Virenfund in Quarantäne verschoben - Wie entfernen?

Baseman · 17.06.2013, 21:09

Hallo,
mein Antivirenprogramm hat Viren gefunden, die ich dann in Quarantäne verschoben habe. Ich würde gerne wissen, wie ich diese am besten entferne. Die Logfiles habe ich erstellt.

schrauber · 17.06.2013, 21:40

Hi,

einfach aus Quarantäne löschen. Schauen wir mal weiter:

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Baseman · 17.06.2013, 22:11

hi,
ok, habe jetzt die Dateien jetzt aus der Quarantäne gelöscht.
Hier die FRST Datei:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2013 01
Ran by *** (administrator) on 17-06-2013 22:49:08
Running from C:\Users\***\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\Windows\system32\dmwu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\Opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3  [2213992 2011-05-12] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [981664 2011-10-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [799904 2011-10-01] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-30] ()
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-19] (Google Inc.)
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-14] ()
HKCU\...\Run: [Spotify Web Helper] "C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104896 2013-06-15] (Spotify Ltd)
HKCU\...\Policies\system: [disableregistrytools] 0
MountPoints2: {399c26cd-36de-11e1-8c5f-806e6f6e6963} - E:\launcher.exe
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [3331312 2011-10-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-22] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2011-03-31] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-06] (cyberlink)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe [593784 2012-10-25] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKU\Leon2\...\Run: [Spotify] "C:\Users\***\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart [4667904 2013-06-15] (Spotify Ltd)
HKU\Leon2\...\Run: [Spotify Web Helper] "C:\Users\Melnik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104896 2013-06-15] (Spotify Ltd)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Leon2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Shopping Assistant Plugin - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.8\PriceGongIE.dll (PriceGong)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.237.150.51 217.237.148.22

Chrome: 
=======
CHR HomePage: hxxp://asus.msn.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Angry Birds) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (PriceGong) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.8_0
CHR Extension: (YouTube) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SweetIM for Facebook) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0
CHR Extension: (Dislike Button for Facebook) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbnljppimpdkhccmgflleoppbaaiglhl\2.9_0
CHR Extension: (Gmail) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-10-25] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-10-25] (BlueStack Systems, Inc.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1447728 2013-05-21] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-05-05] ()
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-01] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWow64\DRIVERS\AiCharger.sys [16768 2011-09-20] (ASUSTek Computer Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-25] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-10-25] (BlueStack Systems)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 L6GX; C:\Windows\System32\Drivers\L6GX64.sys [772096 2011-11-30] (Line 6)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2011-10-16] (NVIDIA Corporation)
U3 aswMBR; \??\C:\Users\***\AppData\Local\Temp\aswMBR.sys [x]
U3 pfdiypog; \??\C:\Users\***\AppData\Local\Temp\pfdiypog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-17 22:48 - 2013-06-17 22:48 - 01926844 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-06-17 22:48 - 2013-06-17 22:48 - 00000000 ____D C:\FRST
2013-06-17 22:03 - 2013-06-17 22:03 - 00043132 ____A C:\Users\***\Desktop\logfiles.zip
2013-06-17 21:42 - 2013-06-17 21:42 - 00002136 ____A C:\Users\***\Desktop\avira bericht.txt
2013-06-17 21:22 - 2013-06-17 21:22 - 00000000 ____D C:\Users\***\AppData\Local\{AF0CC306-41B5-4701-A8D2-4A2BB7B03336}
2013-06-17 20:44 - 2013-06-17 21:21 - 00018660 ____A C:\Users\***\Desktop\gmer.txt
2013-06-17 20:04 - 2013-06-17 20:04 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-06-17 20:02 - 2013-06-17 21:13 - 00115240 ____A C:\Users\***\Desktop\Extras.Txt
2013-06-17 20:02 - 2013-06-17 21:04 - 00134856 ____A C:\Users\***\Desktop\OTL.Txt
2013-06-17 19:55 - 2013-06-17 19:55 - 00602112 ____A (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2013-06-17 19:50 - 2013-06-17 21:22 - 00000470 ____A C:\Users\***\Desktop\defogger_disable.log
2013-06-17 19:50 - 2013-06-17 19:50 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-06-17 19:50 - 2013-06-17 19:50 - 00000000 ____A C:\Users\***\defogger_reenable
2013-06-17 19:31 - 2013-06-17 19:31 - 00000000 ___SD C:\ComboFix
2013-06-17 19:31 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-17 19:31 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-17 19:31 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-17 19:31 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-17 19:31 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-17 19:31 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-17 19:31 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-17 19:31 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-17 19:30 - 2013-06-17 19:31 - 00000000 ____D C:\Qoobox
2013-06-17 19:30 - 2013-06-17 19:30 - 00000000 ____D C:\Windows\erdnt
2013-06-17 19:04 - 2013-06-17 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-17 19:04 - 2013-06-17 19:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-17 13:37 - 2013-06-17 13:37 - 00000000 ____D C:\Users\***\AppData\Local\{C482A7D5-E9CB-4311-A1A3-212D96DD188F}
2013-06-16 22:43 - 2013-06-16 22:44 - 00000000 ____D C:\Users\***\AppData\Local\{443145F1-84FD-4B1C-9392-EC6860116B85}
2013-06-16 00:44 - 2013-06-16 00:44 - 00000000 ____D C:\Users\***\Documents\rld-w4m
2013-06-16 00:41 - 2013-06-16 00:42 - 01376768 ____A C:\Users\***\Documents\7z920-x64.msi
2013-06-16 00:40 - 2013-06-16 00:40 - 02548776 ____A C:\Users\***\Documents\rld-w4m.rar
2013-06-16 00:37 - 2013-06-17 18:46 - 00000000 ____D C:\Users\***\AppData\Roaming\Ozlee
2013-06-16 00:37 - 2013-06-17 14:10 - 00000000 ____D C:\Users\***\AppData\Roaming\Waad
2013-06-16 00:37 - 2013-06-16 00:37 - 00000000 ____D C:\Users\***\AppData\Roaming\Iqtoa
2013-06-16 00:30 - 2013-06-16 00:30 - 00000000 ____D C:\Program Files (x86)\GameSpy Arcade
2013-06-16 00:25 - 2013-06-16 00:25 - 00000000 ____D C:\Program Files (x86)\Codemasters
2013-06-16 00:16 - 2013-06-16 22:43 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-06-16 00:15 - 2013-06-16 00:15 - 00001219 ____A C:\Users\***\Desktop\TeamSpeak 3 Client.lnk
2013-06-16 00:15 - 2013-06-16 00:15 - 00000000 ____D C:\Users\***\AppData\Local\TeamSpeak 3 Client
2013-06-16 00:12 - 2013-06-16 00:15 - 34954912 ____A (TeamSpeak Systems GmbH) C:\Users\Melnik\Documents\TeamSpeak3-Client-win64-3.0.10.1.exe
2013-06-15 23:43 - 2013-06-15 23:43 - 00000000 ____D C:\Users\***\AppData\Local\{8CF4D95B-1934-4B23-A046-4CE0FA0570AE}
2013-06-12 21:04 - 2013-06-12 21:04 - 00000000 ____D C:\Users\***\AppData\Local\{F5DC4DFC-E24E-4FAC-ABFF-9B98C0252EC1}
2013-06-12 18:10 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 18:10 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 18:10 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 18:10 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 18:10 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 18:10 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 18:10 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 18:10 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 18:10 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 18:10 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 18:10 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 18:10 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 18:10 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 18:10 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 18:10 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 18:10 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 18:10 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 18:10 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 18:10 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 18:10 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 18:10 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 18:10 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-12 18:10 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-12 18:10 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 18:10 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 18:10 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-12 18:10 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-12 18:10 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 18:10 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 18:10 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-12 18:10 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 18:10 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 13:58 - 2013-06-12 13:58 - 00000000 ____D C:\Users\Leon2\AppData\Local\Apple
2013-06-12 13:58 - 2013-06-12 13:58 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 13:57 - 2013-06-12 13:57 - 00000000 ____D C:\Users\Leon2\AppData\Local\Apple Computer
2013-06-12 13:42 - 2013-06-12 13:43 - 00000000 ____D C:\Users\Leon2\Desktop\Musical
2013-06-12 11:30 - 2013-06-15 23:40 - 00000000 ____D C:\Users\Leon2\AppData\Roaming\Spotify
2013-06-12 11:30 - 2013-06-15 14:08 - 00000000 ____D C:\Users\Leon2\AppData\Local\Spotify
2013-06-12 11:26 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:26 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:26 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 11:25 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:25 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:25 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:25 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:25 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 11:25 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 11:25 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 11:25 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:25 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 11:25 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 11:25 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 11:25 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 11:07 - 2013-06-12 11:07 - 00000000 ____D C:\Users\Leon2\AppData\Roaming\Fohhn Audio AG
2013-06-12 11:07 - 2013-06-12 11:07 - 00000000 ____D C:\Users\Leon2\AppData\Local\Fohhn Audio AG
2013-06-12 09:32 - 2013-06-12 09:32 - 00007634 ____A C:\Windows\DPINST.LOG
2013-06-12 09:32 - 2013-06-12 09:32 - 00002793 ____A C:\Users\Public\Desktop\Fohhn Audio Soft.lnk
2013-06-12 09:32 - 2013-06-12 09:32 - 00000000 ____D C:\Program Files\DIFX
2013-06-12 09:32 - 2013-06-12 09:32 - 00000000 ____D C:\Program Files (x86)\Fohhn Audio AG
2013-06-12 09:29 - 2013-06-12 09:29 - 00002161 ____A C:\Users\Public\Desktop\WSM.lnk
2013-06-12 09:29 - 2013-06-12 09:29 - 00000354 ____A C:\SessionVariables.txt
2013-06-12 09:29 - 2013-06-12 09:29 - 00000000 ____D C:\Windows\Wireless Systems Manager
2013-06-12 09:29 - 2013-06-12 09:29 - 00000000 ____D C:\ProgramData\Sennheiser
2013-06-12 09:29 - 2013-06-12 09:29 - 00000000 ____D C:\Program Files (x86)\Sennheiser
2013-06-12 09:28 - 2013-06-12 09:28 - 00000000 ____D C:\Users\Leon2\Desktop\WSM_Setup_3.7.9.exe
2013-06-12 09:28 - 2013-06-12 09:28 - 00000000 ____D C:\Users\Leon2\AppData\Roaming\ASUS WebStorage
2013-06-12 09:28 - 2013-05-26 15:59 - 07791101 ____A (Fohhn Audio AG) C:\Users\Leon2\Documents\Fohhn_Audio_Soft_3.4_Setup.exe
2013-06-12 09:28 - 2013-03-15 16:13 - 31147114 ____A C:\Users\Leon2\Documents\WSM_Setup_3.7.9.exe.zip
2013-06-12 09:26 - 2013-06-12 09:26 - 00000632 ____A C:\Users\Leon2\Downloads\Fohhn_Audio_Soft_3.4_Setup.htm
2013-06-11 21:14 - 2013-06-11 21:14 - 00000000 ____D C:\Users\***\AppData\Local\{5198FDAB-38B8-4FBA-8B08-D68714F55A29}
2013-06-10 20:29 - 2013-06-10 20:30 - 06958310 ____A C:\Users\***\Documents\httpd_2.4.3-netware-bin.zip
2013-06-10 20:01 - 2013-06-10 20:02 - 00000000 ____D C:\Users\***\AppData\Local\{D67056C3-65F3-42A7-A4E6-1E5D581639C7}
2013-06-09 13:34 - 2013-06-09 13:34 - 00000000 ____D C:\Users\***\AppData\Local\{B13C512C-27B9-4F4F-8A3F-431ADEFE755D}
2013-06-09 01:11 - 2013-06-09 01:11 - 00000000 ____D C:\Users\***\AppData\Local\{1F143883-9281-419E-98A1-A40EFB3FD439}
2013-06-07 22:02 - 2013-06-07 22:02 - 00000000 ____D C:\Users\***\AppData\Local\{989B30A4-6E43-4B0D-AF0B-13222C4DD1EC}
2013-06-06 22:34 - 2013-06-06 22:34 - 00082818 ____A C:\Users\***\Documents\Facharbeit.***.anonym.zip
2013-06-06 22:34 - 2013-06-06 22:34 - 00000000 ____D C:\Users\***\Documents\Facharbeit.***.anonym
2013-06-06 21:23 - 2013-06-06 21:23 - 00000000 ____D C:\Users\***\AppData\Local\{389DC924-9811-400A-8837-F137C5248BBC}
2013-06-05 23:16 - 2013-06-05 23:17 - 00000000 ____D C:\Users\***\AppData\Local\{3BABB5A3-53D8-416D-9405-98C8A3C04AA8}
2013-06-05 23:13 - 2013-06-05 23:13 - 00345040 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-04 22:57 - 2013-06-04 22:57 - 00087328 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-04 22:56 - 2013-06-17 22:17 - 00002533 ____A C:\Windows\setupact.log
2013-06-04 22:56 - 2013-06-04 22:56 - 00000000 ____A C:\Windows\setuperr.log
2013-06-04 22:11 - 2013-06-04 22:11 - 00022220 ____A C:\Users\***\Downloads\passenger_let_her_go.gp5
2013-06-04 22:11 - 2013-06-04 22:11 - 00022220 ____A C:\Users\***\Downloads\passenger_let_her_go (1).gp5
2013-06-04 20:20 - 2013-06-04 20:20 - 00000000 ____D C:\Users\***\AppData\Local\{6B51EC46-C5BF-4A6A-A45A-1BB88D054A08}
2013-06-04 15:58 - 2013-06-04 15:58 - 00000000 ____D C:\Users\***\AppData\Local\{56F408A2-13CD-4D8A-AFB9-95F32F3B5883}
2013-06-04 01:07 - 2013-06-04 01:07 - 00005732 ____A C:\Users\***\Documents\antrankk.odt
2013-06-03 22:03 - 2013-06-03 22:03 - 00000000 ____D C:\Users\***\AppData\Local\{39E1822F-9C2F-4FA4-A45C-351028912BB5}
2013-06-03 18:44 - 2013-06-11 20:37 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-06-03 18:44 - 2013-06-03 18:44 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-06-03 18:44 - 2013-06-03 18:44 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-06-03 18:44 - 2013-05-21 15:31 - 01447728 ____A C:\Windows\System32\dmwu.exe
2013-06-03 18:44 - 2013-05-21 15:30 - 00033792 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-06-03 01:52 - 2012-11-26 02:56 - 00005830 ____A C:\Users\***\Documents\Brandenburgisches Konzert 5.odt
2013-06-02 22:11 - 2013-06-17 19:09 - 00000000 _RSHD C:\Users\***\AppData\Roaming\Untrup
2013-06-02 22:11 - 2013-06-02 22:11 - 00739856 ____A (Google Inc.) C:\Users\***\AppData\Roaming\chromebrowser.exe
2013-06-02 17:45 - 2013-06-02 17:45 - 00000000 ____D C:\Users\***\AppData\Local\{F97346FD-50D3-451B-96B3-A7E07A8242B9}
2013-06-01 16:26 - 2013-06-01 16:26 - 00000000 ____D C:\Users\***\AppData\Local\{640A1562-578A-4D77-B395-7A0E1494FCDF}
2013-05-31 18:01 - 2013-05-31 18:01 - 00000000 ____D C:\Users\***\AppData\Local\{141F3F79-232B-498B-8C1F-AAC692BA9B47}
2013-05-30 00:32 - 2013-05-30 00:32 - 00000000 ____D C:\Users\***\AppData\Local\{57600DBA-750E-425E-A3E2-CA461078892D}
2013-05-28 01:00 - 2013-05-28 01:00 - 00000000 ____D C:\Users\***\AppData\Local\{2E1D644F-3EB2-4402-AA52-E7F0E4A9DF18}
2013-05-26 18:39 - 2013-05-26 18:39 - 00000000 ____D C:\Users\***\AppData\Local\{14A8E421-720C-497D-A750-4717070BCB02}
2013-05-25 17:27 - 2013-05-25 17:27 - 00000000 ____D C:\Users\***\AppData\Local\{FEC87DF9-9B9D-4F2C-9EB6-FABAAEE62AF2}
2013-05-24 13:26 - 2013-05-24 13:26 - 00000000 ____D C:\Users\***\AppData\Local\{1E4D6BB6-383B-4987-BE8C-DF74E46ED481}
2013-05-23 13:34 - 2013-05-23 13:34 - 00000000 ____D C:\Users\***\AppData\Local\{2C99FB08-301C-4BAF-B861-66767758EBE4}
2013-05-21 20:28 - 2013-05-21 20:28 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-21 20:27 - 2013-05-21 20:28 - 00000000 ____D C:\Program Files\iTunes
2013-05-21 20:27 - 2013-05-21 20:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-21 20:27 - 2013-05-21 20:27 - 00000000 ____D C:\Program Files\iPod
2013-05-21 18:35 - 2013-05-21 18:36 - 00000000 ____D C:\Users\***\AppData\Local\{A031A9E5-4681-42AE-8FEA-444E97EF7F2A}

==================== One Month Modified Files and Folders =======

2013-06-17 22:48 - 2013-06-17 22:48 - 01926844 ____A (Farbar) C:\Users\***\Desktop\FRST64.exe
2013-06-17 22:48 - 2013-06-17 22:48 - 00000000 ____D C:\FRST
2013-06-17 22:35 - 2012-09-19 21:54 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1720862353-2960868000-3540233743-1001UA.job
2013-06-17 22:17 - 2013-06-04 22:56 - 00002533 ____A C:\Windows\setupact.log
2013-06-17 22:03 - 2013-06-17 22:03 - 00043132 ____A C:\Users\***\Desktop\logfiles.zip
2013-06-17 21:53 - 2012-08-16 23:51 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 21:42 - 2013-06-17 21:42 - 00002136 ____A C:\Users\***\Desktop\avira bericht.txt
2013-06-17 21:22 - 2013-06-17 21:22 - 00000000 ____D C:\Users\***\AppData\Local\{AF0CC306-41B5-4701-A8D2-4A2BB7B03336}
2013-06-17 21:22 - 2013-06-17 19:50 - 00000470 ____A C:\Users\***\Desktop\defogger_disable.log
2013-06-17 21:21 - 2013-06-17 20:44 - 00018660 ____A C:\Users\***\Desktop\gmer.txt
2013-06-17 21:13 - 2013-06-17 20:02 - 00115240 ____A C:\Users\***\Desktop\Extras.Txt
2013-06-17 21:04 - 2013-06-17 20:02 - 00134856 ____A C:\Users\***\Desktop\OTL.Txt
2013-06-17 20:04 - 2013-06-17 20:04 - 00377856 ____A C:\Users\***\Desktop\gmer_2.1.19163.exe
2013-06-17 19:55 - 2013-06-17 19:55 - 00602112 ____A (OldTimer Tools) C:\Users\Melnik\Desktop\OTL.exe
2013-06-17 19:51 - 2012-01-04 16:02 - 01963134 ____A C:\Windows\WindowsUpdate.log
2013-06-17 19:50 - 2013-06-17 19:50 - 00050477 ____A C:\Users\***\Desktop\Defogger.exe
2013-06-17 19:50 - 2013-06-17 19:50 - 00000000 ____A C:\Users\***\defogger_reenable
2013-06-17 19:50 - 2012-01-18 20:56 - 00000000 ____D C:\users\***
2013-06-17 19:31 - 2013-06-17 19:31 - 00000000 ___SD C:\ComboFix
2013-06-17 19:31 - 2013-06-17 19:30 - 00000000 ____D C:\Qoobox
2013-06-17 19:30 - 2013-06-17 19:30 - 00000000 ____D C:\Windows\erdnt
2013-06-17 19:21 - 2013-06-17 19:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-17 19:12 - 2011-02-19 06:24 - 00708734 ____A C:\Windows\System32\perfh007.dat
2013-06-17 19:12 - 2011-02-19 06:24 - 00152080 ____A C:\Windows\System32\perfc007.dat
2013-06-17 19:12 - 2009-07-14 07:13 - 01644796 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-17 19:11 - 2012-11-14 22:33 - 00000000 ____D C:\Users\***\AppData\Local\PMB Files
2013-06-17 19:09 - 2013-06-02 22:11 - 00000000 _RSHD C:\Users\***\AppData\Roaming\Untrup
2013-06-17 19:04 - 2013-06-17 19:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-17 18:48 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-17 18:48 - 2009-07-14 06:45 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-17 18:46 - 2013-06-16 00:37 - 00000000 ____D C:\Users\***\AppData\Roaming\Ozlee
2013-06-17 18:41 - 2012-01-04 16:17 - 00045056 ____A C:\Windows\SysWOW64\acovcnt.exe
2013-06-17 18:40 - 2012-01-04 16:06 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-17 18:40 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 14:10 - 2013-06-16 00:37 - 00000000 ____D C:\Users\***\AppData\Roaming\Waad
2013-06-17 13:37 - 2013-06-17 13:37 - 00000000 ____D C:\Users\***\AppData\Local\{C482A7D5-E9CB-4311-A1A3-212D96DD188F}
2013-06-16 22:44 - 2013-06-16 22:43 - 00000000 ____D C:\Users\***\AppData\Local\{443145F1-84FD-4B1C-9392-EC6860116B85}
2013-06-16 22:43 - 2013-06-16 00:16 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2013-06-16 22:43 - 2012-11-14 22:33 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-16 21:08 - 2012-01-04 16:15 - 00002556 ____A C:\Windows\System32\AutoRunFilter.ini
2013-06-16 04:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-16 03:47 - 2012-02-13 23:16 - 00000000 ___HD C:\Users\***\AppData\Local\CrashDumps
2013-06-16 00:44 - 2013-06-16 00:44 - 00000000 ____D C:\Users\***\Documents\rld-w4m
2013-06-16 00:42 - 2013-06-16 00:41 - 01376768 ____A C:\Users\***\Documents\7z920-x64.msi
2013-06-16 00:40 - 2013-06-16 00:40 - 02548776 ____A C:\Users\***\Documents\rld-w4m.rar
2013-06-16 00:37 - 2013-06-16 00:37 - 00000000 ____D C:\Users\***\AppData\Roaming\Iqtoa
2013-06-16 00:30 - 2013-06-16 00:30 - 00000000 ____D C:\Program Files (x86)\GameSpy Arcade
2013-06-16 00:25 - 2013-06-16 00:25 - 00000000 ____D C:\Program Files (x86)\Codemasters
2013-06-16 00:25 - 2012-01-04 16:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-16 00:15 - 2013-06-16 00:15 - 00001219 ____A C:\Users\***\Desktop\TeamSpeak 3 Client.lnk
2013-06-16 00:15 - 2013-06-16 00:15 - 00000000 ____D C:\Users\***\AppData\Local\TeamSpeak 3 Client
2013-06-16 00:15 - 2013-06-16 00:12 - 34954912 ____A (TeamSpeak Systems GmbH) C:\Users\***\Documents\TeamSpeak3-Client-win64-3.0.10.1.exe
2013-06-15 23:43 - 2013-06-15 23:43 - 00000000 ____D C:\Users\***\AppData\Local\{8CF4D95B-1934-4B23-A046-4CE0FA0570AE}
2013-06-15 23:40 - 2013-06-12 11:30 - 00000000 ____D C:\Users\Leon2\AppData\Roaming\Spotify
2013-06-15 14:08 - 2013-06-12 11:30 - 00000000 ____D C:\Users\Leon2\AppData\Local\Spotify
2013-06-15 14:07 - 2013-03-03 00:55 - 00000000 ____D C:\Users\***\AppData\Roaming\Spotify
2013-06-13 17:26 - 2011-10-19 06:11 - 01622690 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-12 21:04 - 2013-06-12 21:04 - 00000000 ____D C:\Users\***\AppData\Local\{F5DC4DFC-E24E-4FAC-ABFF-9B98C0252EC1}
2013-06-12 18:09 - 2012-01-21 19:53 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 17:35 - 2012-09-19 21:54 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1720862353-2960868000-3540233743-1001Core.job
2013-06-12 13:59 - 2013-03-21 15:45 - 00000000 ____D C:\Users\Leon2\AppData\Roaming\Apple Computer
2013-06-12 13:58 - 2013-06-12 13:58 - 00000000 ____D C:\Users\Leon2\AppData\Local\Apple
2013-06-12 13:58 - 2013-06-12 13:58 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 13:57 - 2013-06-12 13:57 - 00000000 ____D C:\Users\Leon2\AppData\Local\Apple Computer
2013-06-12 13:43 - 2013-06-12 13:42 - 00000000 ____D C:\Users\Leon2\Desktop\Musical
2013-06-12 11:07 - 2013-06-12 11:07 - 00000000 ____D C:\Users\Leon2\AppData\Roaming\Fohhn Audio AG
2013-06-12 11:07 - 2013-06-12 11:07 - 00000000 ____D C:\Users\Leon2\AppData\Local\Fohhn Audio AG
2013-06-12 09:32 - 2013-06-12 09:32 - 00007634 ____A C:\Windows\DPINST.LOG
2013-06-12 09:32 - 2013-06-12 09:32 - 00002793 ____A C:\Users\Public\Desktop\Fohhn Audio Soft.lnk
2013-06-12 09:32 - 2013-06-12 09:32 - 00000000 ____D C:\Program Files\DIFX
2013-06-12 09:32 - 2013-06-12 09:32 - 00000000 ____D C:\Program Files (x86)\Fohhn Audio AG
2013-06-12 09:29 - 2013-06-12 09:29 - 00002161 ____A C:\Users\Public\Desktop\WSM.lnk
2013-06-12 09:29 - 2013-06-12 09:29 - 00000354 ____A C:\SessionVariables.txt
2013-06-12 09:29 - 2013-06-12 09:29 - 00000000 ____D C:\Windows\Wireless Systems Manager
2013-06-12 09:29 - 2013-06-12 09:29 - 00000000 ____D C:\ProgramData\Sennheiser
2013-06-12 09:29 - 2013-06-12 09:29 - 00000000 ____D C:\Program Files (x86)\Sennheiser
2013-06-12 09:28 - 2013-06-12 09:28 - 00000000 ____D C:\Users\Leon2\Desktop\WSM_Setup_3.7.9.exe
2013-06-12 09:28 - 2013-06-12 09:28 - 00000000 ____D C:\Users\Leon2\AppData\Roaming\ASUS WebStorage
2013-06-12 09:26 - 2013-06-12 09:26 - 00000632 ____A C:\Users\Leon2\Downloads\Fohhn_Audio_Soft_3.4_Setup.htm
2013-06-12 09:06 - 2013-03-21 15:45 - 00087328 ____A C:\Users\Leon2\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-11 22:53 - 2012-08-16 23:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 22:53 - 2012-01-30 14:42 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 21:14 - 2013-06-11 21:14 - 00000000 ____D C:\Users\***\AppData\Local\{5198FDAB-38B8-4FBA-8B08-D68714F55A29}
2013-06-11 20:41 - 2013-03-03 00:57 - 00000000 ____D C:\Users\***\AppData\Local\Spotify
2013-06-11 20:37 - 2013-06-03 18:44 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-06-10 20:30 - 2013-06-10 20:29 - 06958310 ____A C:\Users\***\Documents\httpd_2.4.3-netware-bin.zip
2013-06-10 20:02 - 2013-06-10 20:01 - 00000000 ____D C:\Users\***\AppData\Local\{D67056C3-65F3-42A7-A4E6-1E5D581639C7}
2013-06-09 13:43 - 2012-01-28 22:51 - 00000000 ___HD C:\Users\***\AppData\Roaming\Origin
2013-06-09 13:43 - 2012-01-28 22:51 - 00000000 ___HD C:\ProgramData\Origin
2013-06-09 13:40 - 2012-12-27 13:12 - 00000000 ____D C:\Users\***\AppData\Local\Origin
2013-06-09 13:40 - 2012-12-27 13:08 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-09 13:34 - 2013-06-09 13:34 - 00000000 ____D C:\Users\***\AppData\Local\{B13C512C-27B9-4F4F-8A3F-431ADEFE755D}
2013-06-09 01:11 - 2013-06-09 01:11 - 00000000 ____D C:\Users\***\AppData\Local\{1F143883-9281-419E-98A1-A40EFB3FD439}
2013-06-07 22:02 - 2013-06-07 22:02 - 00000000 ____D C:\Users\***\AppData\Local\{989B30A4-6E43-4B0D-AF0B-13222C4DD1EC}
2013-06-06 22:34 - 2013-06-06 22:34 - 00082818 ____A C:\Users\***\Documents\Facharbeit.TranssexualitAct.anonym.zip
2013-06-06 22:34 - 2013-06-06 22:34 - 00000000 ____D C:\Users\***\Documents\Facharbeit.TranssexualitAct.anonym
2013-06-06 21:36 - 2012-09-19 21:57 - 00002378 ____A C:\Users\***\Desktop\Google Chrome.lnk
2013-06-06 21:23 - 2013-06-06 21:23 - 00000000 ____D C:\Users\***\AppData\Local\{389DC924-9811-400A-8837-F137C5248BBC}
2013-06-05 23:17 - 2013-06-05 23:16 - 00000000 ____D C:\Users\***\AppData\Local\{3BABB5A3-53D8-416D-9405-98C8A3C04AA8}
2013-06-05 23:13 - 2013-06-05 23:13 - 00345040 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-04 22:57 - 2013-06-04 22:57 - 00087328 ____A C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-04 22:56 - 2013-06-04 22:56 - 00000000 ____A C:\Windows\setuperr.log
2013-06-04 22:34 - 2012-08-02 22:21 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-04 22:19 - 2012-07-20 12:28 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2013-06-04 22:11 - 2013-06-04 22:11 - 00022220 ____A C:\Users\***\Downloads\passenger_let_her_go.gp5
2013-06-04 22:11 - 2013-06-04 22:11 - 00022220 ____A C:\Users\***\Downloads\passenger_let_her_go (1).gp5
2013-06-04 20:20 - 2013-06-04 20:20 - 00000000 ____D C:\Users\***\AppData\Local\{6B51EC46-C5BF-4A6A-A45A-1BB88D054A08}
2013-06-04 15:58 - 2013-06-04 15:58 - 00000000 ____D C:\Users\***\AppData\Local\{56F408A2-13CD-4D8A-AFB9-95F32F3B5883}
2013-06-04 15:47 - 2012-01-04 16:15 - 00001500 ____A C:\Windows\System32\ServiceFilter.ini
2013-06-04 01:07 - 2013-06-04 01:07 - 00005732 ____A C:\Users\***\Documents\antrankk.odt
2013-06-03 22:03 - 2013-06-03 22:03 - 00000000 ____D C:\Users\***\AppData\Local\{39E1822F-9C2F-4FA4-A45C-351028912BB5}
2013-06-03 18:44 - 2013-06-03 18:44 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-06-03 18:44 - 2013-06-03 18:44 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-06-02 22:11 - 2013-06-02 22:11 - 00739856 ____A (Google Inc.) C:\Users\***\AppData\Roaming\chromebrowser.exe
2013-06-02 17:45 - 2013-06-02 17:45 - 00000000 ____D C:\Users\***\AppData\Local\{F97346FD-50D3-451B-96B3-A7E07A8242B9}
2013-06-01 17:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-01 16:26 - 2013-06-01 16:26 - 00000000 ____D C:\Users\***\AppData\Local\{640A1562-578A-4D77-B395-7A0E1494FCDF}
2013-05-31 18:01 - 2013-05-31 18:01 - 00000000 ____D C:\Users\***\AppData\Local\{141F3F79-232B-498B-8C1F-AAC692BA9B47}
2013-05-30 00:32 - 2013-05-30 00:32 - 00000000 ____D C:\Users\***\AppData\Local\{57600DBA-750E-425E-A3E2-CA461078892D}
2013-05-28 01:00 - 2013-05-28 01:00 - 00000000 ____D C:\Users\***\AppData\Local\{2E1D644F-3EB2-4402-AA52-E7F0E4A9DF18}
2013-05-26 18:39 - 2013-05-26 18:39 - 00000000 ____D C:\Users\***\AppData\Local\{14A8E421-720C-497D-A750-4717070BCB02}
2013-05-26 15:59 - 2013-06-12 09:28 - 07791101 ____A (Fohhn Audio AG) C:\Users\Leon2\Documents\Fohhn_Audio_Soft_3.4_Setup.exe
2013-05-25 17:27 - 2013-05-25 17:27 - 00000000 ____D C:\Users\***\AppData\Local\{FEC87DF9-9B9D-4F2C-9EB6-FABAAEE62AF2}
2013-05-24 13:26 - 2013-05-24 13:26 - 00000000 ____D C:\Users\***\AppData\Local\{1E4D6BB6-383B-4987-BE8C-DF74E46ED481}
2013-05-23 13:34 - 2013-05-23 13:34 - 00000000 ____D C:\Users\***\AppData\Local\{2C99FB08-301C-4BAF-B861-66767758EBE4}
2013-05-21 20:28 - 2013-05-21 20:28 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-21 20:28 - 2013-05-21 20:27 - 00000000 ____D C:\Program Files\iTunes
2013-05-21 20:28 - 2013-05-21 20:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-21 20:27 - 2013-05-21 20:27 - 00000000 ____D C:\Program Files\iPod
2013-05-21 18:36 - 2013-05-21 18:35 - 00000000 ____D C:\Users\***\AppData\Local\{A031A9E5-4681-42AE-8FEA-444E97EF7F2A}
2013-05-21 15:31 - 2013-06-03 18:44 - 01447728 ____A C:\Windows\System32\dmwu.exe
2013-05-21 15:30 - 2013-06-03 18:44 - 00033792 ____A (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\Users\***\7z920.exe
C:\Users\***\ccsetup316.exe
C:\Users\***\SkypeSetupFull560110.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 14:05

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Und die Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2013 01
Ran by *** at 2013-06-17 22:49:31 Run:
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? (Version: 15.4.5722.2)
???? ??? Windows Live (Version: 15.4.3502.0922)
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? (Version: 15.4.5722.2)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? (Version: 15.4.5722.2)
??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ASUS AI Recovery (Version: 1.0.16)
ASUS FaceLogon (Version: 1.0.0012)
ASUS LifeFrame3 (Version: 3.0.25)
ASUS Live Update (Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.45)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0034)
ASUS USB Charger Plus (Version: 2.0.4)
ASUS Virtual Camera (Version: 1.0.23)
ASUS WebStorage (Version: 3.0.108.222)
ASUS_Screensaver
ASUSDVD (Version: 10.0.3403.52)
AsusVibe2.0 (Version: 2.0.7.142)
Atheros Bluetooth Suite (64) (Version: 7.04.000.98)
ATK Package (Version: 1.0.0014)
Audacity 1.2.6
Avira Free Antivirus (Version: 12.1.9.1236)
Bing Bar (Version: 7.0.610.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.18)
CodeBlocks (Version: 10.05)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)
CyberLink LabelPrint (Version: 2.5.3624)
CyberLink Media Suite (Version: 8.0.2926)
CyberLink Power2Go (Version: 7.0.0.1126)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Die Sims™ 3 (Version: 1.47.6)
EPSON SX110 Series Printer Uninstall
ETDWare PS/2-X64 8.0.5.1_WHQL (Version: 8.0.5.1)
Fast Boot (Version: 1.0.10)
FIFA 13 (Version: 1.0.0.0)
Fohhn Audio Soft (Version: 3.4.474.0)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 27.0.1453.110)
Grand Theft Auto IV (Version: 1.0.0013.131)
Grand Theft Auto IV (Version: 1.00.0000)
IB Updater Service (Version: 3.0.5.4)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Intel(R) Processor Graphics (Version: 8.15.10.2418)
Intel(R) Rapid Storage Technology (Version: 10.1.2.1004)
Intel(R) Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Internet Explorer Toolbar 4.6 by SweetPacks (Version: 4.6.0004)
iTunes (Version: 11.0.3.42)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 33 (Version: 6.0.330)
Junk Mail filter update (Version: 15.4.3502.0922)
League of Legends (Version: 1.3)
Line 6 Uninstaller (Version: )
Live 7.0.10
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Notepad++ (Version: 6.2)
Notification Center (Version: 0.7.7.813)
Nuance PDF Reader (Version: 6.00.0041)
NVIDIA 3D Vision Driver 285.64 (Version: 285.64)
NVIDIA Control Panel 285.64 (Version: 285.64)
NVIDIA Graphics Driver 285.64 (Version: 285.64)
NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA Optimus 1.5.20 (Version: 1.5.20)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8564)
NVIDIA Update Components (Version: 1.5.20)
Oblivion (Version: 1.2.0416)
Opera 11.62 (Version: 11.62.1347)
Opera 12.15 (Version: 12.15.1748)
Origin (Version: 9.0.10.69)
Pando Media Booster (Version: 2.6.0.8)
PhotoScape
PokerStars
PriceGong 2.6.8 (Version: 2.6.8)
Qualcomm Atheros WiFi Driver Installation (Version: 9.2)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6370)
Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10008)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
RiffWorks T4 (Version: 2.2.1)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
SimCity™ (Version: 1.0.0.0)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.0 (Version: 6.0.126)
Sonic Focus (Version: 1.0.0.4)
Spotify (Version: 0.9.0.133.gd18ed589)
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? (Version: 15.4.5722.2)
Steam (Version: 1.0.0.0)
SweetIM for Messenger 3.7 (Version: 3.7.0007)
SweetPacks bundle uninstaller (Version: 1.0.0001)
SYBEX 3D Haus Design Studio
TeamSpeak 3 Client (Version: 3.0.10)
The Elder Scrolls V: Skyrim
TuxGuitar (Version: 1.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Manager for SweetPacks 1.1 (Version: 1.1.0008)
VLC media player 2.0.2 (Version: 2.0.2)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (Version: 01/18/2013 2.08.28)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (Version: 01/18/2013 2.08.28)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (Version: 15.4.5722.2)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinFlash (Version: 2.32.0)
Wireless Console 3 (Version: 3.0.24)
Wireless Systems Manager (Version: 3.7.9)
Worms 4 Mayhem (Version: 1.00.0000)

==================== Restore Points  =========================

07-06-2013 20:06:11 Windows Update
12-06-2013 07:32:07 Installed Fohhn Audio Soft.
12-06-2013 09:22:58 Windows Update
12-06-2013 16:08:53 Windows Update
13-06-2013 15:24:03 Windows Update
15-06-2013 22:42:28 Installed 7-Zip 9.20 (x64 edition)
17-06-2013 17:31:36 ComboFix created restore point

==================== Scheduled Tasks (whitelisted) =============

Task: {07078F74-CA74-4A10-86D5-A09B40D0EB99} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {0DD8B921-85B0-4FDA-98BE-1550B290099A} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {175745E1-4FD2-4CED-9960-510DFF6A3678} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {1EA7785F-8830-4958-8D32-79EEDB4F7EE7} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-09-20] (ASUSTek Computer Inc.)
Task: {26D6B8C3-297E-4D61-BFDA-DDF7E6F919F0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1720862353-2960868000-3540233743-1001Core => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {376DCFC7-95D1-4137-88B8-D79D7FD132D1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1720862353-2960868000-3540233743-1001
Task: {3D1C1007-39E4-49AB-8973-33695AD984FA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe [2009-07-14] (Microsoft Corporation)
Task: {4196A964-3CEE-421A-937D-32DCAE28A575} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4BEDA302-C9D2-42F9-9B30-F762FC02F251} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {4EAA7A52-BE60-473F-BFA9-9561056A00FE} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {52B8EF85-0206-498C-A0C6-A82ED1911C52} - System32\Tasks\{FE857A02-EF50-4D36-BBAC-A04672C2720A} => C:\program files (x86)\opera\opera.exe [2013-04-07] (Opera Software)
Task: {619B8BA6-C46C-45FE-A49C-33228A5DEF5A} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-06-01] (ASUS)
Task: {6847BEF6-3FED-4FEE-B505-602DCC68AE7D} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {6B52BF20-ED79-4D88-B8D1-E97905A5CB91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1720862353-2960868000-3540233743-1001UA => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {73CA90E6-CBED-4402-80E3-1CEE77F06645} - System32\Tasks\{6ECEEBA6-5FAA-456C-86D9-55229235C3CB} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe [2012-03-31] (Sony DADC Austria AG)
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo => C:\Windows\system32\gatherNetworkInfo.vbs [2009-06-10] ()
Task: {84109A4F-837F-4FD8-8249-D920A16B74A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {982AD80A-821B-4499-B913-6AAA1148435F} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-10-04] (ASUS)
Task: {9FEE4FD4-2DD5-4E79-9678-80C9B44340E3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {A9A5289D-5623-4092-8B36-5ED3C3DD8B0D} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1720862353-2960868000-3540233743-1001 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {BD778D69-DB73-44EB-9F16-2D2451AD19EE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {D016BC8A-39C2-406E-AAC7-9577EBB32044} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-22] (ASUS)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2013 06:40:56 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/17/2013 01:38:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5928

Error: (06/17/2013 01:38:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5928

Error: (06/17/2013 01:38:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/17/2013 01:38:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2824

Error: (06/17/2013 01:38:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2824

Error: (06/17/2013 01:38:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/17/2013 01:24:03 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/16/2013 09:08:17 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/16/2013 03:47:18 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WORMS 4 MAYHEM.EXE, Version: 1.0.0.1, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: WORMS 4 MAYHEM.EXE, Version: 1.0.0.1, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001053
ID des fehlerhaften Prozesses: 0x2d5c
Startzeit der fehlerhaften Anwendung: 0xWORMS 4 MAYHEM.EXE0
Pfad der fehlerhaften Anwendung: WORMS 4 MAYHEM.EXE1
Pfad des fehlerhaften Moduls: WORMS 4 MAYHEM.EXE2
Berichtskennung: WORMS 4 MAYHEM.EXE3


System errors:
=============
Error: (06/17/2013 07:30:23 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/17/2013 06:40:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/17/2013 01:24:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/16/2013 09:08:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/15/2013 11:37:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/15/2013 11:37:24 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (06/15/2013 02:06:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/15/2013 02:06:53 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (06/14/2013 06:13:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet: 
%%1064

Error: (06/14/2013 06:12:55 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.


Microsoft Office Sessions:
=========================
Error: (06/17/2013 06:40:56 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/17/2013 01:38:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5928

Error: (06/17/2013 01:38:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5928

Error: (06/17/2013 01:38:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/17/2013 01:38:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2824

Error: (06/17/2013 01:38:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2824

Error: (06/17/2013 01:38:02 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/17/2013 01:24:03 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/16/2013 09:08:17 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.SystemException: Cannot create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich beendet
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (06/16/2013 03:47:18 AM) (Source: Application Error)(User: )
Description: WORMS 4 MAYHEM.EXE1.0.0.100000000WORMS 4 MAYHEM.EXE1.0.0.100000000c0000005000010532d5c01ce6a1afd0b4430C:\Program Files (x86)\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXEC:\Program Files (x86)\Codemasters\Worms 4 Mayhem\WORMS 4 MAYHEM.EXEacd87562-d626-11e2-bd1c-5404a6e2b1ad


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 8100.97 MB
Available physical RAM: 5198.92 MB
Total Pagefile: 16200.13 MB
Available Pagefile: 13005.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:300.41 GB) (Free:165.93 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:373.22 GB) (Free:372.95 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 125FC5E1)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=373 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 18.06.2013, 07:01

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Baseman · 18.06.2013, 14:23

Ok, hier die combofix:

Code:

ATTFilter

ComboFix 13-06-18.02 - *** 18.06.2013  15:05:12.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8101.5689 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\***\7z920.exe
c:\users\***\AppData\Roaming\chromebrowser.exe
c:\users\***\AppData\Roaming\Love
c:\users\***\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
c:\users\***\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
c:\users\***\AppData\Roaming\Love\not_tetris_2\options.txt
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-18 bis 2013-06-18  ))))))))))))))))))))))))))))))
.
.
2013-06-18 13:11 . 2013-06-18 13:11	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-18 13:11 . 2013-06-18 13:11	--------	d-----w-	c:\users\Leon2\AppData\Local\temp
2013-06-18 13:11 . 2013-06-18 13:11	--------	d-----w-	c:\users\Julia\AppData\Local\temp
2013-06-18 13:11 . 2013-06-18 13:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-18 13:08 . 2013-06-18 13:08	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDEB3BC5-E5B2-4458-B53B-088497BA44AC}\offreg.dll
2013-06-18 12:16 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDEB3BC5-E5B2-4458-B53B-088497BA44AC}\mpengine.dll
2013-06-17 20:48 . 2013-06-17 20:48	--------	d-----w-	C:\FRST
2013-06-17 17:04 . 2013-06-17 17:21	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-17 17:04 . 2013-06-17 17:04	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-15 22:37 . 2013-06-17 16:46	--------	d-----w-	c:\users\***\AppData\Roaming\Ozlee
2013-06-15 22:37 . 2013-06-17 12:10	--------	d-----w-	c:\users\***\AppData\Roaming\Waad
2013-06-15 22:37 . 2013-06-15 22:37	--------	d-----w-	c:\users\***\AppData\Roaming\Iqtoa
2013-06-15 22:30 . 2013-06-15 22:30	--------	d-----w-	c:\program files (x86)\GameSpy Arcade
2013-06-15 22:25 . 2013-06-15 22:25	--------	d-----w-	c:\program files (x86)\Codemasters
2013-06-15 22:25 . 2004-07-15 22:20	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2013-06-15 22:25 . 2004-07-15 22:19	266240	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2013-06-15 22:25 . 2004-07-15 22:18	172032	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2013-06-15 22:25 . 2004-07-15 22:20	733184	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2013-06-15 22:25 . 2004-07-15 22:18	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2013-06-15 22:25 . 2013-06-15 22:25	180356	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2013-06-15 22:25 . 2013-06-15 22:25	303236	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2013-06-15 22:16 . 2013-06-16 20:43	--------	d-----w-	c:\users\***\AppData\Roaming\TS3Client
2013-06-15 22:15 . 2013-06-15 22:15	--------	d-----w-	c:\users\***\AppData\Local\TeamSpeak 3 Client
2013-06-12 11:58 . 2013-06-12 11:58	--------	d-----w-	c:\users\Leon2\AppData\Local\Apple
2013-06-12 11:58 . 2013-06-12 11:58	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 11:57 . 2013-06-12 11:57	--------	d-----w-	c:\users\Leon2\AppData\Local\Apple Computer
2013-06-12 09:30 . 2013-06-15 21:40	--------	d-----w-	c:\users\Leon2\AppData\Roaming\Spotify
2013-06-12 09:30 . 2013-06-15 12:08	--------	d-----w-	c:\users\Leon2\AppData\Local\Spotify
2013-06-12 09:26 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 09:26 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 09:26 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-12 09:25 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 09:25 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-06-12 09:25 . 2013-05-13 05:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 09:25 . 2013-05-13 05:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 09:25 . 2013-05-13 05:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 09:25 . 2013-05-13 05:50	52224	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 09:25 . 2013-05-13 04:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-06-12 09:25 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-12 09:25 . 2013-05-13 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-12 09:25 . 2013-05-13 03:43	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 09:25 . 2013-05-13 03:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-12 09:25 . 2013-05-13 03:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-06-12 09:07 . 2013-06-12 09:07	--------	d-----w-	c:\users\Leon2\AppData\Local\Fohhn Audio AG
2013-06-12 09:07 . 2013-06-12 09:07	--------	d-----w-	c:\users\Leon2\AppData\Roaming\Fohhn Audio AG
2013-06-12 07:32 . 2013-06-12 07:32	--------	d-----w-	c:\program files\DIFX
2013-06-12 07:32 . 2013-06-12 07:32	--------	d-----w-	c:\program files (x86)\Fohhn Audio AG
2013-06-12 07:29 . 2013-06-12 07:29	--------	d-----w-	c:\programdata\Sennheiser
2013-06-12 07:29 . 2013-06-12 07:29	--------	d-----w-	c:\windows\Wireless Systems Manager
2013-06-12 07:29 . 2013-06-12 07:29	--------	d-----w-	c:\program files (x86)\Sennheiser
2013-06-12 07:28 . 2013-06-12 07:28	--------	d-----w-	c:\users\Leon2\AppData\Roaming\ASUS WebStorage
2013-06-03 16:44 . 2013-06-03 16:44	--------	d-----w-	c:\windows\SysWow64\jmdp
2013-06-03 16:44 . 2013-06-03 16:44	--------	d-----w-	c:\windows\SysWow64\ARFC
2013-06-03 16:44 . 2013-06-11 18:37	--------	d-----w-	c:\windows\SysWow64\WNLT
2013-06-03 16:44 . 2013-05-21 13:31	1447728	----a-w-	c:\windows\system32\dmwu.exe
2013-06-03 16:44 . 2013-05-21 13:30	33792	----a-w-	c:\windows\system32\ImHttpComm.dll
2013-06-02 20:11 . 2013-06-17 17:09	--------	d-sh--r-	c:\users\***\AppData\Roaming\Untrup
2013-05-21 18:27 . 2013-05-21 18:28	--------	d-----w-	c:\program files\iTunes
2013-05-21 18:27 . 2013-05-21 18:28	--------	d-----w-	c:\program files (x86)\iTunes
2013-05-21 18:27 . 2013-05-21 18:27	--------	d-----w-	c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-18 12:58 . 2012-01-04 14:17	45056	----a-w-	c:\windows\SysWow64\acovcnt.exe
2013-06-12 16:09 . 2012-01-21 17:53	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-11 20:53 . 2012-08-16 21:51	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 20:53 . 2012-01-30 12:42	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 19:25 . 2011-03-29 01:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-05 00:39 . 2013-05-04 23:43	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-05-05 00:39 . 2013-05-04 23:43	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-05-04 23:43 . 2013-05-04 23:43	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-05-04 23:43 . 2013-05-04 23:43	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-05-02 00:06 . 2012-02-17 19:43	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-14 20:39	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 20:39	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 20:39	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 20:39	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 20:39	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 20:39	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 19:11	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-14 20:39	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-14 20:39	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-14 20:39	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2012-10-21 07:39	450472	----a-w-	c:\program files (x86)\PriceGong\2.6.8\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-14 3093624]
"Spotify Web Helper"="c:\users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-15 1104896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-19 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-06 75048]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-10-25 593784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
c:\users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
.
c:\users\Leon2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-10-19 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/04 06:19;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 L6GX;Service - Line 6 GX;c:\windows\system32\Drivers\L6GX64.sys;c:\windows\SYSNATIVE\Drivers\L6GX64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 20:53]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1720862353-2960868000-3540233743-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 19:55]
.
2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1720862353-2960868000-3540233743-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 19:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 416024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-12 2213992]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-10-01 981664]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-10-01 799904]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: line6.net
TCP: DhcpNameServer = 217.237.150.51 217.237.148.22
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Age of Empires - c:\program files (x86)\Microsoft Games\Age of Empires\Uninstal.exe
AddRemove-Age of Empires 2.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTAL.EXE
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTALX.EXE
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1720862353-2960868000-3540233743-1001\Software\SecuROM\License information*]
"datasecu"=hex:85,06,ad,49,69,1e,03,45,c2,84,30,3b,2a,9c,93,47,0b,9a,4a,67,d6,
   2d,0b,48,a2,bf,c1,5b,47,02,d9,cf,6a,70,e5,87,fc,8f,0b,eb,b6,02,98,f5,32,fe,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-18  15:13:00
ComboFix-quarantined-files.txt  2013-06-18 13:13
.
Vor Suchlauf: 12 Verzeichnis(se), 177.942.216.704 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 177.579.393.024 Bytes frei
.
- - End Of File - - 4768F3331BDD65413E541F9873AE8E73
D41D8CD98F00B204E9800998ECF8427E

schrauber · 18.06.2013, 18:24

Hi,

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Folder::
c:\users\***\AppData\Roaming\Ozlee
c:\users\***\AppData\Roaming\Waad
c:\users\***\AppData\Roaming\Iqtoa
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST Logfile. Noch Probleme?

Baseman · 18.06.2013, 22:09

Hey,
der Combofix Upload dürfte funktioniert haben, zumindest gab es keine Fehlermeldungen.
Hier die combofix:

Code:

ATTFilter

ComboFix 13-06-18.02 - *** 18.06.2013  20:16:35.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8101.5489 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\Iqtoa
c:\users\***\AppData\Roaming\Iqtoa\irnou.gay
c:\users\***\AppData\Roaming\Ozlee
c:\users\***\AppData\Roaming\Waad
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-18 bis 2013-06-18  ))))))))))))))))))))))))))))))
.
.
2013-06-18 18:20 . 2013-06-18 18:20	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-06-18 18:20 . 2013-06-18 18:20	--------	d-----w-	c:\users\Leon2\AppData\Local\temp
2013-06-18 18:20 . 2013-06-18 18:20	--------	d-----w-	c:\users\Julia\AppData\Local\temp
2013-06-18 18:20 . 2013-06-18 18:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-18 13:08 . 2013-06-18 13:08	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDEB3BC5-E5B2-4458-B53B-088497BA44AC}\offreg.dll
2013-06-18 12:16 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDEB3BC5-E5B2-4458-B53B-088497BA44AC}\mpengine.dll
2013-06-17 20:48 . 2013-06-17 20:48	--------	d-----w-	C:\FRST
2013-06-17 17:04 . 2013-06-17 17:21	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-17 17:04 . 2013-06-17 17:04	--------	d-----w-	c:\programdata\Malwarebytes
2013-06-15 22:30 . 2013-06-15 22:30	--------	d-----w-	c:\program files (x86)\GameSpy Arcade
2013-06-15 22:25 . 2013-06-15 22:25	--------	d-----w-	c:\program files (x86)\Codemasters
2013-06-15 22:25 . 2004-07-15 22:20	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2013-06-15 22:25 . 2004-07-15 22:19	266240	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2013-06-15 22:25 . 2004-07-15 22:18	172032	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2013-06-15 22:25 . 2004-07-15 22:20	733184	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2013-06-15 22:25 . 2004-07-15 22:18	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2013-06-15 22:25 . 2013-06-15 22:25	180356	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2013-06-15 22:25 . 2013-06-15 22:25	303236	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2013-06-15 22:16 . 2013-06-16 20:43	--------	d-----w-	c:\users\***\AppData\Roaming\TS3Client
2013-06-15 22:15 . 2013-06-15 22:15	--------	d-----w-	c:\users\***\AppData\Local\TeamSpeak 3 Client
2013-06-12 11:58 . 2013-06-12 11:58	--------	d-----w-	c:\users\Leon2\AppData\Local\Apple
2013-06-12 11:58 . 2013-06-12 11:58	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 11:57 . 2013-06-12 11:57	--------	d-----w-	c:\users\Leon2\AppData\Local\Apple Computer
2013-06-12 09:30 . 2013-06-15 21:40	--------	d-----w-	c:\users\Leon2\AppData\Roaming\Spotify
2013-06-12 09:30 . 2013-06-15 12:08	--------	d-----w-	c:\users\Leon2\AppData\Local\Spotify
2013-06-12 09:26 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 09:26 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 09:26 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-12 09:25 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 09:25 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-06-12 09:25 . 2013-05-13 05:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 09:25 . 2013-05-13 05:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 09:25 . 2013-05-13 05:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 09:25 . 2013-05-13 05:50	52224	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 09:25 . 2013-05-13 04:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-06-12 09:25 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-12 09:25 . 2013-05-13 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-12 09:25 . 2013-05-13 03:43	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 09:25 . 2013-05-13 03:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-12 09:25 . 2013-05-13 03:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-06-12 09:07 . 2013-06-12 09:07	--------	d-----w-	c:\users\Leon2\AppData\Local\Fohhn Audio AG
2013-06-12 09:07 . 2013-06-12 09:07	--------	d-----w-	c:\users\Leon2\AppData\Roaming\Fohhn Audio AG
2013-06-12 07:32 . 2013-06-12 07:32	--------	d-----w-	c:\program files\DIFX
2013-06-12 07:32 . 2013-06-12 07:32	--------	d-----w-	c:\program files (x86)\Fohhn Audio AG
2013-06-12 07:29 . 2013-06-12 07:29	--------	d-----w-	c:\programdata\Sennheiser
2013-06-12 07:29 . 2013-06-12 07:29	--------	d-----w-	c:\windows\Wireless Systems Manager
2013-06-12 07:29 . 2013-06-12 07:29	--------	d-----w-	c:\program files (x86)\Sennheiser
2013-06-12 07:28 . 2013-06-12 07:28	--------	d-----w-	c:\users\Leon2\AppData\Roaming\ASUS WebStorage
2013-06-03 16:44 . 2013-06-03 16:44	--------	d-----w-	c:\windows\SysWow64\jmdp
2013-06-03 16:44 . 2013-06-03 16:44	--------	d-----w-	c:\windows\SysWow64\ARFC
2013-06-03 16:44 . 2013-06-11 18:37	--------	d-----w-	c:\windows\SysWow64\WNLT
2013-06-03 16:44 . 2013-05-21 13:31	1447728	----a-w-	c:\windows\system32\dmwu.exe
2013-06-03 16:44 . 2013-05-21 13:30	33792	----a-w-	c:\windows\system32\ImHttpComm.dll
2013-06-02 20:11 . 2013-06-17 17:09	--------	d-sh--r-	c:\users\***\AppData\Roaming\Untrup
2013-05-21 18:27 . 2013-05-21 18:28	--------	d-----w-	c:\program files\iTunes
2013-05-21 18:27 . 2013-05-21 18:28	--------	d-----w-	c:\program files (x86)\iTunes
2013-05-21 18:27 . 2013-05-21 18:27	--------	d-----w-	c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-18 12:58 . 2012-01-04 14:17	45056	----a-w-	c:\windows\SysWow64\acovcnt.exe
2013-06-12 16:09 . 2012-01-21 17:53	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-11 20:53 . 2012-08-16 21:51	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 20:53 . 2012-01-30 12:42	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 19:25 . 2011-03-29 01:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-05 00:39 . 2013-05-04 23:43	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-05-05 00:39 . 2013-05-04 23:43	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-05-04 23:43 . 2013-05-04 23:43	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-05-04 23:43 . 2013-05-04 23:43	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-05-02 00:06 . 2012-02-17 19:43	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-14 20:39	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 20:39	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 20:39	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 20:39	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 20:39	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 20:39	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 19:11	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-14 20:39	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-14 20:39	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-14 20:39	3153920	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2012-10-21 07:39	450472	----a-w-	c:\program files (x86)\PriceGong\2.6.8\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03	1310040	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-14 3093624]
"Spotify Web Helper"="c:\users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-15 1104896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-10-19 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-06 75048]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-10-25 593784]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
c:\users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
.
c:\users\Leon2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-10-19 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/01/04 06:19;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 L6GX;Service - Line 6 GX;c:\windows\system32\Drivers\L6GX64.sys;c:\windows\SYSNATIVE\Drivers\L6GX64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 20:53]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1720862353-2960868000-3540233743-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 19:55]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1720862353-2960868000-3540233743-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 19:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 416024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-12 2213992]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-10-01 981664]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-10-01 799904]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: line6.net
TCP: DhcpNameServer = 217.237.150.51 217.237.148.22
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Age of Empires - c:\program files (x86)\Microsoft Games\Age of Empires\Uninstal.exe
AddRemove-Age of Empires 2.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTAL.EXE
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - c:\program files (x86)\Microsoft Games\Age of Empires II\UNINSTALX.EXE
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1720862353-2960868000-3540233743-1001\Software\SecuROM\License information*]
"datasecu"=hex:85,06,ad,49,69,1e,03,45,c2,84,30,3b,2a,9c,93,47,0b,9a,4a,67,d6,
   2d,0b,48,a2,bf,c1,5b,47,02,d9,cf,6a,70,e5,87,fc,8f,0b,eb,b6,02,98,f5,32,fe,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-18  20:21:20
ComboFix-quarantined-files.txt  2013-06-18 18:21
ComboFix2.txt  2013-06-18 13:13
.
Vor Suchlauf: 18 Verzeichnis(se), 177.789.513.728 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 177.715.372.032 Bytes frei
.
- - End Of File - - 50553AC3F24EE29602221A173AC4CDCC
D41D8CD98F00B204E9800998ECF8427E

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.303 - Datei am 18/06/2013 um 20:30:37 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : IBUpdaterService

***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\PriceGong
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Leon2\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Leon2\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\237AA359BFA99C94484AF769ACA080AD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\237AA359BFA99C94484AF769ACA080AD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.15.1748.0

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\Julia\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\Leon2\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7537 octets] - [18/06/2013 20:30:37]

########## EOF - C:\AdwCleaner[S1].txt - [7597 octets] ##########

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by *** on 18.06.2013 at 20:38:31,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\APNSTUB.EXE-967FFF60.pf



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{008FB0F3-42D8-4D3A-A18D-6530E1BBA902}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{00D148C8-BB0B-49A1-9A88-DB59D78D06AD}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{00E2FEC2-FA2B-4A87-9D80-A800D3B06C03}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{04992243-16E8-434F-9157-BD885DD8C719}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{06782068-CF82-4369-99BA-DEFF598B5E6C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0794A955-40CE-4E32-BC4C-4BDFA647CD6A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{087D61A9-FF1E-4393-9F07-2FACA89568FB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{088A728B-010F-4376-A04B-6FB0586B1AA1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{096BFCD5-794D-462A-B42A-7CC09C5290AA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0B5F426E-C00A-4079-A228-926E7BC51EFF}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0B757123-B527-45FE-B42A-C9BA0F0A2057}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0BB3D09B-5107-4CE2-8F38-8FE06202492B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0BF6A3FE-29E0-4032-868C-F32CAAB3ADE1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0D9E570E-A2D6-4025-8BCB-7D6D43D7DC9C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0DE5DDAF-E76D-4814-978A-B72CD297FAEA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0DFE2E79-3EE9-4800-A83E-2F34F7D5B867}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0E2207A0-2E6C-4E38-8CF9-C62CC7D7FBB2}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0E66752D-0A2F-4C11-9023-939D9AD67701}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0F2676DA-E2F8-486B-92EA-0C5027C0A1C9}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0F459C26-9904-46B1-9732-4A056E1D3AB4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0FD60B64-F3A7-49CB-8C6F-1C0E007E3016}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{113F8528-EDC1-4C6F-A3AD-5C5FFF737936}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{116B79C4-8D60-4CA4-B872-DFFD15DB02B1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{11B2A290-07FC-449B-8ECD-230FB9C4B279}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{11D180E6-51B7-4E01-9509-A05A7835B1C3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1258C443-CCE5-4B3D-AFE0-E320584D8F72}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{12ABD050-0A4C-4D64-83C2-5DC13991BFD4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{130904D9-2D72-43B6-A14C-5E734C4EF157}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{13BF394F-B8CA-42AC-921D-2A9F45ED6D8D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{13DF230C-1B1E-4ED1-8226-7A55AD0D87E9}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{141F3F79-232B-498B-8C1F-AAC692BA9B47}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{14A86CD6-0339-41DB-8608-7836EFBA49B0}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{14A8E421-720C-497D-A750-4717070BCB02}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{150C9D86-61CF-4180-8378-9C228501BF6F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{163CC8AD-736E-4449-B485-BF7A3688BA61}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{19A86E98-14B1-4F8C-9AC0-E6353C8A15C4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1B8F41A9-8071-4050-B1EF-70B5F804EEEE}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1D5E9433-B89B-47B7-B2D5-03D29552A279}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1E4D6BB6-383B-4987-BE8C-DF74E46ED481}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1E7670CF-FFC5-4019-98A2-9DAC9E24B010}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1F033CFD-903F-4F66-A5ED-01A10E7D5528}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1F143883-9281-419E-98A1-A40EFB3FD439}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1F330477-0DBD-4070-97AC-D0939023B0A8}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1FADB55B-A91D-4C86-9C09-4C6A87F0304C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{20866B91-8C84-41CB-9AA9-BFD65C7471D0}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{20DC9954-70F2-4422-A990-FC321B8F7DED}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{218D6A83-B29A-4960-AC9B-5B84BAEB0820}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{21B4D75F-3F21-4E33-B4B1-4B560BA124EB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{21F470B6-8ADB-4A5B-A72F-D1D91B2E4444}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2261F0C2-53AA-4AE9-A69C-33FAACD98A4E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{230DE384-C5EB-42EC-818A-7623417286EE}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{24F5831A-8964-4C16-BE4E-AFA27314B660}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{259857F1-EC7F-4A47-86E6-87127E5E6CC0}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{26BB36BD-7A70-4755-8A4A-B10C8A0BD117}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{26CD7E97-C202-405B-AF7B-7CA2C581495B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{26EBB308-BEB7-4416-8BAB-EF91979641D6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{27426D8E-4C28-484C-80E9-0D1BCCDBA3F0}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{27D2E7E4-29DE-4C70-BB30-E0905EC7DCD1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{288AC152-B7A2-40DE-B24C-C6B648E19529}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{28DC906A-A191-4815-AFFC-41C764FABF79}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2A50F324-07D0-4059-8F97-C9DE95A3FAE2}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2A5B498F-D385-4D81-B37D-198EA21CD924}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2A7F3015-67BF-4198-AB72-092773936FFA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2B00F07C-D313-4432-96B3-D9674DB0F7F2}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2B4F715D-C25A-413B-BA69-B6AECEC72070}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2C6B07A0-A925-4F1B-A11F-E14AE0A03544}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2C99FB08-301C-4BAF-B861-66767758EBE4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2CB0C029-EF19-4B51-95E7-D04F5BF0808D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2D08D493-DAAE-49FE-A9FB-4D2916A4EBFC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2E01BCF5-39C9-46E6-8709-498795C82899}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2E1D644F-3EB2-4402-AA52-E7F0E4A9DF18}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2E208715-BEFB-49F5-8A53-90859DF75D1D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2E83A4A8-4006-471D-9B34-525CC1CEC52B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2FB1563B-B48F-46BD-8426-EF5EDA44CD03}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3122DF89-6F40-4833-AD94-D93DB0425660}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{32066309-A63B-4482-AA43-0F29AAA0C445}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{32A98CA7-CFAB-4640-A854-AA6F875759FD}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{33092801-E955-4A12-9E17-A8878F6AD062}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{346CA7E0-6E68-4A60-945D-333290833AFB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{34E77B87-2F26-40BF-946C-96CF2B249926}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{34FF5E87-0758-495F-8CD7-AC9BECBD13F0}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{35F3B1B8-1C9F-45A6-87AD-6F93D71BA228}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{360E31D1-34C1-4C57-A7BD-22C0E4B1A4A6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{36F1DB4B-9038-4160-87B4-0986E4C76F13}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3728C7A2-74A0-4309-B52F-2A9CBFE6262C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{38465958-A44F-4446-A7F3-3AFFFCC72ED4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{389DC924-9811-400A-8837-F137C5248BBC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{39826462-59F9-4E55-835D-89D23B794861}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{39E1822F-9C2F-4FA4-A45C-351028912BB5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3ADA5640-565F-4935-BBA4-EB2409AB2FFC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3AEB23A3-C896-46D0-AAEA-48A8AAD9407A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3B7EDB24-B88A-4EC4-9B9A-D9197DDEB07F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3BABB5A3-53D8-416D-9405-98C8A3C04AA8}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3C4F58B0-71AE-4A9A-AD7C-FAEE8C3D162C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3CB007C3-361C-4726-A371-C9C3A2A581DD}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3D13B847-586B-4F24-8C37-AC51B0D3AD42}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3D5AEA70-85C5-4C40-97DB-4BD6F9FC69DA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3DBD5A96-D860-4D1C-8BF0-A6FFB7116C04}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4149415E-5A1D-4DD0-8366-7FA6981C62D0}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{417AF159-EE5E-4B06-8F85-69995EE6EE2A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4345C8C7-3F82-49F9-8649-3A9A00DDC22F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{443145F1-84FD-4B1C-9392-EC6860116B85}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{443D560F-FDBF-41CA-B924-67AD37594991}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{45B8CDDD-52CF-4ABA-9CF1-AFDE69DE7B87}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{45D1E2CE-F9AE-43AF-913C-407B2236E574}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{46177C62-7D3A-4CA5-9681-53A95AA541F5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{46383901-1976-4C1D-AA6F-3459CF4BC216}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{46898026-AB7B-4F0A-92A0-046725613015}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{46CD0BFC-984D-4A84-AB17-5D8731A3137A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4793668D-3C2D-4F41-A612-52C8F0B4AF89}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{486B803F-FE80-4EC0-98C0-142E569CA269}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4967C0EC-198C-466C-B920-2451C5E22BF5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{49E27F8F-5D1A-4EA7-9A44-D264294D1864}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{49FB0EF4-C91A-483E-B4C1-296A48F6E198}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4A651098-6E32-49CF-ACBD-640EBACEE5E1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4C243DA1-A9AA-484C-9124-F7EBF1F3CF5B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4CCB356B-A8FC-47A9-89AE-2E266BF066AB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4CFE9BF1-8661-4CEF-8194-9F355D12830A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4E77CE50-3E33-4929-AA22-5D84A76F53AE}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4E7ED03C-43A9-4BCA-A87B-1DF72F9D226D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{501DD4D8-3A94-4FE3-A020-709836075426}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{512CAD7E-26DF-4C11-B752-42A277C8695E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{513AA635-1774-49A5-9CF9-0C46EC0E4C3D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{516B4389-EA4C-4F56-9793-067E955274E1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5198FDAB-38B8-4FBA-8B08-D68714F55A29}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{52483F7F-6F5E-4F40-9073-0E71896EC097}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{52EE5821-5060-49E0-AA2D-21126D7D66C6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5337D30E-32F4-470E-A97D-9B581CC4FE70}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{536CE088-632F-4FF5-BE7B-AAD2F08D1B4E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{53E34E82-40CC-43AE-9125-D656387D29F3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{547D4509-A3C0-4402-8E1A-36A0133CCA8B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{54BCC9BF-E85F-4430-8AD6-BC6A3C32E6BA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{553EBC15-88AE-4566-AEAB-3F41A4481B0A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{56A1C00E-4DAC-4787-B525-0442C0A334A3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{56F408A2-13CD-4D8A-AFB9-95F32F3B5883}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{57600DBA-750E-425E-A3E2-CA461078892D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{57F5417D-A2F1-4BD2-AF7A-E2B247796513}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{58157B80-45FE-4451-BC5D-EAF0D7BC2D67}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{587A4A0D-F962-42D1-BE83-5082A37631DC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{599B618B-0B88-4259-BD3A-EE339E38948B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{59F8776F-40D3-4233-ACFD-98D178B93E1E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5AFB6826-4862-4513-8BCF-F1D546FE8343}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5B669876-23E3-4895-A6E2-3D21A295144F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5C775E3A-E998-472B-B382-F39AF2180C6C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5CEED614-5AFB-4AF9-816E-E17FE8A8E7C8}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5CF320B4-A428-4E61-8BBE-AE77EEFB5DC5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5DB025B5-F17D-46A1-A18A-A1F62EB6DE32}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5F78D74F-B236-4088-89B6-B8ACCEFEE006}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5F80B70A-56EA-4367-88A0-BD1F27AC30BA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{61DEBF63-C455-485D-88F7-6B22ABE991AF}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{62847A29-6EED-4DEB-A05D-4B0542D8C198}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{629EEA84-54D9-4B53-9CDD-F8FEB4B4B817}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6317E759-A7F1-49C0-8069-B2CA427959FC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{63767D27-9C25-4513-B19A-1FDE8AEDDAF3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{63AF8F0F-0079-4CB2-83D0-B67F7FADD5DC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{640A1562-578A-4D77-B395-7A0E1494FCDF}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6415FE0D-7994-4407-8E55-1BCF557747BE}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{65316E20-7931-4414-AE62-50D4B05EF123}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{65AE260B-9E4A-49B6-82DB-FD2D548A5449}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{65C18CCB-0761-4D12-B8B6-D5A149FEB864}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6609085D-2672-4E20-A95F-87FBE50DDEC5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{664030A4-FF35-4AF6-BCF7-7BADAF93D1B1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{67B1D649-F33B-4826-BDF2-D2F03C4F34F2}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{68626A90-E7F3-4E77-AF7B-180A4CBE776A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{68C324BB-D9A9-4BCE-8B9A-CA860B3249B4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{695E1088-713E-4AA0-9955-A8E9FAAD08F0}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{69D9965C-8D06-47C4-9027-DA2AAD0C7482}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6A44D7F6-84B9-4CF0-A6E4-732AB7D42D0E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6ABA63A5-37EA-4BC5-819B-4883BBD66885}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6B3A58FA-8385-4DCD-8880-61F08C2C9E57}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6B452F9F-A85B-46FC-9785-3DBE0A853F90}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6B51EC46-C5BF-4A6A-A45A-1BB88D054A08}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6C5B45D1-3049-4504-8C49-1507B6F52618}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6D2758F4-336A-42CB-AABA-FB29CE4FD85E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6D77623B-2D90-44E6-82D3-990EC921BE5E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6DBEBEE0-77F6-4940-96AF-444352F07A3D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6EE2B6C4-4685-486B-AC18-3B1C3B27B10F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{70690511-847E-4A1B-8FAA-8E7D55B5C94F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{715330F7-4099-45E9-ABB6-4D8E5755309B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{73507B85-2830-455B-B2DF-A168FC970F94}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{741F427F-B15A-4385-B261-AA4071130489}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{753219CD-1158-4EE0-AED8-D8B7D309C78F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{75DF81D0-B0BE-4B98-AA29-6C66E2B002FE}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7613AC0B-6B03-4B32-BE0E-777C8B502370}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{761FA855-8FB2-43C5-9511-1DF717830337}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{76512798-CBB9-4666-951D-6DF69C1606EA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{772F729A-C197-4EDB-82A2-E8BFA592176E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7779558C-87ED-4A32-AA10-BDB0EDE7A147}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7907D06B-0A58-4FB8-81A6-902999BA87DF}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{79287108-86BD-4613-AEEC-E399D8EEF8A9}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7939D723-32E0-47B4-BD25-1287CBC61326}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{79F3A7E2-58B8-40F0-B71F-66495438454F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7A4324BF-F66A-48CA-A2F6-84E4C31E3A4B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7AAC7E56-0947-4537-9DB5-9A610A2C1ACA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7BF4226C-0366-42AD-BF59-F546E7846E5A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7CC0EA6C-6DE3-4E0F-BD40-84B33699BE60}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7D36EEC3-FDE1-4707-9FF0-EC2AAFFDFEAD}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7D6F2728-F314-4558-B065-2EF5CCB90CBC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7DBC7AFE-83D8-45FB-9402-C51C0BC54C70}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7F0D0A07-37A2-4E75-80C8-8B6160EE2D0A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7F2F463F-1373-4863-B153-92EB6484CB23}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{7F797074-AC3A-4B20-BA79-A9F7B9B85428}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{80301760-FE2A-445D-96AD-6C5E7BE5C6E8}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{80D3A3D1-80F8-4599-8A08-CDBEF62066E1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{813A5860-B835-401A-8068-DA2D683AAAB6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{81E4BCCD-697B-48C4-B8A0-0462BA92C299}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{82005481-AACB-4EF9-AF0C-EAA139F5C75E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{83C587B7-48E4-450E-98D7-551F77BB6A6E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{83DD189E-7420-4B5A-B5EE-F71E786C1AAA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{84A78980-38D9-4F33-8391-76E54297BD9A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{84CFF972-7A31-4BB5-A533-4C873CEF9762}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{85C566CD-3978-4EBD-A0BD-4A5BA6702F1C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{86EC0A5D-4842-4C28-A9EE-DF54004C718A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{88F97A33-B3ED-4DB8-8895-747F0FF64016}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8A892463-0224-46A5-A1C6-E4BADE08F32D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8AA65510-BC26-4B0D-A1BD-F00435B93D59}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8AF82503-4F84-48AD-87A4-C5BC7AF25AF5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8B3C3ABC-4431-4D2B-B423-9355AA912ED9}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8B73F5A0-7A8F-4028-A247-1343E7CEEBA6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8BF57CB4-D247-4395-A28E-8EC67E39B8B4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8C2D245E-5D25-4E5B-AB7A-84965D13762E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8C6E50BA-2636-453B-9FCB-073C96ABAFC6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8C9FE12F-6376-44EC-861C-7FA57CA059DB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8CF4D95B-1934-4B23-A046-4CE0FA0570AE}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8DA92D85-FDBA-410D-BBEC-BCB9F6D748E6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8DDBC3FD-3943-4D9F-9F2A-C29CBC1A00DB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8E201999-07D7-44FD-9E67-200BBCACF369}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8EA9BD53-E442-4AC8-9459-1AADB347393E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8F11E1DD-6634-412A-A55F-B6EAB723DBBD}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8F9B8B05-641B-42E5-A919-1529E758C49C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{90826709-BE97-4F9B-A902-8D5861E537CE}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{91D182AA-1088-476B-8081-E2C3F845EF5B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{92682BD8-9926-449C-81D3-B57EBE34D43C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{92EC42CC-2E3B-46F9-A518-CF4CEFB32428}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{93398AB4-6949-4C53-BFAB-AA21776E46B0}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{93409043-3102-4C4F-9B8D-DD745C9AA92C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{95630790-5311-4290-9861-13E2442C56CB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{959A5865-D620-4A9F-9D52-6CAEB917228A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{97408A70-BEEA-4E68-80C6-F1001940F43D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{97DBB284-95D1-4895-A281-10BA8C687837}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{97F45EB2-BAF6-4D57-A80B-5F1F20918B7F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{98408ED9-B01F-4C3C-8CA4-75CAF333E036}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{989B30A4-6E43-4B0D-AF0B-13222C4DD1EC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{98A945E9-6441-4A86-A1D3-AC285DCA2F86}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{99FE61C9-146F-42E1-8791-ED842854F67C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9A4FB9BD-A7DD-41E2-838B-E60B0CFBF085}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9ADBFB13-AC1B-4F1D-A33C-A9E76D030239}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9C3F24B2-4B36-475A-8DA3-CABCD97257C7}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9C4474D0-2469-41CD-9734-019F1CE0D878}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9C524C47-83B6-4B0E-A0E0-574116502C4E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9C78838D-E8DD-4514-A5B4-256916F4E751}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9CDF4E64-4BC4-4637-B215-DDBD74F99B9D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9D501B3F-E7DC-4DE7-B848-634F47525072}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9ED61555-457C-46B9-BE81-B510FF257104}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9F75119B-1700-4762-986B-D1B87AAF03C7}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A031A9E5-4681-42AE-8FEA-444E97EF7F2A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A08F9D87-B121-494B-A4DB-DA191F2FF9BB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A38008C2-6744-435E-836E-777F7C2D236C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A3B3F8BB-759B-4386-A035-E46BB166B37E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A4527860-3D84-4124-8A75-F02B867407DD}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A6B8756B-2BD1-4C7D-A66E-8EEC89B3011B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A735BEAA-3A29-44EA-B3A8-89EC5F5BB886}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A85D6CDB-CC04-472A-9D22-C615181EAF5C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A8D07742-5065-4BB0-8790-3D13A280F242}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A9664D8E-1F56-4359-9C77-1AE20227B01D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{AB048E55-9403-47E8-8FEB-AB210E977C8B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{AC0432FA-52A7-41BB-B891-A51DC22CF432}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{AE4E6357-2CF0-4321-AA9B-E26BC131C75E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{AEB12195-1989-4AFE-A137-E8C6FF3E9F95}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{AEDD3C8D-E0C6-450D-885F-7176D8C5365A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{AF093B0B-B99D-4183-B3E0-1BC8D4C86282}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{AF0CC306-41B5-4701-A8D2-4A2BB7B03336}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{AFCD3A45-9CB1-4710-BCCC-91D22DE07349}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B13C512C-27B9-4F4F-8A3F-431ADEFE755D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B1FAF0DE-3B2D-4FB2-8854-C1CD3F70C596}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B381AB1E-1148-4BAA-B7D2-288530DA3E83}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B4696824-7BF2-4F5A-B7FA-105A358A879E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B75D5E31-7928-43C4-8A48-04161F3218B6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B7BA758C-CBCA-4D20-BB7B-47A22DD5AB09}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B7D07334-25C0-4AA8-BC2F-11A0D77318D4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B843B813-2E75-4FE9-A5E3-6A5C6777AFD1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B8B91340-C00D-4CF4-86A3-2FC7597FC393}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B92D720C-78DB-4E0E-95E0-8CFAC803558D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BAAFB2C3-C26A-4C77-B6AD-DB224A60011C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BAE2E423-DE9A-4F32-B7D8-628B4D232602}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BC124A8B-85B5-40D4-A485-7223314836B1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BC7A2987-A70C-4826-83B8-92FE64C38776}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BDF4DC22-10EF-4610-B035-7706F7153C54}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BE68021F-362C-4FF0-9F36-A500F72A0CA8}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C08205A3-96E7-4026-8A3B-D0EEEFA60AF1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C18E24A6-F646-4294-B172-6D8E350D745E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C41D3161-92F7-4ED2-B0DD-242DDC7381F9}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C444F5F4-90CA-457D-8AD7-AC73F679857C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C482A7D5-E9CB-4311-A1A3-212D96DD188F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C4FA7FED-8621-4917-A5DD-69A23E9E6291}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C87A44D8-B18F-4D01-815C-2F56FB308882}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C9F7EFFF-23CF-4710-A3CF-F2D07FD969C7}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CA05F892-A92D-422E-A36A-885054E9DF5B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CA839E2A-E683-49D7-A7E0-DB8C172D186E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CB2E54B4-3FB3-4C0A-9DE9-D687BE992E29}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CB36FE92-C907-4EC5-8458-3FB520BBEC4B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CBBC8029-75D9-49B5-A139-ABCFF38EA5E3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CBF23883-D5B2-40BB-8C37-3354E59C89C4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CC8676C7-1C77-470D-B991-38FF67471E32}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CD13AD99-0239-415E-ABEB-B1B7F41AAC82}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CD72EE1D-3573-41F9-AA36-6C48CF973136}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CDEC6D27-BEE6-4D8F-A30D-8D99D9FE2142}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CE1E6FD8-DAE8-4F3B-B079-4FCC1BB3F4B6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CECBF1AD-359C-49BF-A96E-937121D25C93}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D1500081-3014-40A2-8FF2-E4E36767F83C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D181A5F6-4559-4618-94BC-A91AEFA073DC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D23DCD54-2555-4982-90FC-1FF644D95020}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D2FE34C1-8E92-41B2-8423-69AF822B56FC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D496376E-35AD-4BBD-AFCF-FD73B152A250}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D49C71BA-11DA-4803-B3E9-8D64E103D62B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D5DF9BEB-AA17-4127-A395-7826262604CC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D67056C3-65F3-42A7-A4E6-1E5D581639C7}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D697BA05-A08E-4C55-BA25-89D79294BCC4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D6C6346A-A5A4-4CD3-B34E-ACDC3A50B106}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D6C84247-474F-4B62-AC72-F4441D86E4A9}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D7662279-8058-4239-BC30-5400AA76D261}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D7823C6F-F805-41D8-BFA5-DDBFF151C781}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D8110933-9C10-4A88-A3B7-E16FD995DE1F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D8FD447F-421D-45B9-9E8E-2D773547686F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D91EE55D-CD14-4CF2-B4AC-3F9B213F612B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DAB9217E-7F66-48DA-95E9-4AECBA8EE354}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DACDF431-A162-4406-AF98-35DA6332A8BD}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DB2CA3D0-0BB4-4CEF-B1D4-0924A0ED865E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DB8F23DA-AEA8-49F2-A89D-1B11C987BF47}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DBEECC41-E5D7-43A1-B7C2-BD3D75488D09}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DBF4479C-67DD-45AC-9E5C-0716E61001BF}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DC90080C-D1A6-4AEE-8EB8-F8E91CD8F034}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DD024BF2-A81C-400B-B0B8-7BDDE5B2C40A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DD0E81B3-97B9-4396-AE23-7F1A77A5DDBC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DD4F2CBD-E1B2-4092-80A4-36E47EA1EB5F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DD5E71E7-8241-40EA-8422-FF7DA19AD6E5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DDE4A57E-C90B-44A7-A2B6-BB3DCFBCF446}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DED7A7D5-DD06-4A7D-9FD8-0162483B8F46}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DF87CDB2-BEEC-4465-9EA8-8D760AAE4E37}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E0FE9BB1-CB57-408E-9D65-73ACBF5DA636}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E19ACF79-92FB-45C6-AC85-6F55B2E8194B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E1DA9880-13ED-4A9B-9927-EE171E08220C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E2015EEA-F3DD-4C04-BB7C-7BBD2789E8E5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E288F2D0-31F3-4F4E-A2E0-5CA24F3733EC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E2F15AD9-A99F-4703-B6CD-14183F76DB0F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E31C303A-10FD-409D-97E3-B76FDDE496F9}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E3C1F8C6-42DE-4F13-ABA5-1F6CC8D9AA02}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E47434FE-868E-4845-BF65-5E79216C0BBA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E59F56B1-E5F9-4A2B-91DF-E8E757BBCCA6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E6A94591-2F96-4043-9C44-EE53E865F01F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E7473DED-6AB0-4916-940E-BF1AFE685941}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E7E60150-43D7-499A-9412-FAD66AC6285B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E816C5A4-53D4-424E-8271-1B7609FD3FF8}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E8EEDF17-27F4-4FB3-A610-959FCE16D65C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E969F3E7-FC7E-4DAF-BD7C-B5C6B32F5C9A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{E9AA284B-6FA9-414A-BE82-40825A50C95C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{EBC62839-8151-4188-95C3-B52577FB8B49}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{EBF54ADE-EBF5-4695-888C-32A0BC99B923}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{EC7470D7-D35F-4F85-AD58-C3B0662658DB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{ECF8C48C-82DD-4B49-8BA5-57D07C025AAC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{ED75E537-0669-4611-AEAC-96EFAF6EB145}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F017C7CD-09F1-4B9D-A53E-CE8CCCD67E62}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F0450044-0ADA-4A0B-9467-D42E23DCDA35}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F137B23D-F362-4B34-901F-281F03AE2973}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F1D460ED-E3AB-4376-A4B4-AE4FB58AE6A2}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F1E8DAC4-5AFE-41ED-B1E6-62C762FCD928}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F206DCCE-9506-45F0-9708-C2F97C625411}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F25396A1-91F2-4D3F-A090-DC473BA2D719}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F2BB95D3-FB44-4B30-B667-0EA58CA91CB2}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F4347CDC-9EB9-412D-B89D-EA53603BEF6A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F45AF37E-9545-4DE5-B948-A09C5803FE17}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F52FB57B-10B2-4593-B8D5-15301B70A67C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F5333FFD-4DF5-476A-9CA0-2E0C4282B3DF}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F5403DE2-89E7-4ADF-A479-A19178D9F70E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F57A6F1E-1262-490C-83DB-0EC9E59559C0}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F5DC4DFC-E24E-4FAC-ABFF-9B98C0252EC1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F5E14A30-174C-410B-8BC9-53B5CE30FB4D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F5FC25F5-2352-4BA0-83EA-479088DE360A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F74B2742-216A-44E1-98EF-89D7252DF381}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F7AD2706-A520-47FA-8492-A0DD0DC4343A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F8500DB2-1BB0-4434-BB0A-3580B836C242}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F97346FD-50D3-451B-96B3-A7E07A8242B9}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F986186C-0850-4248-B774-A755EA0024BC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FBFE9C84-339B-4F16-A33B-9F00408AED23}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FC16FBB3-462A-4D50-A0B6-88A418330446}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FC29F214-A87E-45B3-9A67-21F8596D93CE}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FC9FD8BE-5558-4F51-8DAB-A4D4219E8A6D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FCBEEED9-2BFB-4C3B-834E-CD511DFF5023}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FDF79E26-92D6-4206-A469-B905B95A95C2}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FE323183-CF10-4FA5-92E4-C644932ED8D5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FE850BDF-4F10-40D9-8F0F-FF41D97A509C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FEC87DF9-9B9D-4F2C-9EB6-FABAAEE62AF2}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FFC7BF6A-249D-49CD-8713-EF57814AAA60}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\***\appdata\local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Successfully deleted: [Folder] C:\Users\***\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.06.2013 at 20:41:13,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=43e7409d4e8c864bafd47e5adb0fccb4
# engine=14105
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-18 08:33:45
# local_time=2013-06-18 10:33:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 29972 117354508 22760 0
# compatibility_mode=5893 16776573 100 94 6684 123217475 0 0
# scanned=242221
# found=4
# cleaned=0
# scan_time=4530
sh=62EA658CECDDB6D64A31898F45D5F72609F2EEF2 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\Leon2\AppData\Local\Opera\Opera\cache\g_0012\opr001UU.tmp"
sh=6B5AFE751E6C746E19EA8485131130BC13A3BDBD ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OPD trojan" ac=I fn="C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\9b88ee6-1d0236a8"
sh=6B5AFE751E6C746E19EA8485131130BC13A3BDBD ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OPD trojan" ac=I fn="C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\36bd492d-54f3c632"
sh=680D2CAC1B08CF11696B9319537419FA0D86D221 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OLC trojan" ac=I fn="C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\3f678c7a-4a54c0b4"

SecurityCheck funktioniert wohl nicht:

Code:

ATTFilter

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

Und das nue FRST Logfile. Ich musste das aber neu runterladen, weil das alte nicht mehr funktioniert hat.

Gruß
Baseman

schrauber · 19.06.2013, 08:17

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Noch PRobleme?

Baseman · 19.06.2013, 17:05

Ok, habe ich gemacht. Muss ich noch etwas machen?

schrauber · 19.06.2013, 19:47

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Baseman · 20.06.2013, 21:43

Alles erledigt. Vielen Dank!

schrauber · 21.06.2013, 09:07

Gern Geschehen

21.06.2013, 09:07	#12
schrauber /// the machine /// TB-Ausbilder	Virenfund in Quarantäne verschoben - Wie entfernen? Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Virenfund in Quarantäne verschoben - Wie entfernen?

Log-Analyse und Auswertung: Virenfund in Quarantäne verschoben - Wie entfernen?