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6919A302-15F0-4C2B-9B71-8FB3A0815764}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{693E130D-C683-4802-AD43-C26A7D3BE00F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6964B608-E4DA-4D85-8C7C-CDA76B411AA8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6A1D1877-C77A-4B6F-9DA1-7F840F0439FC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6A629E38-D776-4B84-96EF-3AC34CCADBC5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6BEABDD2-DA10-4F1B-9CF8-B9A44F8F5C8B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6D99BBFE-B84B-4EB7-9B0B-79DF3D00AAFC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6DD3B5B6-997D-4035-B2A1-1E9CC586615E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6E43560D-CBFE-44BF-BB20-8BF79E7AC612}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6F2E0BED-38BD-48BE-BB2A-ABAA16BC7BA7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{6FB20530-D022-4D27-B6D1-65AAEDA33F0D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{701274B9-C09D-403A-9691-BA39778FCCBA}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{70445F68-BF25-40EE-BE9B-527C1929E46E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7168DCAA-94DA-4FAD-928A-4E600FCBCFD7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{72140165-FF42-460F-A585-38C97D7FF95A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{721C49B6-1131-400A-9D45-10EDAFBDC56B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7369CF24-749F-4098-9884-7B7A18482BBD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{73ED257D-DA5F-4E37-B1CB-3305C4C0478D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7456918D-867D-4222-A1CC-323EBB4BEB0A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{759B7F76-E4F9-4C34-88BA-C0066C9BFDEB}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{75D9FADD-CD72-4439-933B-5396A08C9904}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{764017BD-82A9-4413-A8D3-F4CA7883EA48}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{77069282-9235-4C0A-8CCB-1C9E8E301238}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{772A6804-0E71-40ED-977C-E0F9472A19BB}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{774A34E8-7B42-42BC-9451-32DD6C373DCF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{774E9A0F-0DF1-4CEC-9514-1DE45A1E8FEF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{77D4FF7C-C6CF-428E-B724-5330DED60E38}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{77F334E6-A082-4C0F-9B10-60F0526DC3E8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7829254A-DC52-4C8E-9581-1027E3135537}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7831CD4F-DA26-4CCA-967F-33DB55AAA4B6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{78334BB0-1F99-4B61-A747-846AD7D41344}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{785694C2-AD9F-456E-B356-9D2702BAD113}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{78CBF88F-AD03-46CD-BED3-043C2C9EA745}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7946DEBA-711C-4DD8-82B6-8E39A861A746}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{795E28AF-5BCA-4F4A-A750-286B4BD51F03}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{799B1303-518A-4843-8FD3-EA90860F6127}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7AADC8F2-F891-4684-9F4C-52642DB72F4D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7B1BA020-77AE-41A4-AE60-C1E80A855AC9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7B6901DF-0C82-43FC-8BAA-1B1E3FCAFA4E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7BB107F5-63F3-4F62-8047-D24FCCB38EC7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7C0573F9-CF64-4CDF-884D-6018A4809E66}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7C44B040-0666-47DA-8A78-7CCD123C2B0C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7CB9294B-C832-4B21-ADC7-C1B8CF54C2C9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7D153988-132A-475D-AF97-5B7877369344}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7D1ECE01-2D35-4664-954F-16A8B1E8A046}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7D42791C-6616-4132-B1DD-1C0B7FE9C6BA}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7DD112EB-A75E-4651-B91E-98C87A644809}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7E150AFB-A21C-42B0-92D3-0DA16F6941DF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7E9810E7-C343-46C0-80A7-C499B8EA5CB8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7E9E8D51-89DA-4DA4-8E4C-38C6A5154089}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7EFB3BF0-EBD9-4CE2-9C99-4206D9345801}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7F8270C5-CB0D-4F2D-B88D-E20363AD5095}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7FD7BCA3-61C9-4C18-9254-151E03D6D0AD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{7FE14F67-23BE-449D-A37B-55FDFD7F1957}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{80DC9DAF-27FB-4634-941E-ACC5DDF9DB5C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{80E62FE3-F418-47AD-AA57-7164036F458E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{810E5825-61CC-4218-8DEE-59CEC4309D6D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{815C2444-E521-4032-91B8-93C27179B12E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{816C86D4-0747-46BE-8709-966F927591C2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{819DE4F8-BBB5-44D7-87B4-AD24613ADA35}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{81B34CC0-FF5F-4ECB-AC79-D18B9367C718}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{81E3D6F5-109D-416F-9CEB-5853AEF51527}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{82031C21-28CD-4F19-A4AE-181679C19ABC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{82986628-B555-4D53-8AE2-F6BF19087098}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{83BE0228-5731-4088-B436-11397A52BD56}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{83DEEE24-858D-4EA5-A9E7-1EC6C3A1D773}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{841EADA6-0C3C-4C7E-8B20-AD2864593404}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{853EC04C-2A30-4B9B-9AC7-540EFED4FE6E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{854F0D56-C090-4F08-A5DC-D6258D2B6215}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{858A4E18-99BF-4547-8767-C3C779E74907}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{85B8705D-2B20-4A7D-9AB5-69EFC822E720}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{85CBBA27-4A82-45D0-837A-0E714F80F706}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{85DB72B1-AA17-4651-96BF-7AE938B09BF2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{85EBF08A-6B45-4E64-9DB0-EB4D8EA4440E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{85F25103-63C4-4BCF-99C2-36BEDC3F56E0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{86202E0B-1A24-43EB-8057-75B2ECEC17CF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8669DAFC-3094-47C7-946C-170D54A4D4C7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{86AB4C9E-C9B2-40F7-B874-E214E74C410D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{87508C46-1F6D-48F4-BD73-138FEDA6DBCF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{87525D32-6B56-4A39-8806-8792F66CCE3E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{877E3074-ACCD-4C07-A53B-7D8684288F88}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{878065B8-B91E-480E-B936-48D982A23E9C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{88016745-C6EB-42FB-B931-A250FB61C3BB}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{89456C90-93CA-48DF-9980-0FBEEF886B8C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{89C55599-C076-4AE9-B152-A5E8041364C8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8A918876-61E9-46DB-BB99-EBFB296D6349}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8AAC3347-921A-4F65-A713-56578312C248}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8AE05CB5-92A9-41C9-8507-D6B8C9A991AE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8B35DE2C-2D02-4DC3-89C3-3710EC7A4287}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8BA695BD-F370-445E-98C3-686EFAF9A941}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8C16488A-5B4F-4EC7-B352-42094D01FA3A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8C9C769C-2731-4B64-BB4A-9B903EB339D4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8CAB1913-5D71-4A9D-8D38-2CB37A757FBC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8CB6567B-7EAD-4692-A680-ABD948240582}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8CE15EB4-30F8-4DB4-AD8B-99CD2C12D8FA}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8CEDD640-C154-4B1F-813E-335C236D1204}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8D2671C9-9C70-42D7-B366-1222DF014345}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8E3F7ADC-B398-4A0C-BD6A-223F63B588C6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8F1E7CFB-3B42-451D-AFD4-76F9A1F99547}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8F774381-D722-4447-9DCA-B8A9C950BC6B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{8FE2E426-4D77-4000-8E2A-8706567A64B4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{914DDB53-C405-4524-A4C1-F058B2FACCA7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{91C1C04F-70FA-45DA-BE16-08743B8E28D3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{91C82115-0759-4CFF-867F-D05041F6995E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{923DAEA6-7C78-4BFD-BCC7-7D4111469F0C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{92588560-E57A-433C-AFB2-C1DC20E6947F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{928E1C80-1ADF-4F2C-8F74-40D8B7A6EAC8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9291B9AF-998F-4E8B-BC07-022C448A306C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{92B7BB43-EB84-4EE3-8A96-E58460545E04}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{93050BEA-3E36-481A-AB41-B73A7E9D3A1D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9335456A-0CB5-4FF3-B377-658C656B1868}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{934E1CA4-9BB9-4C21-8D42-1D27AC222797}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{93746611-FAD4-437D-B963-CEF9C03883D2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9483F3EF-1552-42C7-8716-05AA9BB6DDED}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9514B1BE-5A26-4AB9-B531-66A60669A2DD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9536E977-668A-4264-A5D0-68F32E8D59A2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{957684AB-439A-4416-BC50-8F9721363BD8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{95A78D39-A75B-4981-968E-F13E182589FF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{95FA75C5-F3B0-4C4E-A881-CB4D5DA69B55}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{95FC7790-52C3-4FFF-8770-F499E760E56F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{961F6454-AC44-44E2-AAD4-B2D5DF34E912}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9677B186-92A3-49A7-AAEE-31181AE13AD1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{970C2C85-E673-44E5-88B2-C38845C3998A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9721FE48-BAA2-4C1F-A677-CA67F2C88C7F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{97437705-09CF-49E9-B177-8FB29AC610C3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{97442BF1-5195-41BF-92EE-19364BD969DA}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{97907473-6D16-4CC3-92CB-160453DE2A3F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{97BE3ADE-E83D-4199-BFF9-70ED2F294FF6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{97E2474C-D169-479C-95E2-6094C5CBA272}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9911CF4A-110F-430C-BD4E-2723C88AFC10}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9925C7E0-5AD2-47CD-B297-36EFB1A726B3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{993FE9E6-6B3C-437A-8D1D-8376732F9077}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9968C25D-DEFA-4C59-84B8-088AFF20F958}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9A76C249-C1BC-4BAD-8CE8-2524AFAC8FFD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9AE89485-54F0-4832-AC8E-24CECEF4D3BE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9B4B0A7F-B099-4F32-8DDC-7B5F59BBE226}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9B55F2E5-06C9-4B06-BE51-88CD87A62E2B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9C1F7399-D273-496A-A78C-C177DDA59DD2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9D50B440-2581-446D-9C6B-572DECFAA249}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9D5B5687-49FD-485E-A003-317995782BEC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9D75595F-6485-49C8-A1D7-9FFFE5F358BE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9D78804B-011B-4392-BA69-535AAC27D7FD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9DDB61B2-AEA9-4DB3-A466-4D735CD4A867}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9EE4C1E9-1554-49F8-94E1-710F6C5FA9CD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9EF63002-1CE2-40A2-AA23-C8E7DA8847B0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9F0FD538-C97E-4528-B464-CC93455532AF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9F15799A-B067-46C9-A721-1F2DA3FB8A77}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9F753970-F8CB-4CA6-BA9B-D061B469C96A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9FAED010-C064-4DD0-9EDB-0F9B6843302D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9FCD2B72-324F-44FC-8A15-35E7CF007756}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{9FDDAA25-8D34-48E0-A8F0-E140533D5381}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A075E1DE-5C96-4F45-9A13-F0BBDDE615D8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A0E5D1EA-1AA7-40E4-936E-79C18C1E7915}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A116D4F3-4B8A-453E-9EC2-3AFC70AD13D4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A12721AD-33CE-44F3-88DF-E23675C39C61}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A1B4E9CC-F112-41AC-8E0D-80279FA970FF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A243EFB4-ABFC-4628-A847-370FEA48AD0F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A34ECEE7-05EA-4CA3-B0CC-518E715ABFE0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A374430E-0954-473D-A0E7-F58C44634EED}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A3759EB8-2D39-493A-BB1C-9D8F73353A0A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A3A41AD5-9941-495D-9C46-EB800B613B7D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A45132DF-00A3-4EA1-9682-9C78D08BFA5A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A4BE1721-931A-40E1-BC76-A95852D7FD64}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A507DD92-9176-41B9-BD8C-42B6D352BE95}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A5789977-64C1-4364-9599-DEACE6A98169}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A583FAFA-D9AC-4BFC-B809-C08E47701D4F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A5B6E5F7-3558-451B-A64E-AB07A2D6AF9A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A5D70394-A657-4681-8DE8-7865C37D3710}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A6188291-DE60-421E-AEA1-14EF295294AE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A6A72E48-9796-42BB-945F-958BC201DBD3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A70F2A19-C71E-44E7-A374-5925F874C020}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A7ABC8F4-14FB-4145-A5CB-DFE267B70234}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A857E6F3-7EB0-482A-AE7A-868C2C78024D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A902F028-298D-4708-B9FE-AC210C9E0A65}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A917FCAB-65CB-409B-B6F1-0B0732468D1F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A98D017F-3A5A-4360-8F45-F991C57FED3C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{A9BC84FA-32B9-4A92-A717-ACC9D496D27D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{AA4166B1-B4AE-40EC-8A75-A878C1C7FFE5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{AB07624D-9CE2-4FA4-9E45-D56C195C4226}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{AB820480-9B5F-4A40-BC23-2A00330F598F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{AD93CB6A-864E-44D2-80FE-39B47E6146C9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{ADA220F3-5523-4B88-B646-612B0C059008}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{ADCCC1AF-29A8-4185-A23B-EE5868E991F0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{ADE6547A-C98F-4D44-A13B-27809292EBFD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{ADEE3CE3-6B96-4D4E-A0BF-99C18F369881}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{AE629B77-F068-4C4A-B4FA-B3A6FC640B94}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{AE92C85A-55CF-4839-90B4-4C292AB9C03C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{AF2C337B-7EF6-44BB-87CD-5721ECCA2B74}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B03A3915-96B0-423E-9694-6F13558C29CE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B03EDD51-71A1-461C-97DE-DFA772669F2D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B042EB0A-4AE6-41EF-971C-741C150F019D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B0483CC7-A68B-4706-9F62-1C8EF3D5DEFC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B0DE2CAC-8E92-46E2-9435-475CD2CB77CA}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B17AAFA8-378F-4AEE-8D28-5C938B07B4B4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B2607822-A13D-4788-B9A3-5CE8E8480D0A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B6CEE52E-6498-4E4B-BD2F-79409BDA30BC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B73CACE4-0F50-4D8A-B8BC-2FD9CE8BE5B1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B78E7FF0-371F-4155-9CDA-5B156A07249B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B8114404-B738-4F7D-AD87-56071D275F45}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B8591E1E-4B8F-4B9B-89C2-EF020F64FF3A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B8610E3B-EAB2-4FA7-8848-C891CF834B82}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B88C9CF9-F3CE-4263-95B3-10DA4C59BFD8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B8F985D2-200E-4728-9502-687E83174046}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B91FFA6B-31E7-4478-9C66-362FCAC4F759}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B9EC9C7F-B420-4AB0-A197-FFB77268785A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{B9FF276A-664F-4F21-BEF4-8C5F78358CE2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BA2CE184-D5B8-47A7-B9D8-D5400A24F7D6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BA52A208-F214-46A7-8192-3F63C93F62F8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BB96EBCE-AA24-45C4-84A4-89B81679DA57}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BC4ED5F1-7266-4726-9199-AD81EC88A481}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BD0D6DC3-2098-4E1A-B378-664717D92A1D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BD45E967-2D43-40C0-99ED-51D5DAFB8432}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BDAD9462-4A3D-4107-8FF9-5242760D4A61}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BE4E4F8A-3208-4B48-8E72-E548BCDC2706}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BEBF4040-FFF0-48FF-9E52-EAAD1B12AB1C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BFCDA8FB-D048-483E-A37B-D8AA50E4DEB3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BFD4339A-1B03-4114-90A8-F1F8BF339E64}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{BFEC1BC6-28E1-4DAB-B825-7467680C6545}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C02F87BA-2B63-4ACA-8AC3-847389239BEA}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C0C752C3-0211-4DED-997D-025B1230CA7F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C19E7496-8BA1-4D61-8005-8BC7BDF9BC7E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C1CFA4D8-346C-4D72-802B-029BCC58E11E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C21AB069-E9F1-4220-BACE-3F358639926F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C319EAB7-61AE-45F4-A85A-6C458E57E9D1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C4091BC7-35BE-42F5-B2BF-D1F947B5838F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C4D1C1D9-EBE6-40E7-BCB4-0DCE16DF6006}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C4F370E4-3AA9-4B63-854B-193D12123F19}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C4FAACE3-5020-4E2E-9F99-FBABA398483F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C54001D8-934D-4F77-93AE-06234E99DDB4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C552E79F-75E5-4E44-87B1-D7673C5CF6A6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C557178B-9943-4238-8822-27F398355759}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C6306E4D-6F8A-4F99-B486-036B1666A755}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C78BA322-3F2E-4BA8-A40D-B37765F199E1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C85DB167-C106-4B4D-AE41-DB11DF2E49AD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C89B072A-A275-496E-93E0-2D2B6C1B15DD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C8CCC2CE-65DB-433B-A5B0-5E9E9CC14907}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C8D81EE0-2D5D-4981-9367-CD231FFA8D54}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C903E6B2-07D3-4CAD-AAF7-A7E54DB0D415}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C9DD9C98-F71F-40B4-9372-DCD33146F10F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{C9EF7135-0861-4B04-9DFE-B36242B36F0B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CA0167BE-7BE9-45CE-80E3-B6E3AE1AC734}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CA1F306F-C320-4FDD-B638-E8B72D41975F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CA2A8FCB-26B5-466F-B380-C4D9B652B9BE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CA4858C6-9397-4ACB-940E-6C55985FDBC5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CABC8FEB-9A7D-4FCF-BB3B-7EFB5D797873}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CB45181A-466B-48C3-8CB5-536C17916B77}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CBB169C8-0F13-486E-A1D4-E28752BBB4BE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CBF5C3DF-E33D-464D-9479-51574A9F4791}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CBFC80EF-8E23-46E0-B6BA-9D03A36BACB7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CC5E4E07-52F6-46D8-A7A8-76DBA61C997A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CCB17C27-9766-4F3C-97E7-3782AAF0CE7A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CD0D854B-3F79-4F66-BFAD-96C89A447C00}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CD43C1F2-BD9D-490D-A9D2-476C5B97F14B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CD833C8B-CE03-4804-B888-77C065E8A4D6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CDDAC5EC-5588-40DA-9CF2-8CA5B3E72D17}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CDDD9016-AA75-4A34-9EB5-54302FC3A21B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CDF1AE36-708C-4293-BA93-7A11B9976823}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{CF97B913-3372-49E5-93B8-3B842F180067}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D016903C-58F0-40EB-913F-3E011802D6AB}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D027526D-236D-4E3B-B686-F96FC0D6E80E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D03107D9-2F67-405D-8001-C65C327CB8FE}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D0330BBC-A4CA-416C-BF72-695CB2CDE4C5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D0744CB7-03C6-45A8-8DA0-5EC464403EE5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D0E4CF42-1DB4-4F63-B655-BA4C7B55FF33}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D243B813-E8AB-4EC2-B090-DE2BF069695C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D2AFDE53-9924-4918-8524-561D93E99CB2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D2E5DD8B-CF43-46EB-B543-87D63794EC41}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D531FD5C-9779-4290-9C2A-8D55C38486EF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D571BDFA-F0B3-4B6F-8054-E3116F4E3644}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D5CDF291-EE50-4E5B-96EF-00BB53525F6F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D698CE72-522D-4814-9608-0862F8A2B9CF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D7F8EF14-312C-4983-BA88-D2CCA1D6BA1A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D835AE50-5EAC-4820-BD8B-55216308235F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D855DA1C-F2C4-4C3F-913A-353630E3596C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D85BE457-4417-4969-BCAB-7E2D6502B5E1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D8BCB3E5-D837-4D48-A214-6F42A05ACA69}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D8DB6C15-9101-4A64-BA8B-D26272B8DCE8}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{D9A2798C-D554-4CB0-9524-5212FC6A9385}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DA0B1484-BFF5-419C-B47A-F678029FA670}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DA32CD79-198F-48DC-A1DA-F792F7B2F0A3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DA5A4C8C-C947-47E9-AE95-AFCBCE4B2251}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DAB76578-3B2D-40CD-A187-4ABCD9028AE0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DAB96DCC-0FB2-49A4-AC33-139ECC2E37AC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DAFE5955-B40C-46AA-9FD0-100A53DB58AF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DBFF82AB-B834-40E4-BEDA-6E50E24BAE15}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DC204644-B6AC-451F-A227-96E6D3D7CF2A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DC6A03C5-95FB-4C2E-91E6-89B00B9FC2FB}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DC7D4ED8-6374-41F9-8380-47ED2AF8E324}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DC87DEF3-F605-4C21-AE94-6BB5500A0DA2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DD881C6C-31A1-4410-B3AA-AF772F97C361}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DD91E6DC-7BFE-4C2F-962E-52C278586B72}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DDDA080A-3BC4-421F-80A6-C732531653F2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DE027E87-27D1-4BC5-87B5-190D1DDDA285}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DF0164B2-F1E4-44CD-9EA6-F7446DEDD4BA}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DFE9AA16-DA86-448A-93DB-F08CE3C7A20C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{DFEA7D0A-E2AC-4D2D-A2C2-69CC336DE096}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E0113C10-5C92-4976-AB24-20720FA2192A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E0628529-1D6C-4867-B178-B3F5DC279680}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E071FD9A-E350-488B-A238-2485007C7276}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E1913F24-D83D-4971-B78D-58DF83AC92EF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E2660C24-3E25-4E9B-B521-5A1637A9CDDF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E294B97B-BAC7-4FC4-B0AB-5CBB545ACC91}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E2BE1413-B14E-42E8-A7CF-B4605FD13230}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E30AAA43-8EBA-4BF9-A76A-274FFA1A9303}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E325C215-E495-4F15-BD53-FA196263776A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E33F4407-3DBD-426F-AC23-2177F32B12C9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E346E376-46BE-47DF-9723-39AFB7FAAD29}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E3B45E43-5845-46D3-82F8-A0877545FE6B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E3F18C86-EC22-414E-BE9A-1C720E9E4724}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E4491D4B-703F-41B8-935D-B2608C3CB528}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E465D392-4FF8-4753-B737-FBB6D49EB665}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E467E0D7-7C5A-4914-B05B-0391756B90B0}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E503775A-6DFB-4D03-B482-CFE251431BA9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E54A6D83-B840-437C-A955-AFC0E7119B63}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E60F029B-6E03-4F3B-A969-D1D957CBD388}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E65A82F9-A8FC-46BD-B5E7-9FC294078B2F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E7CD3E36-FDD4-4AB5-AF65-F5F54AF03946}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E866B923-3CDD-438D-A773-F09C68D4B402}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E9219BEE-F6F9-44B5-97EE-0A14C8A16DDF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E9865C5E-99E4-4EF0-B549-BE2E4459C6C1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E98AAEFE-1CAD-4588-9FDA-273B5D8BD21F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{E9C54982-498B-4EAD-8488-9EB354AED5C5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EAAC2F31-8829-4F20-8F01-B49896BC4291}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EAC22E6B-B47A-420B-9808-340E000A9889}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EB0A8BF6-5652-44FF-BEFB-635F09989CFF}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EB9C9A68-2ADD-4FC5-9DE6-C98E3683EA3E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EC0443AC-B856-4D21-939D-8F65A4FAC56D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EC0D47BC-3ED5-44AF-BA60-ECF15BF2B3F9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{ECCAAD62-411A-4EC2-98DD-1AA639CB471B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{ED015064-C233-48EC-9696-0E7103E4E5C9}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EDE59DAA-5B4A-464F-93BF-A1593F1836B3}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EE2A1555-B460-41F8-AFBF-AF845B465531}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EE6B6FC0-1272-4FB5-BA2F-DC435D230193}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EE97B904-186C-48AD-9F6D-961F1612597D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EF59ADE9-EAD5-49B3-A89B-6CEBDE86F8DC}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{EFBB5F89-2C51-40CB-AF78-0872A7A020DA}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F017CD93-E60C-4C93-85CA-92E8924E3346}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F0258E3C-88D8-49CD-8AEB-FC952150BF60}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F07BE873-297B-45F9-A178-09E4BDF5C73D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F07E4AED-46F4-40DA-8F01-638F82B1F30A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F0C618D9-8FB5-4BD9-B59B-CCF3F7CE4EC6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F0EBAD6F-E1DB-4B59-8CA7-5CB8908D2F76}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F17D665D-9C20-4859-B821-650018F31B26}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F237CFA6-4CA6-423A-B4CD-3EB79E7E7A47}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F2C6C758-635D-451F-878E-EA441B8FC6EB}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F47ECE9B-E79D-4B4C-87D0-5D2369BF1767}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F4DD1CCA-C4D7-4158-80B8-4629DD9F43F2}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F52E91B1-DAA1-45FC-8D2C-EC0BBDAD11F4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F5ABD9F2-377F-4133-9ADB-CCCA451DEDD5}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F65FFA2C-9301-49A5-B7C1-3E609C9B4F1B}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F6936F8F-AA6F-4D03-A32A-3B60BF6DB2C6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F6C809A9-35B6-45C6-80C6-85DCFDDB3D6A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F6DA6808-2756-4429-BCAC-843FFD0D3509}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F6E3DCAB-0082-4C53-AC5A-713049FADF1E}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F7093AE7-A401-48D5-AA4C-1EC22A5EC72A}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F87B0BAF-AAD3-4076-8E8C-D9E48668669C}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F94BF5AF-D2A9-4661-BC0E-C20CC954A010}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{F9EB7D07-B478-442D-A1A8-B88627BD0B5F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FA1A56EC-F778-4FC2-BAE6-285EBF224548}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FA58503E-B342-4BA6-AF6F-EE21C9B65C78}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FAD81E25-ABF9-4CAD-8E88-06FB65A2BA4F}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FB1B3255-9B0D-4B41-B6C4-E763C0C65AF1}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FB5AC629-96BB-40FC-9914-4F91FCC4A954}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FB82DC0B-B57A-4D8F-801C-C248F2B0A3B4}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FBCD758E-6A39-4F1C-BAE1-C1EF7FB53F98}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FBD1039D-80B6-492B-A42F-4C3BC59AC107}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FC3C76DC-A1AD-499F-B7C5-C6A3A895C8EB}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FC75A082-BD1C-4121-9A11-19BEBF2EE094}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FC76D49B-F7D0-4892-945E-8D34D12F8627}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FD116FEC-F5C4-44A4-A203-676AEAE0801D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FD977101-1C2B-4F1B-88BB-C6F1DB9840C7}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FE310E2B-513E-4877-9B6A-8935A95CED39}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FE4A426F-10A5-4D0D-8DF3-A93AA40B3918}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FE4EF6F8-8360-44C0-95BA-98D705409610}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FE5D8F42-657B-4146-8B24-B98A80DC13E6}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FEAC9659-19AB-4C3B-AE73-1E9325FDC631}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FF5282BA-8A78-4EFF-9D8C-F3A2B1190A8D}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FF5BF1AA-2FE8-4DD0-956D-ADB36B1F13CD}
Successfully deleted: [Empty Folder] C:\Users\Agando\appdata\local\{FF82246F-3B5E-464A-8874-4F56EC564984}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Agando\AppData\Roaming\mozilla\firefox\profiles\u5te949r.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Emptied folder: C:\Users\Agando\AppData\Roaming\mozilla\firefox\profiles\u5te949r.default\minidumps [41 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.04.2013 at 18:12:06,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Combofix:

Code:

ATTFilter

ComboFix 13-04-24.03 - Agando 24.04.2013  18:15:08.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8175.6169 [GMT 2:00]
ausgeführt von:: c:\users\Agando\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Agando\AppData\Local\Temp\7zS2B8F\HPSLPSVC64.DLL
c:\windows\PolicyDefinitions
c:\windows\PolicyDefinitions\de-DE\DeviceRedirection.adml
c:\windows\PolicyDefinitions\de-DE\EnhancedStorage.adml
c:\windows\PolicyDefinitions\de-DE\InetRes.adml
c:\windows\PolicyDefinitions\de-DE\NCSI.adml
c:\windows\PolicyDefinitions\de-DE\RacWmiProv.adml
c:\windows\PolicyDefinitions\de-DE\ReAgent.adml
c:\windows\PolicyDefinitions\de-DE\sdiageng.adml
c:\windows\PolicyDefinitions\de-DE\sdiagschd.adml
c:\windows\PolicyDefinitions\de-DE\Search.adml
c:\windows\PolicyDefinitions\de-DE\ShapeCollector.adml
c:\windows\PolicyDefinitions\de-DE\TerminalServer-WinIP.adml
c:\windows\PolicyDefinitions\de-DE\WindowsMediaDRM.adml
c:\windows\PolicyDefinitions\de-DE\WindowsMediaPlayer.adml
c:\windows\PolicyDefinitions\DeviceRedirection.admx
c:\windows\PolicyDefinitions\en-US\InetRes.adml
c:\windows\PolicyDefinitions\EnhancedStorage.admx
c:\windows\PolicyDefinitions\inetres.admx
c:\windows\PolicyDefinitions\NCSI.admx
c:\windows\PolicyDefinitions\RacWmiProv.admx
c:\windows\PolicyDefinitions\ReAgent.admx
c:\windows\PolicyDefinitions\sdiageng.admx
c:\windows\PolicyDefinitions\sdiagschd.admx
c:\windows\PolicyDefinitions\Search.admx
c:\windows\PolicyDefinitions\ShapeCollector.admx
c:\windows\PolicyDefinitions\Terminalserver-WinIP.admx
c:\windows\PolicyDefinitions\WindowsMediaDRM.admx
c:\windows\PolicyDefinitions\WindowsMediaPlayer.admx
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-24 bis 2013-04-24  ))))))))))))))))))))))))))))))
.
.
2013-04-24 16:07 . 2013-04-24 16:07	--------	d-----w-	c:\windows\ERUNT
2013-04-24 16:06 . 2013-04-24 16:06	--------	d-----w-	C:\JRT
2013-04-24 02:38 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-24 02:38 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{81634424-13D9-48CA-BE47-03F8E5EDA4F2}\mpengine.dll
2013-04-23 18:05 . 2013-04-24 03:50	--------	d-----w-	C:\Klaus
2013-04-21 06:49 . 2013-04-21 06:49	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-04-18 04:57 . 2013-04-18 04:57	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-04-11 03:19 . 2013-04-11 03:20	--------	d-----w-	c:\users\Gast\AppData\Roaming\TP-LINK
2013-04-10 15:59 . 2012-07-12 00:00	480632	----a-w-	c:\windows\instwcli.dex
2013-04-10 15:22 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 15:22 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 15:22 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 15:22 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 15:22 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 15:22 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 15:22 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 15:22 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-10 15:20 . 2013-04-10 15:22	--------	d-----w-	c:\users\Agando\AppData\Roaming\TP-LINK
2013-04-10 15:19 . 2013-04-10 15:19	--------	d-----w-	c:\program files (x86)\TP-LINK
2013-04-10 15:19 . 2012-05-31 17:15	1918976	----a-w-	c:\windows\system32\drivers\athurx.sys
2013-04-10 15:19 . 2012-05-31 17:15	1918976	----a-w-	c:\windows\system32\athurx.sys
2013-04-10 15:18 . 2013-04-10 15:19	--------	d-----w-	c:\programdata\TP-LINK
2013-04-05 22:51 . 2013-04-05 22:53	--------	d-----w-	c:\users\Agando\AppData\Roaming\Vampire aus Nr. 13
2013-04-04 19:28 . 2013-04-04 19:29	--------	d-----w-	c:\users\Agando\AppData\Roaming\Milinda Wind
2013-04-04 19:27 . 2013-04-04 19:28	--------	d-----w-	c:\users\Agando\AppData\Roaming\Der Schatten der Dämmerung
2013-04-04 19:08 . 2013-04-04 19:27	--------	d-----w-	c:\users\Agando\AppData\Roaming\Das Geheimnis des Korsaren
2013-04-04 13:35 . 2013-04-04 13:55	--------	d-----w-	c:\users\Agando\AppData\Roaming\Das Geheimnis der ägyptischen Mumie
2013-04-04 13:27 . 2013-04-05 22:30	--------	d-----w-	c:\users\Agando\AppData\Roaming\cerasus.media
2013-04-04 13:26 . 2013-04-04 13:27	--------	d-----w-	c:\program files (x86)\100% Wimmelbild
2013-04-04 13:24 . 2013-04-04 13:25	--------	d-----w-	c:\program files (x86)\Mystery Stories - Expedition des Grauens
2013-04-04 13:21 . 2013-04-04 13:21	--------	d-----w-	c:\program files (x86)\Mystery Stories - Das Geisterschiff
2013-04-04 13:14 . 2013-04-04 13:15	--------	d-----w-	c:\program files (x86)\Mystery 2
2013-04-02 21:49 . 2013-04-02 21:49	--------	d-----w-	c:\users\Agando\AppData\Roaming\Magic3
2013-04-02 16:28 . 2013-04-02 16:47	--------	d-----w-	c:\users\Agando\AppData\Roaming\V-Games
2013-04-02 16:17 . 2013-04-04 13:07	--------	d-----w-	c:\program files (x86)\Purplehills
2013-03-30 14:20 . 2012-08-21 00:00	99840	----a-w-	c:\windows\system32\fwlan5ci.dll
2013-03-30 14:20 . 2012-08-21 00:00	982784	----a-w-	c:\windows\system32\drivers\fwlanusb5.sys
2013-03-30 14:20 . 2013-04-10 15:59	--------	d-----w-	c:\windows\AVM_Driver
2013-03-30 14:20 . 2012-04-25 00:00	14120	----a-w-	c:\windows\system32\drivers\avmeject.sys
2013-03-30 14:20 . 2013-03-30 14:20	--------	d-----w-	c:\users\Agando\AVM_Driver
2013-03-30 14:04 . 2011-04-19 16:52	95544	----a-w-	c:\windows\system32\bcmwlcoi.dll
2013-03-30 14:04 . 2011-04-19 16:31	3900928	----a-w-	c:\windows\system32\bcmihvsrv64.dll
2013-03-30 14:04 . 2011-04-19 16:31	3566592	----a-w-	c:\windows\system32\bcmihvui64.dll
2013-03-30 14:04 . 2010-06-09 12:11	1721576	----a-w-	c:\windows\system32\WdfCoInstaller01009.dll
2013-03-30 14:04 . 2011-07-22 09:33	25056	----a-w-	c:\windows\system32\drivers\SCMNdisP.sys
2013-03-29 21:21 . 2008-07-12 07:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2013-03-29 21:21 . 2008-07-12 07:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2013-03-29 21:21 . 2008-07-12 07:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2013-03-29 21:21 . 2008-07-12 07:18	540688	----a-w-	c:\windows\system32\d3dx10_39.dll
2013-03-29 21:21 . 2008-07-12 07:18	4992520	----a-w-	c:\windows\system32\D3DX9_39.dll
2013-03-29 21:21 . 2008-07-12 07:18	1942552	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2013-03-25 17:41 . 2013-03-15 05:53	968408	----a-w-	c:\windows\SysWow64\nvumdshim.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 15:17 . 2013-02-28 11:30	90208	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-04-22 15:17 . 2013-02-28 11:30	620128	----a-w-	c:\windows\system32\drivers\klif.sys
2013-04-22 15:17 . 2012-08-13 15:49	178448	----a-w-	c:\windows\system32\drivers\kneps.sys
2013-04-22 15:17 . 2012-06-08 10:38	55056	----a-w-	c:\windows\system32\drivers\kltdi.sys
2013-04-12 21:57 . 2012-04-04 03:05	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 21:57 . 2012-03-04 19:53	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 16:05 . 2012-03-04 14:57	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-04 12:50 . 2013-02-28 18:49	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-04 03:35 . 2013-03-05 04:52	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-15 05:53 . 2013-01-11 20:51	15042928	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:53 . 2012-10-10 20:23	2864144	----a-w-	c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-10-10 20:23	1118776	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2012-10-10 20:23	15508512	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2012-10-10 20:22	2539128	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-03-15 04:16 . 2012-03-03 08:57	3477280	----a-w-	c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-03-03 08:57	6398240	----a-w-	c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-03-14 04:36	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-03-15 04:16 . 2012-03-03 08:57	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-03-03 08:57	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-03-03 08:57	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-03-14 21:07 . 2013-03-14 21:07	559904	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-03-13 16:24 . 2012-03-14 04:36	3065455	----a-w-	c:\windows\system32\nvcoproc.bin
2013-03-11 23:10 . 2010-11-21 03:27	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-03-05 04:52 . 2012-08-26 17:00	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-05 04:52 . 2012-08-26 17:00	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 16:24	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 16:24	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 16:24	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 16:24	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 16:24	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 16:24	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:47	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:25 . 2013-02-19 16:32	1807136	----a-w-	c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-02-19 16:32	1510176	----a-w-	c:\windows\system32\nvdispgenco6420162.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-02-28 356376]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-09-19 5236664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
c:\users\Agando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
TP-LINK-Konfigurationstool.lnk - c:\program files (x86)\TP-LINK\TP-LINK-Konfigurationstool\TWCU.exe [2013-4-10 841216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ALSysIO;ALSysIO;c:\users\Agando\AppData\Local\Temp\ALSysIO64.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2012-04-25 14120]
R3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 fwlanusb5;FRITZ!WLAN N v2;c:\windows\system32\DRIVERS\fwlanusb5.sys [2012-08-21 982784]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-04-22 55056]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-04-22 178448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-09-19 1157056]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-09-19 248248]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-09-19 1177536]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2012-05-31 1918976]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:57]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2683148460-86017118-230150774-1000Core.job
- c:\users\Agando\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04 15:02]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2683148460-86017118-230150774-1000UA.job
- c:\users\Agando\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04 15:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-03-24 976672]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Agando\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\u5te949r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myvideo.de/
FF - ExtSQL: 2013-02-28 12:40; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-02-28 12:40; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-02-28 12:40; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-02-28 12:40; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-02-28 12:40; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-02-28 22:42; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Agando\AppData\Roaming\Mozilla\Firefox\Profiles\u5te949r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: !HIDDEN! 2012-05-11 07:17; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2683148460-86017118-230150774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2683148460-86017118-230150774-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-24  18:24:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-24 16:24
.
Vor Suchlauf: 12 Verzeichnis(se), 263.810.539.520 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 263.441.760.256 Bytes frei
.
- - End Of File - - EC5926B5C6D3F524376B0EAEFDB532CD

Für DIch noch zur Info, ich bin normalerweise täglich ab 17:00 Uhr in der Lage Dir zu antworten, falls noch was anliegt.

Danke und Gruß

Roperi

M-K-D-B · 24.04.2013, 18:44

Servus,

Schritt 1
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*PriceGong*
*Softonic*
*Freeze.com*
*anonymize*

:folderfind
*PriceGong*
*Softonic*
*Freeze.com*
*anonymize*

:regfind
PriceGong
Softonic
Freeze.com
anonymize

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

die Logdateien von OTL,
die Logdatei von SystemLook.

Roperi · 24.04.2013, 19:21

Hi,

hier die gewünschten Daten.

OTL:

Code:

ATTFilter

OTL logfile created on: 24.04.2013 20:11:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Agando\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,14% Memory free
15,97 Gb Paging File | 13,45 Gb Available in Paging File | 84,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 243,08 Gb Free Space | 52,20% Space Free | Partition Type: NTFS
 
Computer Name: ROLFPC | User Name: Agando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.23 20:20:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Agando\Desktop\OTL.exe
PRC - [2013.04.05 14:16:37 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2013.03.24 10:46:23 | 000,976,672 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.03.24 10:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.24 10:40:57 | 001,074,976 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.02.28 13:34:23 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.09.19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012.09.19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012.09.19 22:03:58 | 005,236,664 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012.09.19 22:02:48 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 23:57:06 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013.03.27 08:38:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.03.27 08:37:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.03.27 08:36:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.03.27 08:36:42 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.03.27 08:36:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.03.27 08:36:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.03.27 08:36:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.03.27 08:36:20 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 23:57:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.24 10:41:08 | 001,927,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.03.13 19:19:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.28 13:34:23 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012.09.19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012.09.19 22:02:48 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.10.05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.22 17:17:43 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.04.22 17:17:43 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.04.22 17:17:43 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.10.25 13:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.10.25 13:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.21 02:00:00 | 000,982,784 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb5.sys -- (fwlanusb5)
DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.05.31 19:15:54 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2012.04.25 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.myvideo.de/"
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Agando\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Agando\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.11 07:16:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.22 17:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.22 17:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.22 17:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.22 17:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.22 17:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 19:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.11 07:16:59 | 000,000,000 | ---D | M]
 
[2012.03.04 17:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agando\AppData\Roaming\mozilla\Extensions
[2013.04.24 18:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agando\AppData\Roaming\mozilla\Firefox\Profiles\u5te949r.default\extensions
[2013.04.07 11:51:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Agando\AppData\Roaming\mozilla\Firefox\Profiles\u5te949r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.03.13 19:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.13 19:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.03.13 19:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.03.13 19:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.22 17:17:45 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.03.13 19:19:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.25 23:13:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.25 23:13:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.25 23:13:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.25 23:13:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.25 23:13:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.25 23:13:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.facebook.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Agando\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Java Populars! = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\oapojegdcjjaeehmicinhimakliedchj\1.2_0\
CHR - Extension: Google Mail = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Agando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2013.04.24 18:21:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Agando\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Agando\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0758D83C-510B-4085-B702-5F0D4DE28990}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A41C850-54AE-4DAF-BB2D-3E145A0047D7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B459486-0025-4C0D-BE15-AFD4513D71FE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.24 18:35:20 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Local\{7967AF98-3BBE-44E3-AF27-F5F422F62A61}
[2013.04.24 18:21:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.04.24 18:13:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.24 18:13:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.24 18:13:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.24 18:13:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.24 18:13:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.24 18:07:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.24 18:06:41 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.24 18:02:26 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Agando\Desktop\JRT.exe
[2013.04.24 18:02:19 | 005,059,204 | R--- | C] (Swearware) -- C:\Users\Agando\Desktop\ComboFix.exe
[2013.04.23 20:20:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Agando\Desktop\OTL.exe
[2013.04.23 20:05:36 | 000,000,000 | ---D | C] -- C:\Klaus
[2013.04.23 20:05:15 | 000,000,000 | ---D | C] -- C:\Users\Agando\Desktop\Neuer Ordner
[2013.04.21 08:49:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.18 06:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.10 18:04:30 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 18:04:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 18:04:29 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 18:04:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 18:04:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 18:04:29 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.10 18:04:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.10 18:04:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.10 18:04:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 18:04:29 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 18:04:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.10 18:04:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 18:04:28 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 18:04:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 18:04:27 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 17:59:49 | 000,480,632 | ---- | C] (AVM Berlin) -- C:\Windows\instwcli.dex
[2013.04.10 17:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Link
[2013.04.10 17:22:58 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 17:22:58 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 17:22:57 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 17:22:57 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 17:22:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 17:22:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.10 17:20:05 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\TP-LINK
[2013.04.10 17:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.04.10 17:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2013.04.10 17:19:07 | 001,918,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys
[2013.04.10 17:19:07 | 001,918,976 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys
[2013.04.10 17:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2013.04.06 00:51:08 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Vampire aus Nr. 13
[2013.04.04 21:28:29 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Milinda Wind
[2013.04.04 21:27:25 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Der Schatten der Dämmerung
[2013.04.04 21:08:03 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Das Geheimnis des Korsaren
[2013.04.04 15:35:09 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Das Geheimnis der ägyptischen Mumie
[2013.04.04 15:27:04 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\cerasus.media
[2013.04.04 15:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\100% Wimmelbild
[2013.04.04 15:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\100% Wimmelbild
[2013.04.04 15:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Stories - Expedition des Grauens
[2013.04.04 15:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery Stories - Expedition des Grauens
[2013.04.04 15:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Stories - Das Geisterschiff
[2013.04.04 15:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery Stories - Das Geisterschiff
[2013.04.04 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\Agando\Desktop\Wimmelbild
[2013.04.04 15:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery 2
[2013.04.04 15:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery 2
[2013.04.03 14:13:55 | 000,000,000 | ---D | C] -- C:\Users\Agando\Desktop\Unitymedia Geschwindigkeitstest_files
[2013.04.02 23:49:52 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\Magic3
[2013.04.02 18:28:14 | 000,000,000 | ---D | C] -- C:\Users\Agando\AppData\Roaming\V-Games
[2013.04.02 18:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
[2013.04.02 18:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Purplehills
[2013.03.30 16:20:56 | 000,982,784 | ---- | C] (AVM GmbH) -- C:\Windows\SysNative\drivers\fwlanusb5.sys
[2013.03.30 16:20:56 | 000,099,840 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\fwlan5ci.dll
[2013.03.30 16:20:52 | 000,014,120 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmeject.sys
[2013.03.30 16:20:52 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver
[2013.03.30 16:20:42 | 000,000,000 | ---D | C] -- C:\Users\Agando\AVM_Driver
[2013.03.30 16:04:26 | 003,900,928 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2013.03.30 16:04:26 | 003,566,592 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2013.03.30 16:04:26 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2013.03.30 16:04:26 | 000,095,544 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2013.03.30 16:04:18 | 000,025,056 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2013.03.29 23:21:15 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2013.03.29 23:21:15 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013.03.29 23:21:15 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2013.03.29 23:21:15 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013.03.29 23:21:15 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2013.03.29 23:21:15 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013.03.27 07:47:49 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.27 07:47:49 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.27 07:47:49 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.27 07:47:49 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.27 07:47:49 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.27 07:47:49 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.27 07:47:49 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.27 07:47:49 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.27 07:47:49 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.27 07:47:49 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.27 07:47:49 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.27 07:47:49 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.27 07:47:49 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.27 07:47:49 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.27 07:47:49 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.27 07:47:49 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.27 07:47:49 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.27 07:47:49 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.27 07:47:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.27 07:47:49 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.27 07:47:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.27 07:47:49 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.27 07:47:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.27 07:47:49 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.27 07:47:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.27 07:47:49 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.27 07:47:49 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.27 07:47:49 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.27 07:47:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.27 07:47:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.27 07:47:49 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.27 07:47:49 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.27 07:47:49 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.27 07:47:49 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.27 07:47:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.27 07:47:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.27 07:47:49 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.27 07:47:49 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.27 07:47:49 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.27 07:47:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.27 07:47:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.27 07:47:49 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.27 07:47:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.27 07:47:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.27 07:47:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.27 07:47:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.27 07:47:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.27 07:47:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.27 07:47:49 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.27 07:47:49 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.27 07:47:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.27 07:47:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.27 07:47:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.24 20:10:17 | 000,165,376 | ---- | M] () -- C:\Users\Agando\Desktop\SystemLook_x64.exe
[2013.04.24 20:08:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2683148460-86017118-230150774-1000UA.job
[2013.04.24 20:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.24 18:33:20 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 18:33:20 | 000,021,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.24 18:25:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.24 18:25:45 | 2134,347,775 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.24 18:21:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.24 18:02:30 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Agando\Desktop\JRT.exe
[2013.04.24 18:02:19 | 005,059,204 | R--- | M] (Swearware) -- C:\Users\Agando\Desktop\ComboFix.exe
[2013.04.24 18:02:07 | 000,619,461 | ---- | M] () -- C:\Users\Agando\Desktop\adwcleaner.exe
[2013.04.23 20:21:38 | 000,000,000 | ---- | M] () -- C:\Users\Agando\defogger_reenable
[2013.04.23 20:20:46 | 000,050,477 | ---- | M] () -- C:\Users\Agando\Desktop\Defogger.exe
[2013.04.23 20:20:38 | 000,377,856 | ---- | M] () -- C:\Users\Agando\Desktop\gmer_2.1.19163.exe
[2013.04.23 20:20:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Agando\Desktop\OTL.exe
[2013.04.23 17:08:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2683148460-86017118-230150774-1000Core.job
[2013.04.22 17:17:43 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.04.22 17:17:43 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013.04.22 17:17:43 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.04.22 17:17:43 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.04.17 09:21:13 | 001,614,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.17 09:21:13 | 000,697,292 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.17 09:21:13 | 000,652,610 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.17 09:21:13 | 000,148,330 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.17 09:21:13 | 000,121,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.15 18:30:36 | 000,002,029 | ---- | M] () -- C:\Users\Agando\Desktop\MyBookLive (192.168.0.103).lnk
[2013.04.12 23:57:06 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.12 23:57:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.11 05:09:07 | 000,002,363 | ---- | M] () -- C:\Users\Agando\Desktop\Google Chrome.lnk
[2013.04.10 19:19:36 | 000,344,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 18:01:03 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 17:38:30 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\WD Link.lnk
[2013.04.10 17:19:50 | 000,002,187 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
[2013.04.10 17:19:50 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK-Konfigurationstool.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.03 14:13:55 | 000,004,206 | ---- | M] () -- C:\Users\Agando\Desktop\Unitymedia Geschwindigkeitstest.htm
[2013.03.30 16:06:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2013.03.27 07:47:49 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.27 07:47:49 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.27 07:47:49 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.27 07:47:49 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.27 07:47:49 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.27 07:47:49 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.27 07:47:49 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.27 07:47:49 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.27 07:47:49 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.27 07:47:49 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.27 07:47:49 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.27 07:47:49 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.27 07:47:49 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.27 07:47:49 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.27 07:47:49 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.27 07:47:49 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.27 07:47:49 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.27 07:47:49 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.27 07:47:49 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.27 07:47:49 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.27 07:47:49 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.27 07:47:49 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.27 07:47:49 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.27 07:47:49 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.27 07:47:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.27 07:47:49 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.27 07:47:49 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.27 07:47:49 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.27 07:47:49 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.27 07:47:49 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.27 07:47:49 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.27 07:47:49 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.27 07:47:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.27 07:47:49 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.27 07:47:49 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.27 07:47:49 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.27 07:47:49 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.27 07:47:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.27 07:47:49 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.27 07:47:49 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.27 07:47:49 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.27 07:47:49 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.27 07:47:49 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.27 07:47:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.27 07:47:49 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.27 07:47:49 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.27 07:47:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.27 07:47:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.27 07:47:49 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.27 07:47:49 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.27 07:47:49 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.27 07:47:49 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.27 07:47:49 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.27 07:47:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.27 07:47:49 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.27 07:46:46 | 001,591,946 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.26 19:35:38 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.24 20:10:17 | 000,165,376 | ---- | C] () -- C:\Users\Agando\Desktop\SystemLook_x64.exe
[2013.04.24 18:13:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.24 18:13:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.24 18:13:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.24 18:13:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.24 18:13:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.24 18:02:07 | 000,619,461 | ---- | C] () -- C:\Users\Agando\Desktop\adwcleaner.exe
[2013.04.23 20:21:38 | 000,000,000 | ---- | C] () -- C:\Users\Agando\defogger_reenable
[2013.04.23 20:20:46 | 000,050,477 | ---- | C] () -- C:\Users\Agando\Desktop\Defogger.exe
[2013.04.23 20:20:38 | 000,377,856 | ---- | C] () -- C:\Users\Agando\Desktop\gmer_2.1.19163.exe
[2013.04.15 18:30:36 | 000,002,029 | ---- | C] () -- C:\Users\Agando\Desktop\MyBookLive (192.168.0.103).lnk
[2013.04.10 17:38:30 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\WD Link.lnk
[2013.04.10 17:19:50 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK-Konfigurationstool.lnk
[2013.04.10 17:19:50 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK-Konfigurationstool.lnk
[2013.04.10 17:19:07 | 000,021,215 | ---- | C] () -- C:\Windows\SysNative\netathurx.inf
[2013.04.10 17:19:07 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat
[2013.04.03 14:13:55 | 000,004,206 | ---- | C] () -- C:\Users\Agando\Desktop\Unitymedia Geschwindigkeitstest.htm
[2013.03.30 16:06:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2013.03.27 07:47:49 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.27 07:47:49 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.04 22:55:23 | 000,000,045 | ---- | C] () -- C:\ProgramData\.SimImages
[2013.01.17 15:45:14 | 000,003,584 | ---- | C] () -- C:\Users\Agando\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.11 07:13:22 | 000,245,553 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.05.11 07:13:22 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.03.09 17:28:15 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2012.03.09 17:28:13 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2012.03.04 16:39:39 | 000,017,408 | ---- | C] () -- C:\Users\Agando\AppData\Local\WebpageIcons.db
[2012.03.03 10:56:06 | 001,591,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.03 10:09:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012.03.03 10:05:25 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 24.04.2013 20:11:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Agando\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,14% Memory free
15,97 Gb Paging File | 13,45 Gb Available in Paging File | 84,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 243,08 Gb Free Space | 52,20% Space Free | Partition Type: NTFS
 
Computer Name: ROLFPC | User Name: Agando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10749267-BAAC-4D9B-BC8A-E62736A69011}" = lport=139 | protocol=6 | dir=in | app=system | 
"{17BD62ED-DDF6-44C8-942E-1874A6606F00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18818834-5583-4E27-B661-3A5A1FA7399F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B01A3E8-D821-4CE0-A71A-2D7FCC62DF25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{241A3C45-AEA9-45FC-BA93-7679F0274809}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3353954A-AE3B-47D5-91A2-ECE213ECD772}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3370F8BA-4E2A-4530-BAC6-6F5BAD7FF541}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{348A001F-FCD9-42B4-87D0-95056A844F7E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{398897E5-7387-433C-9251-45F9B0D870A8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{544961D7-27FA-4EEC-AB2E-37EACB3DFB77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{567D25FF-8AA2-4227-A741-EC93DA6197FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5E35AD07-4FEE-447E-A510-CB07E92542A3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{611C05C8-9C66-438B-8315-E5E256A80A9B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{743F6456-2254-4393-AE8F-938D94C1EB76}" = rport=445 | protocol=6 | dir=out | app=system | 
"{74408F11-1082-401F-A170-753619051164}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{79F20B60-3AAA-46BF-8CA7-C3338C1FF6E8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7ABFD2FF-DF66-4FC2-9903-AC8591D47A54}" = lport=137 | protocol=17 | dir=in | app=system | 
"{82A3EB08-8386-4434-B546-7B6DF4072E04}" = lport=445 | protocol=6 | dir=in | app=system | 
"{95401930-9AC6-44C4-8625-DBFF8FBD96D2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{96819BBF-931A-4E6B-8271-A5553E54D8C4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC805216-0D25-4CBA-A472-F913F8C70AD0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AE9B7B9B-1920-4674-B253-EB4D7DFD0FA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB2E19E9-4050-4828-9883-A70FC9189FEC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E0181045-E0B4-4ECF-AC9E-D949C6A174F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E142F564-1582-44DE-A1EE-AA15F7305EF0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041A395B-11E0-4026-96B3-78880CD38988}" = protocol=17 | dir=in | app=c:\users\agando\appdata\local\temp\7zs2b8f\hppiw.exe | 
"{0653DBA8-7D8E-4856-99AB-0A0365209231}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{08CEC769-9A97-469E-9457-C0B2518926B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0931424B-3133-4896-81EB-8861E475A784}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B7DFA93-F06A-4288-B9ED-84310EE82EA8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{1023562B-57D7-45C0-A03A-562C874EF24B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1614CA7C-164F-457F-BEAF-D912BDB17B44}" = protocol=6 | dir=in | app=c:\users\agando\appdata\local\temp\7zs2ae5\hpdiagnosticcoreui.exe | 
"{1804DD7C-5598-4691-93DC-55D9B0D6D883}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1DC119B6-45F7-4EDC-8269-5355B3E115C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{244B2320-5694-4A4F-8666-46C93B25EDF7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{275FD22F-5FE9-4292-9C26-860B6B570541}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{27A94176-5906-40B1-B039-B3E67133A4C6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{27C74804-4718-4810-9AC3-DC87D63A50C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{28B61423-B6FC-46DF-BEEA-F20BD2BFD9DA}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{29015CCD-5A06-4B9B-AA2F-3F4272576EF7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{29A7A7A6-7DD7-4E8F-BA65-172956D53678}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2CAF8B18-78E0-4E06-B6C1-C91159CE63AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DB92B76-6128-4318-A79E-B9C336E25C33}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2F0F7B61-908C-4F6F-AF1C-820DC0DDD59F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{35DE0754-6741-417D-9172-069BFD57E8A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{37500053-0920-47C8-8FB2-2254AA03E73E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{38314842-0407-4729-B500-30808E04467C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3FF299A0-B430-4618-BC6D-DC108DCA9314}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4002C03E-453A-420B-94C0-48C09718A21B}" = protocol=17 | dir=in | app=c:\users\agando\appdata\local\temp\7zs2ae5\hpdiagnosticcoreui.exe | 
"{421D4D9A-4291-4E89-9A87-956FD79367B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{4454BA94-94A9-4200-978A-1914322DB3EA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{44875FE0-4223-462F-A640-F8BBAF27FDC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{478FA9EE-C533-432F-8708-7B475F4CCF3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{4F4559A2-8328-4459-B3D9-A04DF49E59BA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{50213206-0975-4476-A86E-D9EBF1274DCB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{540428D5-EEB9-4B68-A7FC-DE50CA523C4E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5599F106-831D-4C4E-A9B2-DA00754CB920}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{6A91C458-42FD-4920-8A38-33426E8BB1E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{6AB3C8DD-A408-470A-9144-5D55D5DA5F0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{704AA850-79FE-4320-8F16-4F66EC9A76AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{720054C8-CD86-4B38-8370-D4985961FCD0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7794C87E-108F-4C38-BBE3-E28E041F83B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{8E6FFEDD-C70A-4EFA-A3CF-BF0A3D7F439F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{8EF3557A-FBDF-4FC4-B210-1CBDEDA8F6B6}" = protocol=6 | dir=in | app=c:\users\agando\appdata\local\temp\7zs2b8f\hppiw.exe | 
"{A20CBAFF-A228-4A2C-877B-85053B309581}" = protocol=6 | dir=in | app=c:\users\agando\appdata\local\temp\7zs2b47\hpdiagnosticcoreui.exe | 
"{A57D7605-6672-4EBF-9985-3FB83E048B71}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{A65873B6-C8BE-4D25-9905-E21579BAB90D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ADADACAF-A59D-46C6-AA1A-DC77B961D969}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{AF6D7A19-BC27-404D-A356-74F62536A70E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{B3024B1E-11D1-4BAA-BF2E-CAB4030F7D43}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{B40CBFCD-B4A4-4048-9E73-70D37520D8C7}" = protocol=17 | dir=in | app=c:\users\agando\appdata\local\temp\7zs2b47\hpdiagnosticcoreui.exe | 
"{B8412BDB-5E3E-4373-94EF-6FDBDE968611}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{C077798B-4BCB-4A86-964C-6276083FEC3C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{C2D73921-5D32-414F-8C95-3DB030018EA5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{CA02959E-392C-48AD-81D3-C4F2085252C1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{CC2935C1-7128-4E61-B585-A39423D1720A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{CC35CE5D-84AD-4464-9C7B-AF8264ED06C3}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{CE705D65-6140-4B27-999D-9A9A1A30040D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{D26ADCB5-6CA8-4451-A137-076A4B7809B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D465A25A-0071-4B36-AE28-711FCDDEF232}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{D667C273-BDED-4CCC-AEE2-9FD6908B899C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{D983FCD6-A93E-4596-A95A-274FEEC44162}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E84C75C2-981C-472A-8F02-CA1C4C3640F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EA2EE508-95FC-4C0A-A0F8-AD843E4E96E7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{ED7976CD-3420-4B57-8171-9E68EB111935}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFFB031F-C77F-49CB-ACFB-382C3B6385B0}" = protocol=6 | dir=out | app=system | 
"{F05A33C4-286C-4B99-A7B3-9884FC2FBC36}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F2E6E465-76A0-45B4-8B21-E2002EC66BD9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{F7E11D32-72E1-45E5-8A1A-B8C9423B6AC1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{F80A0377-1143-4198-8E3D-67F81F19B396}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}" = WD SmartWare
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 3.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{149F9A5E-889D-474B-BA15-AFA0E614E5EA}_is1" = 100 Prozent Wimmelbild
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK-Konfigurationstool
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{62FE0726-9652-4CD2-9F09-C769D8699C21}" = TP-LINK TL-WN821N_WN822N Treiber
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AE7E90E-B406-479F-A880-CBEAD07C492C}" = WD Quick View
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91AC4ECB-8C44-47CA-833D-0769B8CD0E7E}_is1" = Mystery Stories - Expedition des Grauens
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C362EEE-BEDE-4E97-9930-8F463B95BFF0}_is1" = Mystery Stories - Das Geisterschiff
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2DC2589-C894-43DD-BA70-8FDCA7360584}" = 5600
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AllDup_is1" = AllDup 3.4.18
"Diablo III" = Diablo III
"Guild Wars 2" = Guild Wars 2
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"Magic Encyclopedia 2" = Magic Encyclopedia 2
"Magic Encyclopedia 3 - Illusionen" = Magic Encyclopedia 3 - Illusionen
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery 2" = Mystery 2
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 12.15.1748" = Opera 12.15
"Pdf995" = Pdf995
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"SpywareBlaster_is1" = SpywareBlaster 4.6
"VLC media player" = VLC media player 2.0.1
"WD Link" = WD Link
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.04.2013 12:22:16 | Computer Name = RolfPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2013 12:27:41 | Computer Name = RolfPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2013 12:54:21 | Computer Name = RolfPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avp.exe, Version: 13.0.1.4210, Zeitstempel:
 0x509157b4  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7b96f  Ausnahmecode: 0xc0000096  Fehleroffset: 0x00048665  ID des fehlerhaften Prozesses:
 0x784  Startzeit der fehlerhaften Anwendung: 0x01ce410865c69622  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 9c0beb17-acff-11e2-9581-f8d1110306fd
 
Error - 24.04.2013 12:54:21 | Computer Name = RolfPC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Kaspersky Anti-Virus wurde wegen dieses Fehlers
 geschlossen.    Programm: Kaspersky Anti-Virus  Datei:     Der Fehlerwert ist im Abschnitt
 "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.
Diese
 Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
 wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht auf die Datei
 zugreifen können und   - diese sich im Netzwerk befindet,   dann sollte der Netzwerkadministrator
 überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem 
Server hergestellt werden kann.   - diese sich auf einem Wechseldatenträger, wie z.
 B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
 in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.   Wenden Sie sich an den Administrator 
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, 
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 24.04.2013 13:33:33 | Computer Name = RolfPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avp.exe, Version: 13.0.1.4210, Zeitstempel:
 0x509157b4  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7b96f  Ausnahmecode: 0xc0000096  Fehleroffset: 0x00048665  ID des fehlerhaften Prozesses:
 0xc1c  Startzeit der fehlerhaften Anwendung: 0x01ce410c64800b0c  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 15e46f94-ad05-11e2-9581-f8d1110306fd
 
Error - 24.04.2013 13:33:33 | Computer Name = RolfPC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Kaspersky Anti-Virus wurde wegen dieses Fehlers
 geschlossen.    Programm: Kaspersky Anti-Virus  Datei:     Der Fehlerwert ist im Abschnitt
 "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.
Diese
 Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
 wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht auf die Datei
 zugreifen können und   - diese sich im Netzwerk befindet,   dann sollte der Netzwerkadministrator
 überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem 
Server hergestellt werden kann.   - diese sich auf einem Wechseldatenträger, wie z.
 B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
 in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.   Wenden Sie sich an den Administrator 
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, 
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 24.04.2013 13:52:25 | Computer Name = RolfPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avp.exe, Version: 13.0.1.4210, Zeitstempel:
 0x509157b4  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7b96f  Ausnahmecode: 0xc0000096  Fehleroffset: 0x00048665  ID des fehlerhaften Prozesses:
 0xb7c  Startzeit der fehlerhaften Anwendung: 0x01ce4111de967350  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: b89cf0df-ad07-11e2-9581-f8d1110306fd
 
Error - 24.04.2013 13:52:25 | Computer Name = RolfPC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Kaspersky Anti-Virus wurde wegen dieses Fehlers
 geschlossen.    Programm: Kaspersky Anti-Virus  Datei:     Der Fehlerwert ist im Abschnitt
 "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.
Diese
 Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
 wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht auf die Datei
 zugreifen können und   - diese sich im Netzwerk befindet,   dann sollte der Netzwerkadministrator
 überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem 
Server hergestellt werden kann.   - diese sich auf einem Wechseldatenträger, wie z.
 B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
 in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.   Wenden Sie sich an den Administrator 
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, 
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 24.04.2013 14:13:33 | Computer Name = RolfPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avp.exe, Version: 13.0.1.4210, Zeitstempel:
 0x509157b4  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7b96f  Ausnahmecode: 0xc0000096  Fehleroffset: 0x00048665  ID des fehlerhaften Prozesses:
 0x1b5c  Startzeit der fehlerhaften Anwendung: 0x01ce411482a2aa30  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: ac6457b6-ad0a-11e2-9581-f8d1110306fd
 
Error - 24.04.2013 14:13:33 | Computer Name = RolfPC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Kaspersky Anti-Virus wurde wegen dieses Fehlers
 geschlossen.    Programm: Kaspersky Anti-Virus  Datei:     Der Fehlerwert ist im Abschnitt
 "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.
Diese
 Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
 wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht auf die Datei
 zugreifen können und   - diese sich im Netzwerk befindet,   dann sollte der Netzwerkadministrator
 überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem 
Server hergestellt werden kann.   - diese sich auf einem Wechseldatenträger, wie z.
 B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
 in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.   Wenden Sie sich an den Administrator 
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, 
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
[ System Events ]
Error - 24.04.2013 12:17:47 | Computer Name = RolfPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 24.04.2013 12:19:03 | Computer Name = RolfPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 24.04.2013 12:19:26 | Computer Name = RolfPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 24.04.2013 12:19:30 | Computer Name = RolfPC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 24.04.2013 12:20:28 | Computer Name = RolfPC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 24.04.2013 12:25:53 | Computer Name = RolfPC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 24.04.2013 12:54:22 | Computer Name = RolfPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.04.2013 13:33:34 | Computer Name = RolfPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
 Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 24.04.2013 13:52:26 | Computer Name = RolfPC | Source = Service Control Manager | ID = 7034
Description = Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet. Dies
 ist bereits 3 Mal passiert.
 
Error - 24.04.2013 14:13:34 | Computer Name = RolfPC | Source = Service Control Manager | ID = 7034
Description = Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet. Dies
 ist bereits 4 Mal passiert.
 
 
< End of report >

Und Systemlook

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 20:16 on 24/04/2013 by Agando
Administrator - Elevation successful

========== filefind ==========

Searching for "*PriceGong*"
No files found.

Searching for "*Softonic*"
C:\Users\Agando\Downloads\SoftonicDownloader_fuer_teamspeak.exe	--a---- 372928 bytes	[04:46 24/09/2012]	[04:46 24/09/2012] 40BB9AB36DBFC111116147BA11F0345E

Searching for "*Freeze.com*"
No files found.

Searching for "*anonymize*"
No files found.

========== folderfind ==========

Searching for "*PriceGong*"
No folders found.

Searching for "*Softonic*"
No folders found.

Searching for "*Freeze.com*"
No folders found.

Searching for "*anonymize*"
No folders found.

========== regfind ==========

Searching for "PriceGong"
No data found.

Searching for "Softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3a491710_0]
@="{0.0.0.00000000}.{b28754c6-96f4-4745-bff3-57741208ce33}|\Device\HarddiskVolume2\Users\Agando\Downloads\SoftonicDownloader_fuer_teamspeak.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_teamspeak_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_teamspeak_RASMANCS]
[HKEY_USERS\S-1-5-21-2683148460-86017118-230150774-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\3a491710_0]
@="{0.0.0.00000000}.{b28754c6-96f4-4745-bff3-57741208ce33}|\Device\HarddiskVolume2\Users\Agando\Downloads\SoftonicDownloader_fuer_teamspeak.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "Freeze.com"
No data found.

Searching for "anonymize"
No data found.

-= EOF =-

Noch habe ich Hoffnung, dass Du immer noch nichts finden kannst. :-)

In diesem Sinne

Gruß

Roperi

M-K-D-B · 25.04.2013, 09:40

Servus,

bisher wurden nur ein paar Adware-Reste gefunden. Wir kontrollieren nochmal alles:

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Agando\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Agando\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

:files
C:\Users\Agando\Downloads\SoftonicDownloader_fuer_teamspeak.exe

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Roperi · 25.04.2013, 18:53

Guten Abend, ich entschuldige mich für die späte Antwort, aber Eset hat sehr lange gebraucht. :-)

OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
========== FILES ==========
C:\Users\Agando\Downloads\SoftonicDownloader_fuer_teamspeak.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Agando
->Temp folder emptied: 307319 bytes
->Temporary Internet Files folder emptied: 2018851 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 379538399 bytes
->Opera cache emptied: 52828128 bytes
->Flash cache emptied: 2071 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 102752 bytes
->Temporary Internet Files folder emptied: 5959 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 15942 bytes
->Flash cache emptied: 26 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 11264 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14151 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 415,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04252013_173325

Files\Folders moved on Reboot...
C:\Users\Agando\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Agando\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

MBAM:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Agando :: ROLFPC [Administrator]

25.04.2013 17:37:38
mbam-log-2013-04-25 (17-37-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 262577
Laufzeit: 3 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Esset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=23cb5eb428dd33479a1d5f8b0a100b97
# engine=13695
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-25 05:06:54
# local_time=2013-04-25 07:06:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 5500 21675936 0 0
# compatibility_mode=5893 16776573 100 94 138524 118539464 0 0
# scanned=149884
# found=0
# cleaned=0
# scan_time=4941

Security Check:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 4.6    
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.169  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox 19.0.2 Firefox out of Date!  
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Danke und bis später oder morgen, je nach dem. :-)

Gruß Roperi

M-K-D-B · 25.04.2013, 18:59

Servus,

Malware kann ich keine mehr finden.

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.

Schritt 2

Klicke auf > Hilfe > Über Firefox
Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
Klicke nun auf > Add-ons > > Auf Updates überprüfen
Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:

Schritt 3
Sofern verwendet, starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.

Schritt 4
Downloade dir bitte delfix auf deinen Desktop.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.
DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
Sollten noch Programme, die wir verwendet haben, vorhanden sein, so lösche diese bitte per Hand.

Schritt 5
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
WOT (Web of trust)
Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein paar ( englische ) Links:
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Roperi · 25.04.2013, 19:34

Hallo Matthias,

alles wie beschrieben durchgeführt. Das ständige aussteigen meines Kaspersky hat sich nicht behoben, aber wenn das System weitestgehend sauber war, dann bin ich zufrieden. :-)

Danke Dir.

Hier kann zu.

Ein Hinweis noch. Der Link für den Acrobat Reader hat mich beim ersten mal zu einem PDFRReadersetup.exe geführt, den man nur installieren kann wenn man Suchmaschine und Toolbar von denen nimmt. Akzeptiert man das nicht, kann man ihn nicht installieren.

Als ich dann erneut auf den Filepony Link geklickt habe hat es aber mit dem richtigen Adobe Reader geklappt.

Das nur zur Info. Virenscan läuft. :-) Installiert habe ich natürlich nicht. :-)

Danke für die tolle Betreuung hier.

Gruß Roperi

M-K-D-B · 26.04.2013, 09:50

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Lange Bootzeit und ständige Kaspersky 2013 Fehler

Plagegeister aller Art und deren Bekämpfung: Lange Bootzeit und ständige Kaspersky 2013 Fehler