| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: erneuter GVU Angriff!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.06.2013, 21:33
| #1 |
| |  erneuter GVU Angriff! Hallo zusammen, ich bin neu hier und hoffe hier Hilfe zu bekommen. Ich hatte vor ca. 1 Jahr schonmal einen GVU Trojaner, welchen ich mit dem Abgesicherten Modus und Wiederherstellung irgendwie los wurde?!. Jetzt hatte ich leider erneut das Problem, diesmal sogar mit Bild von meiner Webcam und alles. Auf den Abgesicherten Modus bin ich erst garnicht hingekommen, er ist dann immer wieder gleich runtergefahren. Mit Eingabeaufforderung ging es dann doch und ich konnte mit dem Kürzel die Wiederherstellung erreichen, was aber überhaupt nichts gebracht hat. Immer noch das blöde GVU Bild. Dann hab ich nach Anleitung von chip.de via eines zweiten PCs die Windowsunlocker Version von Kaspersky runtergeladen und konnte es so nach dieser Anleitung schaffen, dass ich das GVU autorun Bild nach hochfahren löschen konnte. Ich befürchte nur diesmal das mein System leider immer noch belastet ist und möchte das ungern nochmal durchmachen. Somal der GVU Trojaner scheinbar immer komplexer wird. Deshalb bitte ich um Hilfe um mein System sauber zu bekommen. Danke. Lg Patros1001 PS: Die Log Dateien Folgen. |
|
21.06.2013, 21:42
| #2 |
| /// TB-Ausbilder   | erneuter GVU Angriff! Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Poste alle Logdateien, die du zur Verfügung hast. Danach sehen wir weiter.  |
|
21.06.2013, 22:53
| #3 |
| | erneuter GVU Angriff! Hallo Matthias,
__________________danke das du dich meinem Problem annimmst! Gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-21 22:57:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400BEVT-80A0RT0 rev.01.01A01 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Basti\AppData\Local\Temp\pgloqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002ff3000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002ff302f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075ef1465 2 bytes [EF, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075ef14bb 2 bytes [EF, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ef1465 2 bytes [EF, 75]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ef14bb 2 bytes [EF, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4016] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007749000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4016] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007751f85a 5 bytes JMP 00000001774cd571
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ef1465 2 bytes [EF, 75]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ef14bb 2 bytes [EF, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ef1465 2 bytes [EF, 75]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ef14bb 2 bytes [EF, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2008:4028] 000007feeea29688
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows Live\Companion\sebafried91@yahoo.de@5b0c6e22da15cbf1c6ec4fda9acf8021\r\n 0x65 0x9D 0x2B 0x0F ...
---- EOF - GMER 2.1 ----
otl: Code:
ATTFilter OTL logfile created on: 21.06.2013 22:58:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Basti\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,64% Memory free 7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 69,84 Gb Free Space | 46,86% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 346,38 Gb Free Space | 81,01% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.21 21:57:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe PRC - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.05.03 14:24:46 | 000,755,080 | ---- | M] (Samsung) -- C:\Programme\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe PRC - [2013.04.23 06:48:20 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.04.23 06:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.04.23 06:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013.04.06 12:29:45 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.08.08 21:52:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.09 07:00:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 07:00:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.09 07:00:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2013.06.12 21:10:17 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.05.15 22:19:11 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013.05.15 22:18:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013.05.15 22:18:42 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll MOD - [2013.05.15 22:18:33 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013.05.15 22:18:29 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013.02.16 16:16:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.01.10 14:52:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 14:51:59 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.09 22:19:58 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.09 22:19:53 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.09 22:19:44 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 03:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.12 21:10:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.03 16:34:46 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.09 20:12:12 | 000,605,768 | ---- | M] (Copyright 2013 SAMSUNG) [Auto | Running] -- C:\Programme\Samsung\Samsung Link\Samsung Link Service.exe -- (Samsung Link Service) SRV - [2013.05.03 14:25:36 | 000,405,896 | ---- | M] (Samsung) [Auto | Running] -- C:\Programme\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS) SRV - [2012.09.19 12:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.05.09 07:00:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 07:00:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.09 07:00:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.28 04:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 03:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.05.09 07:00:07 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 07:00:07 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.06.27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.08.09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2006.12.13 13:13:00 | 000,124,856 | ---- | M] (Eutron) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eusk3usb-amd64.sys -- (eusk3usb) DRV:64bit: - [2006.12.13 13:10:00 | 000,042,816 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eusk2par-amd64.sys -- (eusk2par) DRV - [2013.04.18 12:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2012.09.19 11:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {EDCCE97D-5347-471B-B6E1-9F8A0CA542AC} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 DC DD 16 5C A2 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {EDCCE97D-5347-471B-B6E1-9F8A0CA542AC} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=120518&tt=gc_&babsrc=SP_ss&mntrId=92953E4BD6F7B3E7 IE - HKCU\..\SearchScopes\{1ECEC699-83A8-41A3-8984-FE428572C7C1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcphp?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{8144EBF8-1C93-499E-BF47-177B9057D007}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110000&babsrc=SP_ss&mntrId=9295ba85000000000000485b39e8b0a3 IE - HKCU\..\SearchScopes\{89258519-8216-478F-A05C-99A820C7128C}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms} IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://www.ask.com/web?l=dis&o=APN10234&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A8B&apn_uid=8251684443204565&p2=^A8B^YYYYYY^YY^US&q={searchTerms} IE - HKCU\..\SearchScopes\{EDCCE97D-5347-471B-B6E1-9F8A0CA542AC}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\samsung.com/AllSharePlayPCPlugin: C:\Program Files\Samsung\AllShare Play\utils\npAllSharePlayPCPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com [2013.05.08 19:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions [2012.07.11 22:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions [2012.07.11 22:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f} [2013.05.18 22:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yrdsoke5.default\extensions [2013.05.11 23:11:32 | 000,006,505 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\yrdsoke5.default\searchplugins\babylon.xml [2013.05.11 23:11:46 | 000,001,294 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\yrdsoke5.default\searchplugins\delta.xml [2013.05.27 22:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.27 22:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.05.27 22:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com [2013.05.27 22:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.27 22:47:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.05.05 17:41:03 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml [2012.05.05 18:12:33 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Samsung Link] C:\Programme\Samsung\Samsung Link\utils\Samsung Link Launcher.exe (Samsung Electronics) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [EADM] D:\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71A4FB85-D5F7-4553-BA6B-0F5DC230FCB9}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB2E411D-6F89-4A3A-A607-EB9CDD0FC578}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{83d609a8-0ee4-11e1-ab1f-485b39e8b0a3}\Shell - "" = AutoRun O33 - MountPoints2\{83d609a8-0ee4-11e1-ab1f-485b39e8b0a3}\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.21 21:57:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2013.06.19 19:34:02 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\techland [2013.06.07 00:04:51 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\The Creative Assembly [2013.05.27 22:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.27 06:44:08 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meister-Trainer [2013.05.27 06:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Meister [2013.05.27 06:43:47 | 000,294,912 | ---- | C] (rpwSoft) -- C:\Windows\Setup1.exe ========== Files - Modified Within 30 Days ========== [2013.06.21 22:44:19 | 000,000,000 | ---- | M] () -- C:\Users\Basti\defogger_reenable [2013.06.21 22:10:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.21 22:04:11 | 000,377,856 | ---- | M] () -- C:\Users\Basti\Desktop\gmer_2.1.19163.exe [2013.06.21 21:57:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2013.06.21 21:55:58 | 000,050,477 | ---- | M] () -- C:\Users\Basti\Desktop\Defogger.exe [2013.06.21 21:34:33 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.21 21:34:33 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.21 21:24:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.21 21:24:17 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys [2013.06.21 20:50:51 | 000,000,004 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\skype.ini [2013.06.21 20:46:53 | 017,371,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.21 20:46:53 | 000,735,468 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013.06.21 20:46:53 | 000,735,312 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2013.06.21 20:46:53 | 000,733,182 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013.06.21 20:46:53 | 000,730,006 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013.06.21 20:46:53 | 000,730,004 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013.06.21 20:46:53 | 000,719,004 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2013.06.21 20:46:53 | 000,714,536 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2013.06.21 20:46:53 | 000,703,792 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2013.06.21 20:46:53 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.21 20:46:53 | 000,673,490 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat [2013.06.21 20:46:53 | 000,658,508 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat [2013.06.21 20:46:53 | 000,653,752 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat [2013.06.21 20:46:53 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.21 20:46:53 | 000,646,766 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat [2013.06.21 20:46:53 | 000,596,688 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2013.06.21 20:46:53 | 000,499,310 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat [2013.06.21 20:46:53 | 000,484,586 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat [2013.06.21 20:46:53 | 000,471,450 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat [2013.06.21 20:46:53 | 000,469,230 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat [2013.06.21 20:46:53 | 000,419,388 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat [2013.06.21 20:46:53 | 000,407,794 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat [2013.06.21 20:46:53 | 000,392,220 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2013.06.21 20:46:53 | 000,382,796 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2013.06.21 20:46:53 | 000,375,118 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat [2013.06.21 20:46:53 | 000,170,082 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat [2013.06.21 20:46:53 | 000,157,422 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2013.06.21 20:46:53 | 000,154,698 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013.06.21 20:46:53 | 000,152,014 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013.06.21 20:46:53 | 000,151,986 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2013.06.21 20:46:53 | 000,149,578 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2013.06.21 20:46:53 | 000,148,390 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013.06.21 20:46:53 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.21 20:46:53 | 000,146,578 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2013.06.21 20:46:53 | 000,145,886 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013.06.21 20:46:53 | 000,141,572 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat [2013.06.21 20:46:53 | 000,140,194 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat [2013.06.21 20:46:53 | 000,138,976 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat [2013.06.21 20:46:53 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat [2013.06.21 20:46:53 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.21 20:46:53 | 000,119,580 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat [2013.06.21 20:46:53 | 000,119,152 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat [2013.06.21 20:46:53 | 000,114,238 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2013.06.21 20:46:53 | 000,110,090 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2013.06.21 20:46:53 | 000,100,230 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat [2013.06.21 20:46:53 | 000,097,570 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat [2013.06.21 20:46:53 | 000,094,380 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat [2013.06.21 20:46:53 | 000,093,888 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat [2013.06.21 20:46:53 | 000,083,998 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2013.05.27 06:45:00 | 000,294,912 | ---- | M] (rpwSoft) -- C:\Windows\Setup1.exe ========== Files Created - No Company Name ========== [2013.06.21 22:44:19 | 000,000,000 | ---- | C] () -- C:\Users\Basti\defogger_reenable [2013.06.21 22:04:11 | 000,377,856 | ---- | C] () -- C:\Users\Basti\Desktop\gmer_2.1.19163.exe [2013.06.21 21:55:58 | 000,050,477 | ---- | C] () -- C:\Users\Basti\Desktop\Defogger.exe [2013.06.20 18:42:26 | 000,000,004 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\skype.ini [2013.05.17 23:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI [2013.05.04 13:27:28 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.05.04 13:27:28 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.04.19 16:38:54 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll [2013.04.19 16:37:54 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll [2013.04.15 18:53:12 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll [2013.04.15 18:53:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll [2013.04.15 18:52:44 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll [2013.04.15 18:52:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll [2013.04.15 18:52:40 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll [2013.04.15 18:52:24 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.07.09 23:20:37 | 000,000,839 | ---- | C] () -- C:\Windows\wininit.ini [2012.07.09 20:20:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.04.19 21:49:45 | 017,032,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.12 20:48:12 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\LCNIMP6.DLL [2012.02.12 20:43:20 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys [2012.02.12 20:43:12 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\c1sizerppg.dll [2012.02.02 19:44:09 | 000,032,529 | ---- | C] () -- C:\Users\Basti\rift_gamecard_30_days_89235554_Q4SKHBGD.jpg [2012.01.11 20:50:11 | 000,059,904 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\skype.dat [2011.11.14 19:17:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.07 22:57:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\.mono [2012.12.30 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Audacity [2013.03.11 20:53:13 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Awesomium [2013.05.18 22:40:03 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\BabSolution [2012.06.04 22:38:24 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Canon [2012.07.09 22:45:56 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DAEMON Tools Lite [2013.01.03 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoft [2012.08.29 21:28:33 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Epweod [2012.05.05 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\eType [2013.06.20 18:52:03 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICQ [2011.11.29 18:53:17 | 000,000,000 | RHSD | M] -- C:\Users\Basti\AppData\Roaming\InstallDir [2012.08.30 20:03:42 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ivoqq [2012.08.31 06:53:37 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Kubas [2012.12.30 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\OpenCandy [2011.11.14 19:35:28 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Opera [2013.06.13 22:04:27 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Origin [2013.03.07 22:22:57 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Pokémon Trading Card Game Online [2013.05.18 22:28:09 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\RIFT [2013.05.04 13:24:56 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Samsung [2012.10.26 18:07:21 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Sports Interactive [2012.09.13 15:02:08 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Systweak [2013.01.21 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TeamViewer [2013.06.07 00:04:51 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\The Creative Assembly [2012.07.09 22:45:51 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TS3Client [2012.03.28 19:42:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ts3overlay [2012.11.30 21:29:49 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TuneUp Software [2011.11.29 19:33:25 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ubisoft [2012.02.25 14:41:19 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Unity [2012.09.04 12:20:55 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\uTorrent [2012.04.05 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Extras: Code:
ATTFilter OTL Extras logfile created on: 21.06.2013 22:58:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Basti\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,64% Memory free
7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 69,84 Gb Free Space | 46,86% Space Free | Partition Type: NTFS
Drive D: | 427,59 Gb Total Space | 346,38 Gb Free Space | 81,01% Space Free | Partition Type: NTFS
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F0EA29-9510-4CA2-8382-9CD823CA1514}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{02DB26D9-5E3D-40F2-8628-BA263E2A14F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{15784D43-2D99-474D-A58F-70F67BEECAF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{2068548F-E532-4857-A5C3-8419C4A34AC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{326F3941-637B-4175-818F-7B578D366336}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{355D832D-C922-4BDF-84CE-87AC4D057A93}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{36A754C3-55D8-4F9A-BC48-455AD0068EB2}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{47C306F7-BAFC-4688-B9B7-3BB11480328C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{526FF5A6-E03A-4565-8D07-56599CEEC6BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54A5E772-7EA7-4C06-84CB-D4B2F255539B}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{5802DD25-4C88-47AC-A1D0-3D2842E4A41E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A897827-F6AC-4ABB-ABD6-61D3E6CB2E73}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{6CC5ABA7-BD1B-44DC-A116-F0C5F44163F0}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{6D08A87D-32A6-49E7-A99C-4BD7B8272CDF}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{6F6AB699-F242-481D-B11C-4386AAE45460}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{79C3BA46-AD5F-4DD8-9CFD-12330675CFE0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7CB8FFC2-EAA9-4753-82E5-786BC5F9D8B6}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{7D703E36-6015-4242-AC25-68D3742C15FB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{830A121B-683A-4352-BBC1-6922ED36A465}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{8AA3A1F8-70ED-4C76-816D-C2387A7304BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{983A55EF-4C69-4DDD-AFA0-3D7A8DA57136}" = lport=10243 | protocol=6 | dir=in | app=system |
"{98FAA00E-0587-4AD5-BF5F-A4642E16565D}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{A3B521D6-6923-4566-94B7-5151142CD3D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{A71A766C-57F3-462A-8C5A-B2F395B2F215}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AEF8E0B1-8928-4860-9824-AC75D77FA557}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8D22E9F-F447-451A-8F4A-A5B658DD80DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C064C3DB-DBCF-4643-A053-EED4B284583A}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{C2F882FA-4B38-4436-B85B-482F1EAAD9D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CBEC543C-C9EB-442C-9251-3B652A3DD92E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D078CBFF-6B1B-4709-999A-7BCD7EA7CAB8}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{D2C983A4-296E-4BC7-B9EE-36D523450329}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{D5972AE7-8AC2-4BBE-995D-85321D75ACB6}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{D6D967AC-531E-4B94-8804-7631934B8489}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{D71E4286-536E-41A5-B2D5-03E768EEA175}" = lport=137 | protocol=17 | dir=in | app=system |
"{D743EA0F-C136-4ADA-9720-E4E35CB4F40D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECEC916C-E69F-41B9-8EC1-D68C1C3ADA4E}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE14011A-0715-4121-93D6-D0037BC97B9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EEAC7889-DE8D-4E43-861F-5BB6DD9994A9}" = lport=139 | protocol=6 | dir=in | app=system |
"{EF27124B-06C0-43FF-AE78-381931831D48}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{F1CC925D-5B99-41A9-A5CD-8AC8DC89C58E}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{F4A26989-82B2-4CB1-AB5D-737B3682ADC5}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{F91CD776-0D39-461D-976A-42FD1E2AF376}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053DF62B-EC37-49DE-A760-442DAB2F04F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06D74078-3FD4-4FAB-B9B2-B9B3FE70B0BB}" = dir=in | app=c:\users\basti\appdata\local\microsoft\skydrive\skydrive.exe |
"{0D8FD0CA-E603-44E5-87BA-D980BDAACED8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0EB67770-FE02-4A60-9CF0-D0AC90719937}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1A8B66DA-7FEE-4744-BFEA-C6F2F5142197}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{200B203B-1AE0-4CA8-95BB-233D728D2BEF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe |
"{212A55B1-8751-44FE-8914-99FC9CD089E3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{22156B6D-76FB-46A2-9826-EB7622F3A83A}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{318F3DDC-5981-46AD-8183-E61E3368C837}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\rocksmith\rocksmith.exe |
"{381A89D6-F878-4CD3-8976-FDCDF5D68D08}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{3CD7EC67-7C06-4E08-8453-491315FCAE35}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{3E964430-6C7C-4E8D-85FB-007B45471C95}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3FB0005E-D477-4729-BEE9-CCE967914582}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe |
"{409B6526-CB6E-43F8-BC94-3CFD77B49439}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{4D53CF9D-1A82-46E6-9481-37295D0C9887}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E9777CE-0A94-4CE9-A1B8-149D1117AE84}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{4FAE43CA-B470-4AD5-BEA6-E419476100E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{539B7E34-93C5-4C36-8E60-F37B5D816975}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\rocksmith\rocksmith.exe |
"{58CCA3B6-8ADF-4D8B-8815-3F7F97CAAD1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B216E94-4B1A-4DA5-9310-D99FFF94B327}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{631E5A75-4282-4F39-A218-429E2AD99314}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{635C1FBE-2EE0-44AF-9FB6-649001F64A20}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{6A9916DF-0D74-4E29-821E-1DFA1D67FE1B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{80FD4542-6BA3-466F-875D-9E6A59422A2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83964453-05DC-4E97-B0FB-EFCCC1786C03}" = protocol=6 | dir=out | app=system |
"{88725923-1B49-4270-8A36-9CAE7CBA2195}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C2C335D-E484-4454-9C78-93D34E92671E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FBEA6EC-DF63-4052-BB76-FAFC32D2FC29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9446C022-AB19-4358-807D-077500B27B01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{945DBD58-489F-48A1-A512-6A64CD8CC04F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{961D3570-B770-43C6-8975-A1A3E70F3D4B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe |
"{96867691-CDB2-4EFE-BF91-8C1E4BA2CBB5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{9A576023-0A25-42E8-A0A1-22327DD9063A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9E599731-4FB4-4A82-A07A-0A8C52DF1597}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe |
"{A33E2E6E-335E-4E88-B1C0-C43C5D67F226}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe |
"{A645803C-63D4-4BAF-9266-89736561AEB4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{AE6A74AE-5B04-4BEA-B5C1-B6674395F8CF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe |
"{B1D058C0-69AA-43EE-A045-9C61C47BE12B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{B31E57E3-B793-43CC-9C14-6819B7963E7F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B44D7052-2BC9-4DCA-9A48-AD2A3313402C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{B824FFB1-0800-41AA-863A-FE80216C9C0E}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{BEC7A533-5244-473B-8053-71D0D43F0658}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C34ADF70-5ECB-4B40-92F9-5D60FF9E4CF9}" = protocol=58 | dir=in | app=system |
"{C8F642A1-BC45-4482-B6FB-D9D0AB5BF721}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9227157-9F7F-498D-9A53-9ED6987281C9}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{D3094B04-D60D-4D7E-98EB-B8A9FF4DFC1F}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{D75EE4E1-7E6D-401C-8B42-E44D4CD50F46}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E50B5288-B57A-4A57-99C2-B323E38002D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7E0B179-5592-488B-84A8-67AD21C77A1E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{EF96C670-F0C1-44FA-BF72-69F617E87C8A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{EFF7E4B4-D33A-49A8-847D-8FAD675FF8F2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{F17331D5-BD70-4B47-B115-BFB3A91CD8A8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{FB991AB3-1D6E-443D-AECB-322B05219B72}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"TCP Query User{A06DD0BA-C5B3-4523-8030-58D9916EC636}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{C3AD5C19-9C06-44C3-A3DD-8122D47CFA4C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{CDA60A4F-5E6B-4523-9A5B-2B74B24A9269}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"UDP Query User{070D247C-2BAF-4F16-85BB-FA87BC84668D}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{9D24AAFF-712A-4007-A518-FF9A140AB370}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{BC37443F-608A-41DF-BCC8-73C51B575769}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BA8381A-F47A-0A1A-8CDC-9EED42CBF73A}" = AMD Media Foundation Decoders
"{328EAC95-9299-BF47-BDBE-83F94AE07D71}" = AMD Drag and Drop Transcoding
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A762DDE6-D6AC-ECDC-DFBE-E35A0FCFB0AD}" = AMD Fuel
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5CFDA3B-64EC-21EE-6652-0E9AFC41FF8F}" = ccc-utility64
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FC655E43-0E90-4FAC-AF88-7CF8635C6ADC}" = AllShare Framework DMS
"8474-7877-9059-0204" = Samsung Link 1.5.0.1305092012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B9D184-F3C5-48B2-6DBA-56D5DCD85E97}" = CCC Help Chinese Traditional
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{062BC4B4-891A-C58D-B335-7A6358BB438C}" = CCC Help English
"{0E4545D7-2B4B-1EF1-505E-1B9E512980F1}" = CCC Help Portuguese
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{15DA32B6-4726-AABE-E3BD-761DA0DE4132}" = CCC Help Norwegian
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2764C49D-4BFD-A240-F64D-E11AF855C714}" = CCC Help Swedish
"{29E21CFC-5DEE-6441-AD4A-C15655BFC146}" = CCC Help Chinese Standard
"{2C03DD9D-D28B-9D33-22DA-AB1C007B8412}" = CCC Help Spanish
"{2DE1BCDB-48F7-723F-1DF0-FAB7B4184CE4}" = CCC Help Danish
"{2FF505C2-318E-7B51-FA77-51B9E6F0677D}" = CCC Help Czech
"{30E02033-8A23-ABF8-474C-1CD0C7504659}" = CCC Help French
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{43BAB72A-5430-FD3B-ADBD-02105E4AEE03}" = CCC Help Thai
"{492B292A-8A5E-EE0D-5EAA-B303CCB1F14D}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B487EAF-EC47-EDEF-599B-CA45F17DD5D0}" = Catalyst Control Center Graphics Previews Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{59FB5F5C-B127-D725-72CF-D8ECEF40163D}" = CCC Help Finnish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFCEE0F-17DA-93D0-65EE-C280DA539FFD}" = CCC Help Korean
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{78482808-3AE8-5650-52AD-2E73D0C6BB43}" = Catalyst Control Center Localization All
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A60C5BE1-9644-01E7-5E8A-5F0318D268C6}" = AMD VISION Engine Control Center
"{A9674831-B5FC-32DA-D7F7-067DB3FC36C8}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B24A294A-5BA2-E73D-2064-80BB7A940102}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BECC92A2-F74A-9003-214D-7F2B059B61D1}" = CCC Help Turkish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1953F1B-F323-B5BC-4513-BC82EFED21DD}" = CCC Help Dutch
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{DDB9AF26-1CA1-99F6-A3E5-3D76D6D45BE7}" = CCC Help Greek
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA217A-9661-02A8-E259-A2702CBD8C40}" = CCC Help German
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EBD2E918-2C91-A25B-DFA8-E9E96673061D}" = CCC Help Russian
"{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F950EC87-8370-F6BC-4996-1C2A0B486E5F}" = CCC Help Hungarian
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DomaIQ Uninstaller" = DomaIQ
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FormatFactory" = FormatFactory 3.0.1
"Free Audio Converter_is1" = Free Audio Converter version 5.0.21.1212
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"ST6UNST #1" = Meister-Trainer
"ST6UNST #2" = Meister-Trainer (C:\Program Files (x86)\Meister\)
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 205190" = Rocksmith
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kies Air Discovery Service" = Kies Air Discovery Service
"MyFreeCodec" = MyFreeCodec
"RIFT" = RIFT
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.06.2013 14:24:46 | Computer Name = Basti-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .
Error - 21.06.2013 14:31:54 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description =
Error - 21.06.2013 14:31:54 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description =
Error - 21.06.2013 14:32:26 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.06.2013 14:39:04 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description =
Error - 21.06.2013 14:39:04 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description =
Error - 21.06.2013 14:39:22 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.06.2013 15:24:28 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description =
Error - 21.06.2013 15:24:28 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description =
Error - 21.06.2013 15:24:54 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr CSC DfsC discache eusk2par NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt
Wanarpv6
WfpLwf
ws2ifsl
Error - 21.06.2013 14:23:55 | Computer Name = Basti-PC | Source = DCOM | ID = 10005
Description =
Error - 21.06.2013 14:35:36 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error - 21.06.2013 14:38:30 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243
< End of report >
|
|
22.06.2013, 10:17
| #4 |
| /// TB-Ausbilder | erneuter GVU Angriff! Servus, Schritt 1 Scan mit Combofix
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte poste mit deiner nächsten Antwort
|
|
22.06.2013, 21:33
| #5 |
| | erneuter GVU Angriff! moin moin, ich kann jetzt bei Avira den Browserschutz nicht mehr auf aktiv stellen? combofix: Code:
ATTFilter ComboFix 13-06-22.01 - Basti 22.06.2013 11:55:12.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.2177 [GMT 2:00]
ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\go_0molg.pad
c:\users\Basti\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\users\Basti\AppData\Roaming\Epweod
c:\users\Basti\AppData\Roaming\Epweod\axex.yvi
c:\users\Basti\AppData\Roaming\InstallDir
c:\users\Basti\AppData\Roaming\Microsoft\Windows\ujTwPP.dat
c:\users\Basti\AppData\Roaming\skype.dat
c:\users\Public\sdelevURL.tmp
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-22 bis 2013-06-22 ))))))))))))))))))))))))))))))
.
.
2013-06-22 10:05 . 2013-06-22 10:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-21 20:35 . 2013-06-22 09:45 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2019EB60-C73B-4D64-9D7B-46D9276F7A6B}\offreg.dll
2013-06-21 18:47 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2019EB60-C73B-4D64-9D7B-46D9276F7A6B}\mpengine.dll
2013-06-19 17:34 . 2013-06-19 17:34 -------- d-----w- c:\users\Basti\AppData\Local\techland
2013-06-12 19:36 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 18:50 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 18:49 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 18:49 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-06 22:04 . 2013-06-06 22:04 -------- d-----w- c:\users\Basti\AppData\Roaming\The Creative Assembly
2013-05-27 04:44 . 2013-05-27 04:45 -------- d-----w- c:\program files (x86)\Meister
2013-05-27 04:43 . 2013-05-27 04:45 294912 ------w- c:\windows\Setup1.exe
2013-05-27 04:43 . 2013-05-27 04:44 74752 ----a-w- c:\windows\ST6UNST.EXE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 19:36 . 2011-12-27 17:20 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 19:10 . 2012-06-16 11:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 19:10 . 2011-11-14 17:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 16:04 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 11:12 . 2013-05-01 11:12 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 11:12 . 2013-05-01 11:12 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-01 11:12 . 2013-05-01 11:12 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-01 11:12 . 2013-05-01 11:12 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-01 11:12 . 2013-05-01 11:12 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-01 11:12 . 2013-05-01 11:12 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-01 11:12 . 2013-05-01 11:12 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-01 11:12 . 2013-05-01 11:12 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-01 11:12 . 2013-05-01 11:12 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-01 11:12 . 2013-05-01 11:12 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-01 11:12 . 2013-05-01 11:12 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 11:12 . 2013-05-01 11:12 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-01 11:12 . 2013-05-01 11:12 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 11:12 . 2013-05-01 11:12 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-01 11:12 . 2013-05-01 11:12 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-01 11:12 . 2013-05-01 11:12 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-01 11:12 . 2013-05-01 11:12 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 11:12 . 2013-05-01 11:12 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-01 11:12 . 2013-05-01 11:12 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-01 11:12 . 2013-05-01 11:12 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-01 11:12 . 2013-05-01 11:12 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-01 11:12 . 2013-05-01 11:12 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-01 11:12 . 2013-05-01 11:12 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-01 11:12 . 2013-05-01 11:12 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-01 11:12 . 2013-05-01 11:12 441856 ----a-w- c:\windows\system32\html.iec
2013-05-01 11:12 . 2013-05-01 11:12 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-01 11:12 . 2013-05-01 11:12 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-01 11:12 . 2013-05-01 11:12 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-01 11:12 . 2013-05-01 11:12 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-01 11:12 . 2013-05-01 11:12 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-01 11:12 . 2013-05-01 11:12 235008 ----a-w- c:\windows\system32\url.dll
2013-05-01 11:12 . 2013-05-01 11:12 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-01 11:12 . 2013-05-01 11:12 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-01 11:12 . 2013-05-01 11:12 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-01 11:12 . 2013-05-01 11:12 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-01 11:12 . 2013-05-01 11:12 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-01 11:12 . 2013-05-01 11:12 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-01 11:12 . 2013-05-01 11:12 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-01 11:12 . 2013-05-01 11:12 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-01 11:12 . 2013-05-01 11:12 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-01 11:12 . 2013-05-01 11:12 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-01 11:12 . 2013-05-01 11:12 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-01 11:12 . 2013-05-01 11:12 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-01 11:12 . 2013-05-01 11:12 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-01 11:12 . 2013-05-01 11:12 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-01 11:12 . 2013-05-01 11:12 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 11:12 . 2013-05-01 11:12 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-01 11:12 . 2013-05-01 11:12 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-01 11:12 . 2013-05-01 11:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-19 14:38 . 2013-04-19 14:38 25600 ----a-w- c:\windows\SysWow64\MediaDB.dll
2013-04-19 14:37 . 2013-04-19 14:37 704000 ----a-w- c:\windows\SysWow64\ContentDirectoryPresenter.dll
2013-04-18 10:09 . 2013-05-04 11:27 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys
2013-04-18 10:09 . 2013-05-04 11:27 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe
2013-04-15 16:53 . 2013-04-15 16:53 46592 ----a-w- c:\windows\SysWow64\boost_thread-vc90-mt-1_47.dll
2013-04-15 16:53 . 2013-04-15 16:53 38912 ----a-w- c:\windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 227840 ----a-w- c:\windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 704000 ----a-w- c:\windows\SysWow64\boost_regex-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 12800 ----a-w- c:\windows\SysWow64\boost_system-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 130048 ----a-w- c:\windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 918016 ----a-w- c:\windows\system32\boost_regex-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 158720 ----a-w- c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 58880 ----a-w- c:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 49152 ----a-w- c:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 299520 ----a-w- c:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 16896 ----a-w- c:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-04-13 05:49 . 2013-05-15 16:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 16:54 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 16:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 16:54 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 16:54 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 16:54 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 17:26 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 16:54 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 16:54 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 16:54 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-01 20:07 . 2013-04-01 20:15 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-12-22 19:24 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EC136321-1AE5-4A7F-B01C-5380D666175B}]
2011-10-30 13:44 126880 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-22 1514152]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-15 16:13 222808 ----a-w- c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-15 16:13 222808 ----a-w- c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-15 16:13 222808 ----a-w- c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"EADM"="d:\origin\Origin.exe" [2013-06-05 3456080]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb-amd64.sys;c:\windows\SYSNATIVE\Drivers\eusk3usb-amd64.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par-amd64.sys;c:\windows\SYSNATIVE\Drivers\eusk2par-amd64.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link Service.exe;c:\program files\Samsung\Samsung Link\Samsung Link Service.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 19:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-15 16:13 261704 ----a-w- c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-15 16:13 261704 ----a-w- c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-15 16:13 261704 ----a-w- c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
"Samsung Link"="c:\program files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe" [2013-05-09 407384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3014745140-1638939913-3744448183-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3014745140-1638939913-3744448183-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-22 12:09:54
ComboFix-quarantined-files.txt 2013-06-22 10:09
.
Vor Suchlauf: 14 Verzeichnis(se), 74.169.192.448 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 73.193.574.400 Bytes frei
.
- - End Of File - - 2ACFC0FBBC5718C6D81D5DA9EAE57035
A36C5E4F47E84449FF07ED3517B43A31
ADW Cleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 22/06/2013 um 22:15:28 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Basti - BASTI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Basti\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yrdsoke5.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yrdsoke5.default\searchplugins\delta.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Basti\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Basti\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Basti\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Basti\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Basti\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Basti\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Basti\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Basti\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Basti\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\Basti\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\uTorrentBar_DEToolbarHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\uTorrentBar_DEToolbarHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{231B4211-0F25-4C89-9034-13828D2A472D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CB073F3-BE3C-4E8F-942D-8A747B54486F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68D19556-22C9-406B-80D8-27190514436B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yrdsoke5.default\prefs.js
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yrdsoke5.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "9295ba850000000000003e4bd6f7b3e7");
Gelöscht : user_pref("extensions.delta.instlDay", "15836");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1623:11:42");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
-\\ Opera v12.15.1748.0
Datei : C:\Users\Basti\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[S1].txt - [26991 octets] - [22/06/2013 22:15:28]
########## EOF - C:\AdwCleaner[S1].txt - [27052 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Basti on 22.06.2013 at 22:25:22,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-3014745140-1638939913-3744448183-1001\software\web assistant"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext\web-suche
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8144EBF8-1C93-499E-BF47-177B9057D007}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{89258519-8216-478F-A05C-99A820C7128C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EDCCE97D-5347-471B-B6E1-9F8A0CA542AC}
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\APNSTUB.EXE-967FFF60.pf
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Basti\AppData\Roaming\systweak"
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{001579BB-AE56-4860-8ADB-3489C341D197}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{00522CBC-B414-44EA-B803-BC80ED54F264}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0229E3A2-A404-426A-9EA1-4AF40A1F6F15}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{02E8C919-8776-42F3-A9EF-C53988D62A64}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{032A7115-B733-4580-A04A-2BE82CF03E6F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0335DE6A-8EDF-49D7-9ABF-19C5131800FE}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{037DFB56-DE2B-4655-AEB4-F70924502E59}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{05144C64-A1B8-48E7-A13F-B7EB3E20210B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{051CB7B3-B4F2-43DF-BCDF-914F8A59A174}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{05957048-5854-42E9-BFDF-9F321C4AB085}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{05F79F09-6522-4366-8AC6-F17823408022}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{06774802-0151-41F5-B340-5731F592A43A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{07CE5BB1-39FD-4FDA-B1DA-6C105D830D5A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{07E5DCA5-71D7-4DA3-ABA5-59206C99A04C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{081F0BAC-F4C0-4EF1-A37A-88E940349BDC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0820EC23-320F-428B-AAD0-AFCB8FB952FC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{08505E29-F529-4FC3-92DB-348DFB48F5DA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{08791E2C-7F1E-438B-81EF-FDC32D68F798}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{094BBD82-1187-495A-9560-FCA7A0045993}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{09795D41-4EC8-419B-8B66-62150489FC20}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0B6755EC-87EB-4F59-920D-477C2F508509}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0C072D3E-C35E-403F-A129-503B2ECE9CBD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0C940B5F-11D9-4BF9-BA3B-DC0A0B54C6F7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0D95DE28-F883-444D-970C-C1681F8D11AF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0E47759A-06EC-40A9-8FC1-34B4A0BE421D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0E98485B-0551-46FD-95D3-649D6E6883CB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0EBE1FC5-DA7D-418C-86AC-0E4D114858FE}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0F4F86C3-48E3-41EB-A3EC-B40D74B186A4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0FCE2B41-47C9-4D7D-A3E9-2DE64B14895F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0FE729B6-A8E7-4D7D-9EE0-1402408B68E3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{10666675-C698-4B27-8EEB-12FE8B5A71C7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{10A863B8-1483-498D-96C2-7A0C4A3EF47A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{129615E6-B463-48D9-8D0F-DD838AD3C799}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{130A7D6A-6312-415B-A592-44BE06491C8D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{145AC960-F0FA-4CA5-9682-C388E58B58A6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1540AAF4-D01E-4284-AFF7-FE8217C3BE21}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{157B7CF7-D6B2-4F46-AD53-912B3BAD2941}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{165BC6F0-01D7-4C34-A6C1-40A36EF37915}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{17122F3A-77D8-4253-96A3-B5AD1891C2FF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{17B7300A-E945-47E8-B510-AEBED0B6242C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1854793C-B024-4402-99E7-31649F05FEB0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1A1ED0B0-6F44-4388-A16A-E6D0F6471B78}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1AEA87D5-C6D1-4F1B-B10D-B4EC1B38B7E3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1B5977CB-88DB-4C7A-AF8F-DF260F7D7AE5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1E2BD514-C60C-4AE5-B6A9-8E454595F2D2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1E7FD853-6885-4658-97FF-4279C3DD121B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1ECFD836-D718-4545-BB4C-21932409D476}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1F2D8A7F-9592-4E74-A9CB-73AC920E96A5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1FDBC253-3230-4A50-9111-4C83676383BC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2081974A-F04E-4728-9A28-78FA23BE4C19}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{22AEB7D9-5151-4776-94BD-1C9443BB1B7B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{22E3BE37-2771-4A08-BDD5-0EC3AF97D538}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{23CD07FE-A2D8-4AB7-A968-DF11B5810079}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2567B0BB-6DA9-4DD9-86D1-01DE525D7944}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{267D0E69-5F05-413C-B544-B4B0BB63ED19}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{269F21FB-5E8E-4B42-875E-687A7C2FE422}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{26B50F53-9183-4962-8077-BA8D686DE6A6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{26EEC4D9-B4D8-41D9-8628-49286AB2B025}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{27261CC3-F569-4F89-82AC-DE874C9B43E2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{275F092A-3D4C-4FE6-8A9E-2D0D41D49665}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{293CB594-401E-483B-87FD-BD0AABCDB08E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2956051F-EE98-4307-BC9B-C0B851A42E3C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2964E5CF-9388-40AA-B133-6310F5C3D362}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{296BDCE8-88FB-42B6-B51B-A6D4C1C52909}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{29B1BE11-18B8-4892-B251-54B2DFBBE486}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2A3C73D2-348D-4882-B724-AD51B803837C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2A51E10A-C5DC-450B-A777-37508ECCF0DD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2A8451DA-315F-438D-966B-8E6F27C9FE69}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2A9C5F85-5A0D-4BFC-951B-04B2BEDD85DF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2C683BA4-5EEA-49C9-BD35-D5B1DB55D22E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2CAD78E1-6AE9-40C3-9CEA-28AC48F6316D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2D66BB8C-DC36-4DAA-979E-88C4FEC9203D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2E26F7D2-9B3E-4E9E-A8BE-1465E20A5890}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2ED0DD95-43F0-4554-A4BB-215D2FB85DEB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2EFFDCE6-011B-4B1F-84D8-28A4FD3682A1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2FB310C6-11F5-4D6F-A542-E637E2FF92D6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{30503952-F075-4CBB-911C-08DF066BCF4E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{30EF0ACB-C6BC-46C6-8D63-6ECF996A96BA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3127C01F-E8E9-4B29-9361-5F3E8263DAB1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{31E6156B-8B66-4997-8C49-86F2D75BCEE4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{336B46E9-4324-4A3B-A6D5-7D51B1989804}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{33895015-417C-4857-A974-37505C57566C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{33EA418C-2AD3-4B5A-9B4C-7D25AD4D5E19}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{35020DB6-2277-463D-9B90-4FF06CD03635}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{367A53D3-80E5-4DD1-9A58-78E75F8D70E3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{36A3BF25-7FA6-47B9-9330-91DB4716AF81}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{374AECBD-A3E9-4B9E-94BF-DEA30B9A1926}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3886E295-0D43-4C3E-AE07-52BDC6B47339}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{38B9E32D-C63D-4C9B-8226-51F980F007DF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{38E5ED13-A1F9-4F61-AFC0-E051B53A0DC8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{39070DBD-3461-4DF6-9FD1-AC9D8F406ED6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{390FA823-DC07-4107-BF85-0A4CEB762D25}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{39C16D38-215A-4E7E-BCA9-9754B525AE33}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3A297982-69F2-435F-97B6-F3C67E68C874}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3AA94DEF-5A81-4174-BAFC-6F7A570C5B9D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3B393001-56BB-4C96-98FD-91BA7FAA5356}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3CE59E44-FBED-458B-8714-8D87D78BE61C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3DAF1E4C-9D73-4B5E-A9FD-59C2D8982495}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3E48A6D9-003D-4E89-8D53-8DB193A1F879}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3EB1D112-60CE-4EB5-8CED-801E2EE2CB6D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3EC4A80C-273C-4186-98BE-DDEAD6360539}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3EEF6588-8F5F-4490-AE86-9DBEF65D8EE9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4146F891-A685-472C-8E9F-36B5A17C02B4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{42AD0487-3863-4823-81D0-485118075464}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{42B4401D-D5BA-4CD7-92FC-D18612602619}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{42D0304D-8CAB-4F76-91A0-55BA06E5C998}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{43170815-D1A7-45C5-AF42-52D5E4C05991}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{44A26143-753D-41D3-B63A-5C4C2C0152CD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4510B84C-7A1E-42F2-95BC-0961FEA52FCB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{454419E8-20B7-4F54-9CE5-06DAC3A30E5F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4560AC67-E77D-45D6-B2B0-B64D27177F49}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{45A473AB-7216-458B-9BAC-2C06BCEFF79D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{45D0418B-0F7A-4E83-9CAB-6E71014A6092}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{45EAB62F-C353-4843-817C-AB52C739344A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4660D778-AA65-4C5C-A6B1-1C68965A8A05}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{47522CFE-AF9D-4172-845D-C7F7DB254E99}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{47568F2C-3138-4132-A922-7CE9C2FED7B0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4893DEA3-3ACC-40AB-B685-B3894C1FB05C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{48C1EBC5-9B3A-4768-8A55-C6EFEA7D3E13}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{48D4F142-C887-4EEA-8F28-0DE0B99F0C10}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{48F16085-E1E2-478E-A5CD-2AEE6C523ADD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4914E549-8C59-4D3A-BEF1-D64BE9E57478}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4A5120F6-F846-4FD2-9367-D4359F727AEB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4A958760-1D45-4DB3-86AA-A266F08A884E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4AF3D8B4-042E-468A-A867-1A863EF8DB79}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4C26E0A9-C2E5-45DA-8992-D01FF5066D4A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4C5E0E03-4D6B-4DDD-8A72-2A36F237E1E0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4CF576CA-B6BA-4EBA-BA6E-9512255291E2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4D1723BD-1747-40C1-A379-4F5188D51642}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4E003A42-70AC-4CC4-8EBF-3E2810BBC73B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4F176C1A-3F1A-4912-BA21-0ADCA37539E5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{50685878-B71A-4472-84E2-D17997C9712A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{509D11AC-4533-46B2-B820-10F53158A896}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{514D3111-996A-44E1-B985-C9DC90F8A26B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{52226A66-01CF-4108-846D-5FA07E17D360}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{534AD632-4474-4863-ACB1-CFBC4CD12C8B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{53C005E4-1861-4154-A3B6-E9DBE6056C23}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5432C403-6E80-4685-801A-31B22F5B3FF8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5479A8F5-078E-45A2-8CDB-1E1A70B97BDB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5513FB05-AD91-415F-B7FC-52FE3BB084BD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{569FF2C8-89B9-4412-97B5-E095DB2291A7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5707864A-CBBF-4454-9A73-B4021D15BB9E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{57641B94-BEC5-4753-B8ED-66EC46E66CDB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{57CDCF6A-4DE1-49FF-BD16-8F9299310EB4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5848B466-A8CF-4DDB-BFBA-93D88802ABF0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5926587C-34A7-4DB1-BCF8-78CC1273C5B9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{59BBB271-740C-4973-A4DC-0EB780C61706}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{59CCB7F1-25A1-468D-9B85-5ADDB1010F3C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5A37A915-E977-4480-B64C-B0FA350A0722}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5B88A7E1-8224-43F7-8830-42B7F4A5BC83}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5E17B768-8C23-438A-ACDD-D552ADF1D041}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5EBF1B8D-FDE5-4133-B915-1D1E7E19D80D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5F06C7AD-30F8-4F19-94DD-C47197A49E6E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{619F2166-9545-4494-AD76-2CA43DC56271}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6289F52C-7545-469A-9F7D-90F7F94EF03E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{63791756-F8D9-4E0C-A37B-C2857EDC0BC2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{63C869DC-7E0A-4865-9057-E5CBC687250C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6423788A-00EB-47C2-9C52-B94ADAD66383}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{644F7DAB-ADFE-4024-8720-FDFA94CED96A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{64ECA841-0A09-4B1A-B8DC-FBC549885C17}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{65C59A10-7EB0-45DA-ADD7-8D840432C9C2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{65DE50AB-E1E6-4E39-81B6-B6D22B0C6E0E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{66941F0E-26AD-49D7-A8B8-3491A953C585}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{689ACC6C-5666-40A1-9B8D-BAD9B03424DB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{68E5A9E1-9D97-451B-9F8F-D8D034628CC9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{691A0C6F-92F0-4528-9708-250C28C73CB6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{69AE5D73-FED8-4E16-8CD3-41E1832FFF19}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6A194116-BA45-422B-B262-4AD8A018B2B2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6BE28DA8-8067-4CA6-90D3-EE9305AF259C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6C1F2D57-28AB-4D2D-993D-2D8B28CA30A5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6C45317E-347B-4303-8A5C-AF2010CA0F72}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6C7E5B6F-9512-4F3A-A22F-143631D5B845}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6C8EACFD-B122-4830-B307-CB818E673210}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6D4A139F-7C0A-42F1-BCB9-EDB9CD5791D8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6E40B2E7-2A5D-42CE-B202-127C09876A73}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6E8CC8BA-14B2-4A40-AC1C-2B0BBF52A06A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6E94D848-50EE-4F3A-B630-51C7317626A3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6F997247-57C5-4A98-BA37-DA75AF7FB3B0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6FC2E67B-18E7-4EE9-BFC9-B5A6A3CC1074}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{705A5548-98E6-4CF1-8B71-26D8A94E6B43}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{718D57EE-9E7B-43A0-BE1C-6D202004DEAB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{72912A57-C213-44D4-89B0-00F6A157A89A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{73BE8BAC-476A-4238-A214-2C13E8DFEC1F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{752D0BF5-3391-4A07-91B1-246F8BE0D608}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{76F0AD7C-8E67-48D7-B516-2B0A4D75ED3B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{779AFAF4-A093-409D-B729-6A13DB2DE96C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{787077F7-C9C9-4F6F-B6FF-369E1C65DB8A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7884ACE6-FF3A-4FC0-9929-CF05C0B80E5E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7B300164-C5C6-4E0F-821B-BCAA7940B242}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7B45B07C-B8C0-4617-8ED8-6C3302D024BB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7BCD52CA-38AC-4B52-B358-324295D1032A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7CEEF331-8BBC-4351-B89F-D263216C08C3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7CF454C8-0C96-4EE5-BC8C-6A35072E7CFB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7D1D87B8-A480-44B0-8125-C0A897BE9AC1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7D4A0772-6CAB-4041-BB2C-5FA9896C4CE6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{801EBFFB-F5E0-4773-B54A-E692B928F72F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8025793A-D61C-43CB-A277-EAA137C2D6E3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{809D07C0-B98C-42D4-AD19-06552AAFBC9C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{822DAC1F-6B76-408D-A141-ACA343C09E6D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{82739E09-D498-417C-8767-3F1A50D6CF0F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{831210EE-89F0-45F8-AF88-4CC8797A14FD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8370FFB1-7EE8-4353-A437-99A31E4FE034}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{84222D7F-6E3E-4E8D-BAD3-505533ECF006}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8474FFC3-36C9-4F8B-808E-B5B9CA3A8D55}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{864C05AA-1541-44E5-8F87-4B720F878A1E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{867BBF09-E9E7-4780-B135-DA89A5B1463D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{86D53014-2F08-4B47-9B61-10DE7F63295D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{87D37693-4EA6-49B6-A569-23BF6AA00A7C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{894F29BE-B0AA-4851-99D1-A1EC30288A99}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{895B7269-AE10-4248-9558-BF4081FD638B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{89F79485-9C31-4F9B-8734-9DD8126056B2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8A0B7E8E-1664-4599-AA3E-729AD1B6ED38}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8A0DB975-E190-4A3E-82FB-0AA83EC07FA8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8AD68158-2E23-4857-A632-21FD607D94F3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8B20DADD-BAC2-45A7-949D-A7FA57E0717F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8D652270-320D-46E9-8D18-0BFB62324575}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8E526098-E2AD-49DC-A370-7A73376DF6C4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{908BCB07-A3CC-460C-9C14-089A98F374D8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{91C53153-09AE-49B1-8E4D-F010CAAD029B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{92E05DA4-8364-4BF9-B9C1-1375532E9BE6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{931907CA-D175-416D-AFCC-BE21FD795B44}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9390D15D-C4C2-4C0C-9983-A144774941AB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{94435368-C824-4E35-90BA-E63A6B133EBF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9517E262-EBF5-4EA6-BC36-865ABCA32326}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9588FCF3-B150-413E-A7F4-7B60DF63145A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{95FB4280-1B5A-4EC2-9553-24AB321BAA40}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9649E269-ADFD-467C-8AE0-9AC4EF5714BA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{96FFC1D1-6AFB-4A71-B325-FEA3616BE886}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{980F92EB-D2B1-4216-81C5-8BD5D28272F0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{98C6601B-6018-4EF3-B28A-2D413E4A419E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{99CF1A98-E420-437A-893D-B0FE616D8464}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{99D1FB3E-67A5-4486-97D7-AE671EB090C9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9A01104D-C3E0-411A-8B0C-75436EDD8C55}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9A48A63E-60ED-47A1-BB38-8351D9FDA4F8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9A494246-D5E8-4875-B15A-6E76DFC5E116}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9AC47F4C-F84A-4743-8BA4-CB9505C8C41F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9B33E7DC-76B0-4411-AA5B-468D74FC150B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9B38FF58-C0BC-4CC4-BB06-5178F9DB3AC9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9B730778-5C90-46DB-AD02-508A0E3A4A43}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9BC26843-9D2C-4D42-8E94-06E603D473E9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9C10A756-EC16-4728-A726-44E9A6CBCDFF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9D720952-BE06-40B7-9549-3366D97B2019}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9FA3EA5D-C43B-4BED-834B-B1B53FCF5F08}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9FBFF7A1-AC29-492D-9BD3-C41396C0A4FF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A0AFD515-31DE-43D5-B8DD-143B398C0AC3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A26A6B2F-E60B-4ABD-B019-6B69BDA05589}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A3432AE1-B713-40B9-806B-91380FD57711}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A3647825-3507-438B-855C-233931BD454F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A44EA38A-4E77-407F-BCB2-ECC531C6EBDB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A469D1DD-1D9F-4751-9495-2ED2785598CC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A4B0FDAA-409F-415F-BB1E-B3A59124ABB9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A518BBBC-CEC3-4B0C-B9FC-D20336294B75}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A54AA78A-FA41-4109-BC24-A4105E3922D8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A54E165B-12B6-4ED6-B3C8-783E7E38010B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A5893449-5C59-488A-BACF-61FCAEE64959}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A60CB99E-3DF5-4DBB-9E07-1AE53BBACAE9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A8C57CFC-4C8A-4F30-8EAA-2E426FA02327}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A9BE291D-9459-4467-820C-AEF998BAB303}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{AA3B2D38-4ED9-4E13-8E14-A81330C4BE7B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{ACCF7C77-13EB-4BDC-BBE2-B2577094885F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{AD85CD96-0DBE-4755-9E45-50458C80630D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{AE6F39A4-C7F7-4644-ADFD-B7B35BAFA668}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{AEF00198-F486-4211-85E0-198F4146FC1C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{AEF93FBD-0D43-45FB-BE01-3CBF7172D3BC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B110AB94-1C8B-478D-8A30-3BD8FD5E8824}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B2FC333F-5A92-4297-BF3E-16652A659FBD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B3B32F11-9621-47C9-A468-27DC513C3786}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B404F222-F559-4F20-A730-CB72791BC752}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B439FD65-615B-4E48-92DE-3C20FF531F5E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B4AA5F55-3FCB-485C-9471-5B662AE57C0E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B4B0C7AC-05EA-41D8-8355-653CF999564D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B577D383-CEE0-4F36-82C5-A1D9346B3381}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B62B1120-EA54-4AD4-8C6E-CA9510557C33}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B63E14B8-5546-49D7-92A0-BED519D217E7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B640741F-6D70-4AC4-BCCD-C4A5F95BFA9E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B64FDA21-74C6-4F87-BABC-00F04EC7C548}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B76CC7B6-BC35-4E53-9B2C-DF8123D0978A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B89909E7-D624-4B1E-A36D-53A27B29BDDA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B9A34882-022B-4838-A6EE-22680699BDB1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BA056609-38CF-4AE2-9E4A-98066A1A688A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BD794170-C1C2-494B-9894-0732BEFA493F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BD79EE52-C3F2-470C-84C1-9D550FE35F97}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BD88951D-C1DA-45D2-B8FC-92475F946305}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BE8B5559-B6E9-4FA9-9E14-AEA08CC3CA69}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BEB1DE5C-B88C-4F68-B28D-FF74CB90FC48}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BED8C6DA-1B67-4D43-B14B-88754887CBA7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BF10D004-18C4-4EE4-B3D9-AAD208C420F3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BF37354F-8D2F-4239-98C3-8C12846CF9C6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BF7AB213-E9AA-4879-9191-DF6E75B78BE6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BFAD6BA3-E1A8-46DA-9042-2E07F17DF459}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C1801CBA-6F1A-46BD-BC1F-1B159B38389C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C1FEBBC1-6439-431D-A08D-B153CC91F421}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C4AE1571-E60A-4542-9A11-D88B0B608E5D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C4CC1880-2E9B-4E43-B6E4-A57767FC15AA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C4F11CC0-46B9-4AC1-AD8D-9B0E1930B662}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C55D06F4-2096-4D08-967A-8FBFBE648BC7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CA3A1096-0FFC-4A2A-9CB8-54A8EA418A0C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CA601BFE-8067-4AED-BEE1-A9900F216604}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CBEC4B2A-31EA-48F4-8C40-E75608A1D438}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CCA32D18-F8AC-424F-87EF-69543DE66C6D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CD191F43-71BC-4706-9E99-F6FC0AAED8B4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CF9B450E-975B-49BE-B7C4-1DE66D0C96CC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D0991EC6-8F70-4C07-BCD7-6A3A81935E1A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D122C154-3D04-4229-B0AB-2FA47D9AD770}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D21E0CC0-2B62-4BF1-9773-54CED2848D02}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D23CA2F2-F221-43D0-9E67-5FF101DE6E1B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D4561568-5084-4B57-8538-EFEF60DD0B9A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D4667B1A-AD06-4A24-A660-2356E6858167}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D4A5ED05-8363-408A-9581-6DB712C9D486}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D4FDC7EA-9B27-4EF6-91E1-09F20DBC4BB9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D50E1DFA-8636-48D2-BCA7-E22D0C6F11BB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D5B688DF-2076-4652-AF2A-F32F89E17F04}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D6113808-9401-4C38-B1BF-37AEFFCA2F2B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D61A6987-9672-4003-B557-8E91BFA88289}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D664550C-CBD9-42D8-B6BA-F10BB66C67AA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DA6AE00E-D6C2-4292-B72E-A82EA47A9BF3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DD8C60CD-693B-495E-8DCB-A1544FE27829}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DDAC1BC5-2C61-4296-8293-A20B1760BA68}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DDD9CE83-0445-4387-AC34-408CB0D2750D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DE1F4EF0-B7FB-4832-9153-D3EED242F4D6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DE3E7FE0-2EA7-46D2-A9CB-7CCD2CD33D79}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DF51D90E-E16D-4722-B5CE-EF3549EB7CE3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DFF969EF-8297-43FD-B48B-BFBDEAE91BC1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E10CBA93-8DD0-482B-AABA-A66C6FABB30F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E23D19E6-9EB4-42DC-886C-2B6E053F8984}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E25D7A66-CD2D-4729-9EA4-92B8E67696B3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E2A7527C-32AB-43B9-97B2-C303B0F86237}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E2BF6164-B894-4F68-B755-2D72AE53641C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E2DB38BB-9E3A-41C6-BFAC-9A07509C19A4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E32654EA-F5E7-4CC7-88AE-C30B2CB2B155}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E33FDD06-E0C4-4C77-AFE5-189CA20FBBFF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E373980E-DD6F-4A1B-985F-E0E7EE6F4E0A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E391C4E7-C843-415F-90B2-48A28B7A1595}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E4B76F12-3988-4E94-B9AA-A58EE8C74223}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E539D2A8-DCF1-4BB7-8E7D-F7E236D84CC9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E5404FA1-505B-46C5-B193-072C5C5C2AF3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E6A9AF6A-11B3-4148-952C-6E72EE120E5A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E6D1C074-B76A-4824-883E-0461F3A7771F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E72ED880-AD02-4915-A45A-5249158AE0F0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E78F2208-74CA-4378-80F4-261E8298B71E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E804FDED-2784-423B-976F-30AC57FFFB10}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E859644D-3ADE-413A-BFE3-7803A99F3271}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E993DE14-E217-463E-924C-7F47AB57D852}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EA7D3E9A-7EE0-452A-AC8D-390905BF9A2A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EA936B9E-ACB4-41C4-A870-81EE8B9B6B4F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EB3461E9-078B-472F-8BB3-E3B3904E95F4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EBBFB12C-EF4C-40A0-A195-64E8016CEA3F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EC7D29F1-C298-46C6-9D50-5454427384BA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{ECACDF24-0EAA-429A-A32B-E900F98E6B4F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{ED3FE186-777E-4C4D-A7CC-CF6B249AD60F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EDE0ED81-C805-4D9F-8BC2-FAE945D416BF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EDF2F1CF-6AFC-455D-844A-22748EC072A5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EE5D3661-CCEE-4867-85EE-677915B8F2E8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EEBD92DF-EBB8-4074-940A-BFEEEA0E4AA9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EFAFBFA8-E75E-4130-9120-0BC77D713CFE}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F114AE9C-30B6-4470-B833-79C6AEE8B8AC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F1D0FD9B-868B-45BE-84FE-988AAFA951F4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F308F03D-CE0A-4639-BDFC-7F95460BA5B4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F48845C2-0AD1-4C5A-983B-6D270414C48D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F4951B0E-887E-4086-ADE8-2D3D209A1808}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F51B34CF-F26E-4D49-8500-BF05925D2BFC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F52E5EC4-0743-4388-B8A8-B1204D939AE6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F7CD998C-6EF1-4FB8-B3D0-536482C520FE}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F89C813B-163D-4D76-8887-B3DDDF4D8F70}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F8B989BC-74F9-4A15-8673-66314418B00F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F8E9566D-DEFD-4C81-8430-EDB640DDF4ED}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F90D5720-3F5B-4158-897B-86A5C5BD528B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F93ED1AA-ED0A-4BB0-9A4F-5AA8F6A82DB5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FA1F1EE5-C066-48AE-82FA-28DA2374D0F8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FA2314EC-5876-4AFF-8608-C590AA537373}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FB63394D-784C-4305-B866-731466A566E6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FC3983CA-CC59-4439-9EB4-77EC4742004F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FD2919E8-3091-4402-AAE5-095D3F7C34A8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FD4375DC-9E73-439A-8F06-AE66547D9CF4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FDA1A547-8FA1-4C7A-A5D7-3E991847367F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FE09C8C9-714C-412C-964D-A151118D1FF0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FE15F205-95D3-4299-BD03-1EC2136836E1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FEC45A7B-BB57-44C3-A4E6-4501D8833E72}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FECD501D-4670-470C-B23F-2B6D176CEDDE}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FF262455-946B-4D60-A435-735640E3B699}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FF3C2A4E-9897-436F-B8AB-A595FFF9E4C4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FFD4A7BF-A20C-43F8-A7CF-7AAAAD528411}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.06.2013 at 22:29:43,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
23.06.2013, 11:58
| #6 | |
| /// TB-Ausbilder | erneuter GVU Angriff! Servus, Zitat:
Zwei Möglichkeiten: Du installierst Avira am Ende der Bereinigung neu oder du installierst Avast bzw. MSE anstatt Avira (ich empfehle dir Letzteres). sieht gut aus. Wir spüren die letzten Reste auf, damit wie sie später entfernen können: Schritt 1
Schritt 2 Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
Gibt es noch Probleme mit Malware? Wenn ja, welche? Wie läuft der Rechner derzeit? Bitte poste mit deiner nächsten Antwort
|
|
23.06.2013, 13:49
| #7 |
| | erneuter GVU Angriff! moin moin, also so läuft der Rechner eigentlich ganz normal. Er braucht vielleicht etwas sehr lange beim hochfahren aber sonst fällt mir nichts weiter auf. Ich hoffe nur das ich mich jetzt vielleicht mehr davor schützen kann. Extras: Code:
ATTFilter OTL Extras logfile created on: 23.06.2013 13:43:10 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Basti\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,11% Memory free
7,99 Gb Paging File | 6,01 Gb Available in Paging File | 75,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 67,77 Gb Free Space | 45,47% Space Free | Partition Type: NTFS
Drive D: | 427,59 Gb Total Space | 346,34 Gb Free Space | 81,00% Space Free | Partition Type: NTFS
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F0EA29-9510-4CA2-8382-9CD823CA1514}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{02DB26D9-5E3D-40F2-8628-BA263E2A14F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{15784D43-2D99-474D-A58F-70F67BEECAF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{2068548F-E532-4857-A5C3-8419C4A34AC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{326F3941-637B-4175-818F-7B578D366336}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{355D832D-C922-4BDF-84CE-87AC4D057A93}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{36A754C3-55D8-4F9A-BC48-455AD0068EB2}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 |
"{47C306F7-BAFC-4688-B9B7-3BB11480328C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{526FF5A6-E03A-4565-8D07-56599CEEC6BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54A5E772-7EA7-4C06-84CB-D4B2F255539B}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port |
"{5802DD25-4C88-47AC-A1D0-3D2842E4A41E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A897827-F6AC-4ABB-ABD6-61D3E6CB2E73}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{6CC5ABA7-BD1B-44DC-A116-F0C5F44163F0}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 |
"{6D08A87D-32A6-49E7-A99C-4BD7B8272CDF}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port |
"{6F6AB699-F242-481D-B11C-4386AAE45460}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{79C3BA46-AD5F-4DD8-9CFD-12330675CFE0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7CB8FFC2-EAA9-4753-82E5-786BC5F9D8B6}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port |
"{7D703E36-6015-4242-AC25-68D3742C15FB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{830A121B-683A-4352-BBC1-6922ED36A465}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{8AA3A1F8-70ED-4C76-816D-C2387A7304BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{983A55EF-4C69-4DDD-AFA0-3D7A8DA57136}" = lport=10243 | protocol=6 | dir=in | app=system |
"{98FAA00E-0587-4AD5-BF5F-A4642E16565D}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{A3B521D6-6923-4566-94B7-5151142CD3D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{A71A766C-57F3-462A-8C5A-B2F395B2F215}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AEF8E0B1-8928-4860-9824-AC75D77FA557}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8D22E9F-F447-451A-8F4A-A5B658DD80DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C064C3DB-DBCF-4643-A053-EED4B284583A}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 |
"{C2F882FA-4B38-4436-B85B-482F1EAAD9D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CBEC543C-C9EB-442C-9251-3B652A3DD92E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D078CBFF-6B1B-4709-999A-7BCD7EA7CAB8}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{D2C983A4-296E-4BC7-B9EE-36D523450329}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{D5972AE7-8AC2-4BBE-995D-85321D75ACB6}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{D6D967AC-531E-4B94-8804-7631934B8489}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{D71E4286-536E-41A5-B2D5-03E768EEA175}" = lport=137 | protocol=17 | dir=in | app=system |
"{D743EA0F-C136-4ADA-9720-E4E35CB4F40D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECEC916C-E69F-41B9-8EC1-D68C1C3ADA4E}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE14011A-0715-4121-93D6-D0037BC97B9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EEAC7889-DE8D-4E43-861F-5BB6DD9994A9}" = lport=139 | protocol=6 | dir=in | app=system |
"{EF27124B-06C0-43FF-AE78-381931831D48}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 |
"{F1CC925D-5B99-41A9-A5CD-8AC8DC89C58E}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{F4A26989-82B2-4CB1-AB5D-737B3682ADC5}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{F91CD776-0D39-461D-976A-42FD1E2AF376}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053DF62B-EC37-49DE-A760-442DAB2F04F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06D74078-3FD4-4FAB-B9B2-B9B3FE70B0BB}" = dir=in | app=c:\users\basti\appdata\local\microsoft\skydrive\skydrive.exe |
"{0D8FD0CA-E603-44E5-87BA-D980BDAACED8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0EB67770-FE02-4A60-9CF0-D0AC90719937}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1A8B66DA-7FEE-4744-BFEA-C6F2F5142197}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{200B203B-1AE0-4CA8-95BB-233D728D2BEF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe |
"{212A55B1-8751-44FE-8914-99FC9CD089E3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{22156B6D-76FB-46A2-9826-EB7622F3A83A}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{318F3DDC-5981-46AD-8183-E61E3368C837}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\rocksmith\rocksmith.exe |
"{381A89D6-F878-4CD3-8976-FDCDF5D68D08}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{3CD7EC67-7C06-4E08-8453-491315FCAE35}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{3E964430-6C7C-4E8D-85FB-007B45471C95}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3FB0005E-D477-4729-BEE9-CCE967914582}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe |
"{409B6526-CB6E-43F8-BC94-3CFD77B49439}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{4D53CF9D-1A82-46E6-9481-37295D0C9887}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E9777CE-0A94-4CE9-A1B8-149D1117AE84}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{4FAE43CA-B470-4AD5-BEA6-E419476100E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{539B7E34-93C5-4C36-8E60-F37B5D816975}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\rocksmith\rocksmith.exe |
"{58CCA3B6-8ADF-4D8B-8815-3F7F97CAAD1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B216E94-4B1A-4DA5-9310-D99FFF94B327}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{631E5A75-4282-4F39-A218-429E2AD99314}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{635C1FBE-2EE0-44AF-9FB6-649001F64A20}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{6A9916DF-0D74-4E29-821E-1DFA1D67FE1B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{80FD4542-6BA3-466F-875D-9E6A59422A2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83964453-05DC-4E97-B0FB-EFCCC1786C03}" = protocol=6 | dir=out | app=system |
"{88725923-1B49-4270-8A36-9CAE7CBA2195}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C2C335D-E484-4454-9C78-93D34E92671E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FBEA6EC-DF63-4052-BB76-FAFC32D2FC29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9446C022-AB19-4358-807D-077500B27B01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{945DBD58-489F-48A1-A512-6A64CD8CC04F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{961D3570-B770-43C6-8975-A1A3E70F3D4B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe |
"{96867691-CDB2-4EFE-BF91-8C1E4BA2CBB5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{9A576023-0A25-42E8-A0A1-22327DD9063A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9E599731-4FB4-4A82-A07A-0A8C52DF1597}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe |
"{A33E2E6E-335E-4E88-B1C0-C43C5D67F226}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe |
"{A645803C-63D4-4BAF-9266-89736561AEB4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{AE6A74AE-5B04-4BEA-B5C1-B6674395F8CF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe |
"{B1D058C0-69AA-43EE-A045-9C61C47BE12B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{B31E57E3-B793-43CC-9C14-6819B7963E7F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B44D7052-2BC9-4DCA-9A48-AD2A3313402C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{B824FFB1-0800-41AA-863A-FE80216C9C0E}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{BEC7A533-5244-473B-8053-71D0D43F0658}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C34ADF70-5ECB-4B40-92F9-5D60FF9E4CF9}" = protocol=58 | dir=in | app=system |
"{C8F642A1-BC45-4482-B6FB-D9D0AB5BF721}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9227157-9F7F-498D-9A53-9ED6987281C9}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"{D3094B04-D60D-4D7E-98EB-B8A9FF4DFC1F}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe |
"{D75EE4E1-7E6D-401C-8B42-E44D4CD50F46}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E50B5288-B57A-4A57-99C2-B323E38002D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7E0B179-5592-488B-84A8-67AD21C77A1E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{EF96C670-F0C1-44FA-BF72-69F617E87C8A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{EFF7E4B4-D33A-49A8-847D-8FAD675FF8F2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{F17331D5-BD70-4B47-B115-BFB3A91CD8A8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{FB991AB3-1D6E-443D-AECB-322B05219B72}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe |
"TCP Query User{A06DD0BA-C5B3-4523-8030-58D9916EC636}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{C3AD5C19-9C06-44C3-A3DD-8122D47CFA4C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{CDA60A4F-5E6B-4523-9A5B-2B74B24A9269}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"UDP Query User{070D247C-2BAF-4F16-85BB-FA87BC84668D}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"UDP Query User{9D24AAFF-712A-4007-A518-FF9A140AB370}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{BC37443F-608A-41DF-BCC8-73C51B575769}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BA8381A-F47A-0A1A-8CDC-9EED42CBF73A}" = AMD Media Foundation Decoders
"{328EAC95-9299-BF47-BDBE-83F94AE07D71}" = AMD Drag and Drop Transcoding
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A762DDE6-D6AC-ECDC-DFBE-E35A0FCFB0AD}" = AMD Fuel
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5CFDA3B-64EC-21EE-6652-0E9AFC41FF8F}" = ccc-utility64
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FC655E43-0E90-4FAC-AF88-7CF8635C6ADC}" = AllShare Framework DMS
"8474-7877-9059-0204" = Samsung Link 1.5.0.1305092012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B9D184-F3C5-48B2-6DBA-56D5DCD85E97}" = CCC Help Chinese Traditional
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{062BC4B4-891A-C58D-B335-7A6358BB438C}" = CCC Help English
"{0E4545D7-2B4B-1EF1-505E-1B9E512980F1}" = CCC Help Portuguese
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{15DA32B6-4726-AABE-E3BD-761DA0DE4132}" = CCC Help Norwegian
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2764C49D-4BFD-A240-F64D-E11AF855C714}" = CCC Help Swedish
"{29E21CFC-5DEE-6441-AD4A-C15655BFC146}" = CCC Help Chinese Standard
"{2C03DD9D-D28B-9D33-22DA-AB1C007B8412}" = CCC Help Spanish
"{2DE1BCDB-48F7-723F-1DF0-FAB7B4184CE4}" = CCC Help Danish
"{2FF505C2-318E-7B51-FA77-51B9E6F0677D}" = CCC Help Czech
"{30E02033-8A23-ABF8-474C-1CD0C7504659}" = CCC Help French
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{43BAB72A-5430-FD3B-ADBD-02105E4AEE03}" = CCC Help Thai
"{492B292A-8A5E-EE0D-5EAA-B303CCB1F14D}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B487EAF-EC47-EDEF-599B-CA45F17DD5D0}" = Catalyst Control Center Graphics Previews Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{59FB5F5C-B127-D725-72CF-D8ECEF40163D}" = CCC Help Finnish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFCEE0F-17DA-93D0-65EE-C280DA539FFD}" = CCC Help Korean
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{78482808-3AE8-5650-52AD-2E73D0C6BB43}" = Catalyst Control Center Localization All
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A60C5BE1-9644-01E7-5E8A-5F0318D268C6}" = AMD VISION Engine Control Center
"{A9674831-B5FC-32DA-D7F7-067DB3FC36C8}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B24A294A-5BA2-E73D-2064-80BB7A940102}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BECC92A2-F74A-9003-214D-7F2B059B61D1}" = CCC Help Turkish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1953F1B-F323-B5BC-4513-BC82EFED21DD}" = CCC Help Dutch
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{DDB9AF26-1CA1-99F6-A3E5-3D76D6D45BE7}" = CCC Help Greek
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA217A-9661-02A8-E259-A2702CBD8C40}" = CCC Help German
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EBD2E918-2C91-A25B-DFA8-E9E96673061D}" = CCC Help Russian
"{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F950EC87-8370-F6BC-4996-1C2A0B486E5F}" = CCC Help Hungarian
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FormatFactory" = FormatFactory 3.0.1
"Free Audio Converter_is1" = Free Audio Converter version 5.0.21.1212
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"ST6UNST #1" = Meister-Trainer
"ST6UNST #2" = Meister-Trainer (C:\Program Files (x86)\Meister\)
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 205190" = Rocksmith
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"RIFT" = RIFT
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.06.2013 05:47:53 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description =
Error - 23.06.2013 05:47:53 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description =
Error - 23.06.2013 05:48:26 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description =
< End of report >
OTL: Code:
ATTFilter OTL logfile created on: 23.06.2013 13:43:10 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Basti\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,11% Memory free 7,99 Gb Paging File | 6,01 Gb Available in Paging File | 75,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 67,77 Gb Free Space | 45,47% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 346,34 Gb Free Space | 81,00% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.21 21:57:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe PRC - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.03 14:24:46 | 000,755,080 | ---- | M] (Samsung) -- C:\Programme\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe PRC - [2013.04.23 06:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.04.23 06:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013.04.06 12:29:45 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.08.08 21:52:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 07:00:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 07:00:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.09 07:00:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2013.06.12 21:10:17 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.05.15 22:19:11 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013.05.15 22:18:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013.05.15 22:18:42 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll MOD - [2013.05.15 22:18:33 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013.05.15 22:18:29 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013.04.06 12:29:55 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2013.04.06 12:29:55 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2013.04.06 12:29:55 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2013.04.06 12:29:55 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2013.04.06 12:29:55 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2013.04.06 12:29:55 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2013.04.06 12:29:55 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2013.04.06 12:29:55 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2013.04.06 12:29:55 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2013.04.06 12:29:54 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll MOD - [2013.04.06 12:29:54 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2013.04.06 12:29:54 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2013.02.16 16:16:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.01.10 14:52:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 14:51:59 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.09 22:19:58 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.09 22:19:53 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.09 22:19:44 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 03:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.12 21:10:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.03 16:34:46 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.09 20:12:12 | 000,605,768 | ---- | M] (Copyright 2013 SAMSUNG) [Auto | Running] -- C:\Programme\Samsung\Samsung Link\Samsung Link Service.exe -- (Samsung Link Service) SRV - [2013.05.03 14:25:36 | 000,405,896 | ---- | M] (Samsung) [Auto | Running] -- C:\Programme\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS) SRV - [2012.09.19 12:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.05.09 07:00:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 07:00:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.09 07:00:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.28 04:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 03:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.05.09 07:00:07 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 07:00:07 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.06.27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.08.09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2006.12.13 13:13:00 | 000,124,856 | ---- | M] (Eutron) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eusk3usb-amd64.sys -- (eusk3usb) DRV:64bit: - [2006.12.13 13:10:00 | 000,042,816 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eusk2par-amd64.sys -- (eusk2par) DRV - [2013.04.18 12:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2012.09.19 11:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 DC DD 16 5C A2 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{1ECEC699-83A8-41A3-8984-FE428572C7C1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\samsung.com/AllSharePlayPCPlugin: C:\Program Files\Samsung\AllShare Play\utils\npAllSharePlayPCPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.05.08 19:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions [2012.07.11 22:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions [2012.07.11 22:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f} [2013.05.18 22:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yrdsoke5.default\extensions [2013.06.22 22:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.27 22:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.05.27 22:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.27 22:47:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.06.22 12:05:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Samsung Link] C:\Programme\Samsung\Samsung Link\utils\Samsung Link Launcher.exe (Samsung Electronics) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EADM] D:\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Web-Suche - Reg Error: Value error. File not found O8 - Extra context menu item: Web-Suche - Reg Error: Value error. File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71A4FB85-D5F7-4553-BA6B-0F5DC230FCB9}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB2E411D-6F89-4A3A-A607-EB9CDD0FC578}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.23 13:41:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.22 22:25:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.22 22:25:06 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.22 22:23:52 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe [2013.06.22 22:06:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.22 11:53:20 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.22 11:48:43 | 000,000,000 | --SD | C] -- C:\Users\Basti\Documents\ComboFix [2013.06.22 11:43:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.22 11:43:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.22 11:43:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.22 11:43:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.22 11:42:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.22 11:39:24 | 005,082,201 | R--- | C] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe [2013.06.21 21:57:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2013.06.19 19:34:02 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\techland [2013.06.15 18:05:31 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.15 18:05:30 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.12 21:36:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.12 21:36:10 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.12 21:36:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.12 21:36:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.12 21:36:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.12 21:36:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.12 21:36:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.12 21:36:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.12 21:36:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.12 21:36:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.12 21:36:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.12 21:36:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.12 21:36:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 20:50:57 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 20:50:57 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 20:50:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 20:50:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 20:50:38 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 20:50:31 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 20:50:30 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 20:50:30 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 20:50:29 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 20:50:28 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 20:50:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 20:49:51 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 20:49:51 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.07 00:04:51 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\The Creative Assembly [2013.05.27 22:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.27 06:44:08 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meister-Trainer [2013.05.27 06:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Meister [2013.05.27 06:43:47 | 000,294,912 | ---- | C] (rpwSoft) -- C:\Windows\Setup1.exe [2013.05.27 06:43:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE ========== Files - Modified Within 30 Days ========== [2013.06.23 13:40:20 | 000,165,376 | ---- | M] () -- C:\Users\Basti\Desktop\SystemLook_x64.exe [2013.06.23 13:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.23 11:56:38 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.23 11:56:38 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.23 11:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.23 11:47:39 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys [2013.06.22 22:23:52 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe [2013.06.22 22:14:30 | 000,648,201 | ---- | M] () -- C:\Users\Basti\Desktop\adwcleaner.exe [2013.06.22 12:05:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.22 11:39:29 | 005,082,201 | R--- | M] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe [2013.06.21 22:44:19 | 000,000,000 | ---- | M] () -- C:\Users\Basti\defogger_reenable [2013.06.21 22:04:11 | 000,377,856 | ---- | M] () -- C:\Users\Basti\Desktop\gmer_2.1.19163.exe [2013.06.21 21:57:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2013.06.21 21:55:58 | 000,050,477 | ---- | M] () -- C:\Users\Basti\Desktop\Defogger.exe [2013.06.21 20:50:51 | 000,000,004 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\skype.ini [2013.06.21 20:46:53 | 017,371,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.21 20:46:53 | 000,735,468 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013.06.21 20:46:53 | 000,735,312 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2013.06.21 20:46:53 | 000,733,182 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013.06.21 20:46:53 | 000,730,006 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013.06.21 20:46:53 | 000,730,004 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013.06.21 20:46:53 | 000,719,004 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2013.06.21 20:46:53 | 000,714,536 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2013.06.21 20:46:53 | 000,703,792 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2013.06.21 20:46:53 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.21 20:46:53 | 000,673,490 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat [2013.06.21 20:46:53 | 000,658,508 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat [2013.06.21 20:46:53 | 000,653,752 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat [2013.06.21 20:46:53 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.21 20:46:53 | 000,646,766 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat [2013.06.21 20:46:53 | 000,596,688 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2013.06.21 20:46:53 | 000,499,310 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat [2013.06.21 20:46:53 | 000,484,586 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat [2013.06.21 20:46:53 | 000,471,450 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat [2013.06.21 20:46:53 | 000,469,230 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat [2013.06.21 20:46:53 | 000,419,388 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat [2013.06.21 20:46:53 | 000,407,794 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat [2013.06.21 20:46:53 | 000,392,220 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2013.06.21 20:46:53 | 000,382,796 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2013.06.21 20:46:53 | 000,375,118 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat [2013.06.21 20:46:53 | 000,170,082 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat [2013.06.21 20:46:53 | 000,157,422 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2013.06.21 20:46:53 | 000,154,698 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013.06.21 20:46:53 | 000,152,014 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013.06.21 20:46:53 | 000,151,986 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2013.06.21 20:46:53 | 000,149,578 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2013.06.21 20:46:53 | 000,148,390 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013.06.21 20:46:53 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.21 20:46:53 | 000,146,578 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2013.06.21 20:46:53 | 000,145,886 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013.06.21 20:46:53 | 000,141,572 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat [2013.06.21 20:46:53 | 000,140,194 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat [2013.06.21 20:46:53 | 000,138,976 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat [2013.06.21 20:46:53 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat [2013.06.21 20:46:53 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.21 20:46:53 | 000,119,580 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat [2013.06.21 20:46:53 | 000,119,152 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat [2013.06.21 20:46:53 | 000,114,238 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2013.06.21 20:46:53 | 000,110,090 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2013.06.21 20:46:53 | 000,100,230 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat [2013.06.21 20:46:53 | 000,097,570 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat [2013.06.21 20:46:53 | 000,094,380 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat [2013.06.21 20:46:53 | 000,093,888 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat [2013.06.21 20:46:53 | 000,083,998 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2013.06.12 21:10:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.12 21:10:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.27 06:45:00 | 000,294,912 | ---- | M] (rpwSoft) -- C:\Windows\Setup1.exe [2013.05.27 06:44:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE ========== Files Created - No Company Name ========== [2013.06.23 13:40:20 | 000,165,376 | ---- | C] () -- C:\Users\Basti\Desktop\SystemLook_x64.exe [2013.06.22 22:14:30 | 000,648,201 | ---- | C] () -- C:\Users\Basti\Desktop\adwcleaner.exe [2013.06.22 11:43:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.22 11:43:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.22 11:43:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.22 11:43:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.22 11:43:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.21 22:44:19 | 000,000,000 | ---- | C] () -- C:\Users\Basti\defogger_reenable [2013.06.21 22:04:11 | 000,377,856 | ---- | C] () -- C:\Users\Basti\Desktop\gmer_2.1.19163.exe [2013.06.21 21:55:58 | 000,050,477 | ---- | C] () -- C:\Users\Basti\Desktop\Defogger.exe [2013.06.20 18:42:26 | 000,000,004 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\skype.ini [2013.05.17 23:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI [2013.05.04 13:27:28 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.05.04 13:27:28 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.04.19 16:38:54 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll [2013.04.19 16:37:54 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll [2013.04.15 18:53:12 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll [2013.04.15 18:53:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll [2013.04.15 18:52:44 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll [2013.04.15 18:52:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll [2013.04.15 18:52:40 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll [2013.04.15 18:52:24 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.07.09 23:20:37 | 000,000,839 | ---- | C] () -- C:\Windows\wininit.ini [2012.04.19 21:49:45 | 017,032,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.12 20:48:12 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\LCNIMP6.DLL [2012.02.12 20:43:20 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys [2012.02.12 20:43:12 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\c1sizerppg.dll [2012.02.02 19:44:09 | 000,032,529 | ---- | C] () -- C:\Users\Basti\rift_gamecard_30_days_89235554_Q4SKHBGD.jpg [2011.11.14 19:17:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
23.06.2013, 13:51
| #8 |
| | erneuter GVU Angriff! Systemlook: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 14:33 on 23/06/2013 by Basti
Administrator - Elevation successful
========== filefind ==========
Searching for "*babylon*"
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed\babylon.css --a---- 1668 bytes [20:58 18/11/2011] [20:58 18/11/2011] 0A601A75B0BFA02C4090D4B9F859BD24
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed\babylon.html --a---- 622 bytes [20:58 18/11/2011] [20:58 18/11/2011] A7E16D933D279B4DC8E3733FD0AFD0A5
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed\babylon.zip --a---- 55774 bytes [20:58 18/11/2011] [20:58 18/11/2011] BC002070760FB7FD224A3320D6954062
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed\babylon1.js --a---- 9945 bytes [20:58 18/11/2011] [20:58 18/11/2011] 13DE816629F3C10C206AE08BC55BAAB9
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed\Content_Babylon_skinID.JPG --a---- 11918 bytes [20:58 18/11/2011] [20:58 18/11/2011] EFDFE6FAAEBB2C43E95B5BEB54036D50
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\resources\de-de\babylon_feed.dtd --a---- 1418 bytes [20:58 18/11/2011] [20:58 18/11/2011] D98A9606F50A8A95DE6744761F1FB3E0
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip --a---- 551 bytes [21:20 09/07/2012] [21:20 09/07/2012] 97BAF567CCC7F61B07ABF28ECBA20DB3
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip --a---- 617 bytes [21:20 09/07/2012] [21:20 09/07/2012] F18D44F6225D9B7A0B08A4762B1EF4E6
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip --a---- 611 bytes [21:20 09/07/2012] [21:20 09/07/2012] 4413BFA945E71C500A43146E20C9B6DF
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar100.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9210D5B10EB3E9E2387ACF946682DAC8
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar101.zip --a---- 618 bytes [21:20 09/07/2012] [21:20 09/07/2012] 763BA779C35E09D74E5B66FB2508FDBA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar102.zip --a---- 576 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6A15F0D0549B35D6F652FE8657600C2F
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar103.zip --a---- 505 bytes [21:20 09/07/2012] [21:20 09/07/2012] B0B37E92EBA840AFED207C438FA423AD
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar104.zip --a---- 316 bytes [17:38 20/06/2013] [17:38 20/06/2013] 7652C9AE0A4A88F7405C17AD06F3CD2C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar105.zip --a---- 2428 bytes [17:38 20/06/2013] [17:38 20/06/2013] 7B92CEAEC921A261CD026BCDC5381C1C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar106.zip --a---- 500 bytes [17:38 20/06/2013] [17:38 20/06/2013] FFB548166470D58C8D96CB3460076AD9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar107.zip --a---- 575 bytes [17:38 20/06/2013] [17:38 20/06/2013] A02DED685AC418BA85CFA90FAD97A577
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip --a---- 608 bytes [21:20 09/07/2012] [21:20 09/07/2012] F92BAA05674B34C615506FEAA89C31BA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip --a---- 564 bytes [21:20 09/07/2012] [21:20 09/07/2012] D78104CDF17FFCEFD16B2DFC2779133C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip --a---- 618 bytes [21:20 09/07/2012] [21:20 09/07/2012] 730AA341E87E620E06EEC2D828BBC9C9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip --a---- 565 bytes [21:20 09/07/2012] [21:20 09/07/2012] FBE3DE98A672E6A52FA256E23E9DB119
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip --a---- 620 bytes [21:20 09/07/2012] [21:20 09/07/2012] 4EA6DFBC5D6AF85D44EBB2706C81AE28
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] 0D7E0203A8F0BAF27FF488291B1222D7
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip --a---- 621 bytes [21:20 09/07/2012] [21:20 09/07/2012] 7F814E9DDB1D74E042A4312058B2043B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip --a---- 568 bytes [21:20 09/07/2012] [21:20 09/07/2012] EE432E895F3DB5EF62D290A5C45DC0C8
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip --a---- 618 bytes [21:20 09/07/2012] [21:20 09/07/2012] 05C6F0368492439D021036E35B5816B6
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip --a---- 741 bytes [21:20 09/07/2012] [21:20 09/07/2012] E6317D4F4183FB44C859790A4D66D6C4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip --a---- 565 bytes [21:20 09/07/2012] [21:20 09/07/2012] 13FBB150456F09BB52EDB4E21A2D2768
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip --a---- 622 bytes [21:20 09/07/2012] [21:20 09/07/2012] F7C37FA160D4BBFA1012A9FB313DBF63
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip --a---- 568 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2D862300610F40091160CC9BCEF99573
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip --a---- 617 bytes [21:20 09/07/2012] [21:20 09/07/2012] AE8968D84DF6843334D730E318037A8B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip --a---- 568 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2F2DD5B1102432999B0E568795054DF5
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip --a---- 622 bytes [21:20 09/07/2012] [21:20 09/07/2012] 634F4FF0E14B64F0D953AE82E9049B2C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip --a---- 565 bytes [21:20 09/07/2012] [21:20 09/07/2012] B9177600C5ADF51264C165C82A66907E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip --a---- 620 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2FB1BF609E0C673220A90B1AE212A44E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar28.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9D8065EB8A63AA97E4EAFBE56233239C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar29.zip --a---- 621 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9156972869ACDC746C003F5BA6B8D09E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip --a---- 1082456 bytes [21:20 09/07/2012] [21:20 09/07/2012] A50FB3E675F7AE754C3A70C40389E2B4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar30.zip --a---- 567 bytes [21:20 09/07/2012] [21:20 09/07/2012] 35A088DF72037DD992A377DFD28D7FC9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar31.zip --a---- 620 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2049EB454B70DFD5A5F8036006E8856A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar32.zip --a---- 567 bytes [21:20 09/07/2012] [21:20 09/07/2012] B46373F8B8AD3F3679EA63FA50D45FEB
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar33.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] 4D2C9A15DB8473FB1F13E3CF0F150BB4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar34.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6E9372755461D808BA1AD9EE8FAEC224
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar35.zip --a---- 622 bytes [21:20 09/07/2012] [21:20 09/07/2012] C7045B33AEA6A4697BBEB8B27A1D0B76
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar36.zip --a---- 565 bytes [21:20 09/07/2012] [21:20 09/07/2012] 860B7B647DD7B2B8B02B4357AA7F486B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar37.zip --a---- 618 bytes [21:20 09/07/2012] [21:20 09/07/2012] 967F8BD6220C6B13CFE54A54FCE8C2E0
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar38.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] CE24BFA6E2CBFE3DC05163EE5011188C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar39.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] 48A856E1E0C209FB619AB6DA4AFE1FE3
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip --a---- 767 bytes [21:20 09/07/2012] [21:20 09/07/2012] 03C9D15171D5B527D430B85E219484DA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar40.zip --a---- 549 bytes [21:20 09/07/2012] [21:20 09/07/2012] C2E1D6C2611FCF754084E2C893FF8855
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar41.zip --a---- 615 bytes [21:20 09/07/2012] [21:20 09/07/2012] 8512121E61A53721EEBFF10D4C7E3E0A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar42.zip --a---- 549 bytes [21:20 09/07/2012] [21:20 09/07/2012] 901CA3AFF91123ED44FB1260D74663EE
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar43.zip --a---- 617 bytes [21:20 09/07/2012] [21:20 09/07/2012] 1C53E687A28217BC042EED85541ECD2B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar44.zip --a---- 551 bytes [21:20 09/07/2012] [21:20 09/07/2012] CB5DDE048AB7B0924E33FB3727B84578
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar45.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] 0BD3DDA8810D9BD8BC4A3201E78FD012
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar46.zip --a---- 659 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9CD2DDEC5BFEA797F8F9F9C24A6198EA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar47.zip --a---- 705 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9A4232CF37314012C5C10CB0E38473F0
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar48.zip --a---- 627 bytes [21:20 09/07/2012] [21:20 09/07/2012] 821CC330CAEFCD605BD03262F8984273
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar49.zip --a---- 540 bytes [21:20 09/07/2012] [21:20 09/07/2012] D57CA7D9AD8B699F2DD6FB01EF8FB9AE
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip --a---- 765 bytes [21:20 09/07/2012] [21:20 09/07/2012] 518468592BB857F5E99CBB8027AA9BA4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar50.zip --a---- 543 bytes [21:20 09/07/2012] [21:20 09/07/2012] FFB93E6FA76AE29149C063B3A94F39CB
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar51.zip --a---- 578 bytes [21:20 09/07/2012] [21:20 09/07/2012] 7AF233DA81ED40B7F11A84DEB481719A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar52.zip --a---- 596 bytes [21:20 09/07/2012] [21:20 09/07/2012] DD67586C7F394BA281063DF850F61F57
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar53.zip --a---- 592 bytes [21:20 09/07/2012] [21:20 09/07/2012] 928F1E728EF4D7CC91B9DE2FB8A10D95
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar54.zip --a---- 541 bytes [21:20 09/07/2012] [21:20 09/07/2012] C4EC51C760271CE274C62925B819884E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar55.zip --a---- 577 bytes [21:20 09/07/2012] [21:20 09/07/2012] 559820C573C2CD2B717A44350C72398B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar56.zip --a---- 592 bytes [21:20 09/07/2012] [21:20 09/07/2012] 7421AD5CFBAA2822610DFB5C5DFCE3C5
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar57.zip --a---- 546 bytes [21:20 09/07/2012] [21:20 09/07/2012] B21A3D496FC3C9A90EC8D4DE5CA6FA13
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar58.zip --a---- 551 bytes [21:20 09/07/2012] [21:20 09/07/2012] D76007E806A5A8C5715E46856ADE2A87
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar59.zip --a---- 637 bytes [21:20 09/07/2012] [21:20 09/07/2012] AAA2CFEE7B2795122986CE7F0E24D511
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip --a---- 618 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6D014BBD2A9A4F75CDDC7861BE7C3821
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar60.zip --a---- 598 bytes [21:20 09/07/2012] [21:20 09/07/2012] B4490B94222811DD5F468138934DB057
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar61.zip --a---- 593 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2630769868B189B17B9230EE79654393
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar62.zip --a---- 315 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9EC2C116258F922AADC52DC9B189C8C4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar63.zip --a---- 2090 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6402D45B58287294819BBEE222B9D0D1
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar64.zip --a---- 3896213 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2E73C9C6B0AF5878350819647B4B8A6D
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar65.zip --a---- 496 bytes [21:20 09/07/2012] [21:20 09/07/2012] E5C057BEF8D3BCD3B4533A7D755FFB40
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar66.zip --a---- 693 bytes [21:20 09/07/2012] [21:20 09/07/2012] D8BC20A1695A2EDA1098D429019DE174
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar67.zip --a---- 542 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9ED86B736D143314967FCA2989C7AEB6
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar68.zip --a---- 545 bytes [21:20 09/07/2012] [21:20 09/07/2012] F89FDAE0639297485379A0417063B00D
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar69.zip --a---- 577 bytes [21:20 09/07/2012] [21:20 09/07/2012] E518A0FDACFABF6B8908646560508C87
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip --a---- 615 bytes [21:20 09/07/2012] [21:20 09/07/2012] 14DDB9BCF745E2763022903F054539F2
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip --a---- 596 bytes [21:20 09/07/2012] [21:20 09/07/2012] 45E9942306D46C549645D21B2D410CF9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar71.zip --a---- 592 bytes [21:20 09/07/2012] [21:20 09/07/2012] CAAF183764794DBFCAD3D3B58B2F32A7
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar72.zip --a---- 564 bytes [21:20 09/07/2012] [21:20 09/07/2012] 5CAE34E8DC2CC64C8C3F9CB726EC0DE1
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar73.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] 397A2A4EC23231EB525D9CEB06596618
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar74.zip --a---- 540 bytes [21:20 09/07/2012] [21:20 09/07/2012] 12306E2DFB73FD20C9537ED8FFF93389
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar75.zip --a---- 543 bytes [21:20 09/07/2012] [21:20 09/07/2012] 125497550E368486A302C548983C4602
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar76.zip --a---- 576 bytes [21:20 09/07/2012] [21:20 09/07/2012] AAC97B0EC2F2AD577DE57066CB6B5598
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar77.zip --a---- 593 bytes [21:20 09/07/2012] [21:20 09/07/2012] FEC194EBA9AE3FAA7BEFC13BD296D568
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar78.zip --a---- 590 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6FF42E045F8D25276AF3D5A846A24310
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar79.zip --a---- 551 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9910314F5332C8BD709DDE2704D2E808
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip --a---- 607 bytes [21:20 09/07/2012] [21:20 09/07/2012] 004FB65F049C95BE677742F66BA62D6B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar80.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] A7D88163A19E9881A3E422E8CFF1E631
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar81.zip --a---- 547 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6197F59C2827DD92794E8BE499EFD72B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar82.zip --a---- 551 bytes [21:20 09/07/2012] [21:20 09/07/2012] F657289FA96EB6774A7B06387DFFD597
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar83.zip --a---- 578 bytes [21:20 09/07/2012] [21:20 09/07/2012] CA8CD3EA2C15D26C85007F5352732CD7
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar84.zip --a---- 598 bytes [21:20 09/07/2012] [21:20 09/07/2012] 47C7E323A8716371424498C71084A582
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar85.zip --a---- 594 bytes [21:20 09/07/2012] [21:20 09/07/2012] BFD4F66B6253F0925AD5FA096AF03EE0
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar86.zip --a---- 549 bytes [21:20 09/07/2012] [21:20 09/07/2012] FB431D9C575F7F1835CC448FA6D754FC
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar87.zip --a---- 615 bytes [21:20 09/07/2012] [21:20 09/07/2012] B7EBD53FDF5F5F3D25ADA4D6B3BC23EA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar88.zip --a---- 563 bytes [21:20 09/07/2012] [21:20 09/07/2012] A667DBA1512B1971D9021EE268206AA1
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar89.zip --a---- 621 bytes [21:20 09/07/2012] [21:20 09/07/2012] 0792F7F592330D26FC1C1ECE8D9D6762
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip --a---- 610 bytes [21:20 09/07/2012] [21:20 09/07/2012] A7A20419045D3F1BFD544E976C2CA393
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar90.zip --a---- 550 bytes [21:20 09/07/2012] [21:20 09/07/2012] 08C208B20BDCC98A1377F309742AD5D5
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar91.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] 618095F66BE82CE2B8AAAEFE78D08CF2
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar92.zip --a---- 560 bytes [21:20 09/07/2012] [21:20 09/07/2012] AEB9F4A0D5F3B7256AEBC73782CC2D69
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar93.zip --a---- 616 bytes [21:20 09/07/2012] [21:20 09/07/2012] CF2B638F38EE89C949B72BE829B41728
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar94.zip --a---- 550 bytes [21:20 09/07/2012] [21:20 09/07/2012] C1C3A8AE419E39E155CA2AD7EB09D564
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar95.zip --a---- 617 bytes [21:20 09/07/2012] [21:20 09/07/2012] 0DBE196EF819C15A75E59816C4328D1B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar96.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2A540DDB56AF7F9D4CDFF407961B236E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar97.zip --a---- 620 bytes [21:20 09/07/2012] [21:20 09/07/2012] 63FD36584F4DB4F27FC16DDDDA86C58E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar98.zip --a---- 564 bytes [21:20 09/07/2012] [21:20 09/07/2012] 760F00F1AEB8C54C212C3E9354E11F58
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar99.zip --a---- 617 bytes [21:20 09/07/2012] [21:20 09/07/2012] 49E6CE20D8AE007462CECC174C2AF1A9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip --a---- 551 bytes [21:20 09/07/2012] [21:20 09/07/2012] 97BAF567CCC7F61B07ABF28ECBA20DB3
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip --a---- 617 bytes [21:20 09/07/2012] [21:20 09/07/2012] F18D44F6225D9B7A0B08A4762B1EF4E6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip --a---- 611 bytes [21:20 09/07/2012] [21:20 09/07/2012] 4413BFA945E71C500A43146E20C9B6DF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar100.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9210D5B10EB3E9E2387ACF946682DAC8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar101.zip --a---- 618 bytes [21:20 09/07/2012] [21:20 09/07/2012] 763BA779C35E09D74E5B66FB2508FDBA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar102.zip --a---- 576 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6A15F0D0549B35D6F652FE8657600C2F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar103.zip --a---- 505 bytes [21:20 09/07/2012] [21:20 09/07/2012] B0B37E92EBA840AFED207C438FA423AD
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar104.zip --a---- 316 bytes [17:38 20/06/2013] [17:38 20/06/2013] 7652C9AE0A4A88F7405C17AD06F3CD2C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar105.zip --a---- 2428 bytes [17:38 20/06/2013] [17:38 20/06/2013] 7B92CEAEC921A261CD026BCDC5381C1C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar106.zip --a---- 500 bytes [17:38 20/06/2013] [17:38 20/06/2013] FFB548166470D58C8D96CB3460076AD9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar107.zip --a---- 575 bytes [17:38 20/06/2013] [17:38 20/06/2013] A02DED685AC418BA85CFA90FAD97A577
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip --a---- 608 bytes [21:20 09/07/2012] [21:20 09/07/2012] F92BAA05674B34C615506FEAA89C31BA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip --a---- 564 bytes [21:20 09/07/2012] [21:20 09/07/2012] D78104CDF17FFCEFD16B2DFC2779133C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip --a---- 618 bytes [21:20 09/07/2012] [21:20 09/07/2012] 730AA341E87E620E06EEC2D828BBC9C9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip --a---- 565 bytes [21:20 09/07/2012] [21:20 09/07/2012] FBE3DE98A672E6A52FA256E23E9DB119
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip --a---- 620 bytes [21:20 09/07/2012] [21:20 09/07/2012] 4EA6DFBC5D6AF85D44EBB2706C81AE28
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] 0D7E0203A8F0BAF27FF488291B1222D7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip --a---- 621 bytes [21:20 09/07/2012] [21:20 09/07/2012] 7F814E9DDB1D74E042A4312058B2043B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip --a---- 568 bytes [21:20 09/07/2012] [21:20 09/07/2012] EE432E895F3DB5EF62D290A5C45DC0C8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip --a---- 618 bytes [21:20 09/07/2012] [21:20 09/07/2012] 05C6F0368492439D021036E35B5816B6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip --a---- 741 bytes [21:20 09/07/2012] [21:20 09/07/2012] E6317D4F4183FB44C859790A4D66D6C4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip --a---- 565 bytes [21:20 09/07/2012] [21:20 09/07/2012] 13FBB150456F09BB52EDB4E21A2D2768
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip --a---- 622 bytes [21:20 09/07/2012] [21:20 09/07/2012] F7C37FA160D4BBFA1012A9FB313DBF63
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip --a---- 568 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2D862300610F40091160CC9BCEF99573
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip --a---- 617 bytes [21:20 09/07/2012] [21:20 09/07/2012] AE8968D84DF6843334D730E318037A8B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip --a---- 568 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2F2DD5B1102432999B0E568795054DF5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip --a---- 622 bytes [21:20 09/07/2012] [21:20 09/07/2012] 634F4FF0E14B64F0D953AE82E9049B2C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip --a---- 565 bytes [21:20 09/07/2012] [21:20 09/07/2012] B9177600C5ADF51264C165C82A66907E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip --a---- 620 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2FB1BF609E0C673220A90B1AE212A44E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar28.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9D8065EB8A63AA97E4EAFBE56233239C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar29.zip --a---- 621 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9156972869ACDC746C003F5BA6B8D09E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip --a---- 1082456 bytes [21:20 09/07/2012] [21:20 09/07/2012] A50FB3E675F7AE754C3A70C40389E2B4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar30.zip --a---- 567 bytes [21:20 09/07/2012] [21:20 09/07/2012] 35A088DF72037DD992A377DFD28D7FC9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar31.zip --a---- 620 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2049EB454B70DFD5A5F8036006E8856A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar32.zip --a---- 567 bytes [21:20 09/07/2012] [21:20 09/07/2012] B46373F8B8AD3F3679EA63FA50D45FEB
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar33.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] 4D2C9A15DB8473FB1F13E3CF0F150BB4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar34.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6E9372755461D808BA1AD9EE8FAEC224
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar35.zip --a---- 622 bytes [21:20 09/07/2012] [21:20 09/07/2012] C7045B33AEA6A4697BBEB8B27A1D0B76
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar36.zip --a---- 565 bytes [21:20 09/07/2012] [21:20 09/07/2012] 860B7B647DD7B2B8B02B4357AA7F486B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar37.zip --a---- 618 bytes [21:20 09/07/2012] [21:20 09/07/2012] 967F8BD6220C6B13CFE54A54FCE8C2E0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar38.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] CE24BFA6E2CBFE3DC05163EE5011188C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar39.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] 48A856E1E0C209FB619AB6DA4AFE1FE3
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip --a---- 767 bytes [21:20 09/07/2012] [21:20 09/07/2012] 03C9D15171D5B527D430B85E219484DA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar40.zip --a---- 549 bytes [21:20 09/07/2012] [21:20 09/07/2012] C2E1D6C2611FCF754084E2C893FF8855
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar41.zip --a---- 615 bytes [21:20 09/07/2012] [21:20 09/07/2012] 8512121E61A53721EEBFF10D4C7E3E0A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar42.zip --a---- 549 bytes [21:20 09/07/2012] [21:20 09/07/2012] 901CA3AFF91123ED44FB1260D74663EE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar43.zip --a---- 617 bytes [21:20 09/07/2012] [21:20 09/07/2012] 1C53E687A28217BC042EED85541ECD2B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar44.zip --a---- 551 bytes [21:20 09/07/2012] [21:20 09/07/2012] CB5DDE048AB7B0924E33FB3727B84578
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar45.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] 0BD3DDA8810D9BD8BC4A3201E78FD012
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar46.zip --a---- 659 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9CD2DDEC5BFEA797F8F9F9C24A6198EA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar47.zip --a---- 705 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9A4232CF37314012C5C10CB0E38473F0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar48.zip --a---- 627 bytes [21:20 09/07/2012] [21:20 09/07/2012] 821CC330CAEFCD605BD03262F8984273
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar49.zip --a---- 540 bytes [21:20 09/07/2012] [21:20 09/07/2012] D57CA7D9AD8B699F2DD6FB01EF8FB9AE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip --a---- 765 bytes [21:20 09/07/2012] [21:20 09/07/2012] 518468592BB857F5E99CBB8027AA9BA4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar50.zip --a---- 543 bytes [21:20 09/07/2012] [21:20 09/07/2012] FFB93E6FA76AE29149C063B3A94F39CB
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar51.zip --a---- 578 bytes [21:20 09/07/2012] [21:20 09/07/2012] 7AF233DA81ED40B7F11A84DEB481719A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar52.zip --a---- 596 bytes [21:20 09/07/2012] [21:20 09/07/2012] DD67586C7F394BA281063DF850F61F57
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar53.zip --a---- 592 bytes [21:20 09/07/2012] [21:20 09/07/2012] 928F1E728EF4D7CC91B9DE2FB8A10D95
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar54.zip --a---- 541 bytes [21:20 09/07/2012] [21:20 09/07/2012] C4EC51C760271CE274C62925B819884E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar55.zip --a---- 577 bytes [21:20 09/07/2012] [21:20 09/07/2012] 559820C573C2CD2B717A44350C72398B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar56.zip --a---- 592 bytes [21:20 09/07/2012] [21:20 09/07/2012] 7421AD5CFBAA2822610DFB5C5DFCE3C5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar57.zip --a---- 546 bytes [21:20 09/07/2012] [21:20 09/07/2012] B21A3D496FC3C9A90EC8D4DE5CA6FA13
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar58.zip --a---- 551 bytes [21:20 09/07/2012] [21:20 09/07/2012] D76007E806A5A8C5715E46856ADE2A87
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar59.zip --a---- 637 bytes [21:20 09/07/2012] [21:20 09/07/2012] AAA2CFEE7B2795122986CE7F0E24D511
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip --a---- 618 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6D014BBD2A9A4F75CDDC7861BE7C3821
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar60.zip --a---- 598 bytes [21:20 09/07/2012] [21:20 09/07/2012] B4490B94222811DD5F468138934DB057
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar61.zip --a---- 593 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2630769868B189B17B9230EE79654393
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar62.zip --a---- 315 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9EC2C116258F922AADC52DC9B189C8C4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar63.zip --a---- 2090 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6402D45B58287294819BBEE222B9D0D1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar64.zip --a---- 3896213 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2E73C9C6B0AF5878350819647B4B8A6D
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar65.zip --a---- 496 bytes [21:20 09/07/2012] [21:20 09/07/2012] E5C057BEF8D3BCD3B4533A7D755FFB40
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar66.zip --a---- 693 bytes [21:20 09/07/2012] [21:20 09/07/2012] D8BC20A1695A2EDA1098D429019DE174
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar67.zip --a---- 542 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9ED86B736D143314967FCA2989C7AEB6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar68.zip --a---- 545 bytes [21:20 09/07/2012] [21:20 09/07/2012] F89FDAE0639297485379A0417063B00D
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar69.zip --a---- 577 bytes [21:20 09/07/2012] [21:20 09/07/2012] E518A0FDACFABF6B8908646560508C87
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip --a---- 615 bytes [21:20 09/07/2012] [21:20 09/07/2012] 14DDB9BCF745E2763022903F054539F2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip --a---- 596 bytes [21:20 09/07/2012] [21:20 09/07/2012] 45E9942306D46C549645D21B2D410CF9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar71.zip --a---- 592 bytes [21:20 09/07/2012] [21:20 09/07/2012] CAAF183764794DBFCAD3D3B58B2F32A7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar72.zip --a---- 564 bytes [21:20 09/07/2012] [21:20 09/07/2012] 5CAE34E8DC2CC64C8C3F9CB726EC0DE1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar73.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] 397A2A4EC23231EB525D9CEB06596618
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar74.zip --a---- 540 bytes [21:20 09/07/2012] [21:20 09/07/2012] 12306E2DFB73FD20C9537ED8FFF93389
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar75.zip --a---- 543 bytes [21:20 09/07/2012] [21:20 09/07/2012] 125497550E368486A302C548983C4602
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar76.zip --a---- 576 bytes [21:20 09/07/2012] [21:20 09/07/2012] AAC97B0EC2F2AD577DE57066CB6B5598
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar77.zip --a---- 593 bytes [21:20 09/07/2012] [21:20 09/07/2012] FEC194EBA9AE3FAA7BEFC13BD296D568
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar78.zip --a---- 590 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6FF42E045F8D25276AF3D5A846A24310
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar79.zip --a---- 551 bytes [21:20 09/07/2012] [21:20 09/07/2012] 9910314F5332C8BD709DDE2704D2E808
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip --a---- 607 bytes [21:20 09/07/2012] [21:20 09/07/2012] 004FB65F049C95BE677742F66BA62D6B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar80.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] A7D88163A19E9881A3E422E8CFF1E631
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar81.zip --a---- 547 bytes [21:20 09/07/2012] [21:20 09/07/2012] 6197F59C2827DD92794E8BE499EFD72B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar82.zip --a---- 551 bytes [21:20 09/07/2012] [21:20 09/07/2012] F657289FA96EB6774A7B06387DFFD597
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar83.zip --a---- 578 bytes [21:20 09/07/2012] [21:20 09/07/2012] CA8CD3EA2C15D26C85007F5352732CD7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar84.zip --a---- 598 bytes [21:20 09/07/2012] [21:20 09/07/2012] 47C7E323A8716371424498C71084A582
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar85.zip --a---- 594 bytes [21:20 09/07/2012] [21:20 09/07/2012] BFD4F66B6253F0925AD5FA096AF03EE0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar86.zip --a---- 549 bytes [21:20 09/07/2012] [21:20 09/07/2012] FB431D9C575F7F1835CC448FA6D754FC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar87.zip --a---- 615 bytes [21:20 09/07/2012] [21:20 09/07/2012] B7EBD53FDF5F5F3D25ADA4D6B3BC23EA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar88.zip --a---- 563 bytes [21:20 09/07/2012] [21:20 09/07/2012] A667DBA1512B1971D9021EE268206AA1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar89.zip --a---- 621 bytes [21:20 09/07/2012] [21:20 09/07/2012] 0792F7F592330D26FC1C1ECE8D9D6762
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip --a---- 610 bytes [21:20 09/07/2012] [21:20 09/07/2012] A7A20419045D3F1BFD544E976C2CA393
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar90.zip --a---- 550 bytes [21:20 09/07/2012] [21:20 09/07/2012] 08C208B20BDCC98A1377F309742AD5D5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar91.zip --a---- 619 bytes [21:20 09/07/2012] [21:20 09/07/2012] 618095F66BE82CE2B8AAAEFE78D08CF2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar92.zip --a---- 560 bytes [21:20 09/07/2012] [21:20 09/07/2012] AEB9F4A0D5F3B7256AEBC73782CC2D69
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar93.zip --a---- 616 bytes [21:20 09/07/2012] [21:20 09/07/2012] CF2B638F38EE89C949B72BE829B41728
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar94.zip --a---- 550 bytes [21:20 09/07/2012] [21:20 09/07/2012] C1C3A8AE419E39E155CA2AD7EB09D564
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar95.zip --a---- 617 bytes [21:20 09/07/2012] [21:20 09/07/2012] 0DBE196EF819C15A75E59816C4328D1B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar96.zip --a---- 566 bytes [21:20 09/07/2012] [21:20 09/07/2012] 2A540DDB56AF7F9D4CDFF407961B236E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar97.zip --a---- 620 bytes [21:20 09/07/2012] [21:20 09/07/2012] 63FD36584F4DB4F27FC16DDDDA86C58E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar98.zip --a---- 564 bytes [21:20 09/07/2012] [21:20 09/07/2012] 760F00F1AEB8C54C212C3E9354E11F58
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar99.zip --a---- 617 bytes [21:20 09/07/2012] [21:20 09/07/2012] 49E6CE20D8AE007462CECC174C2AF1A9
Searching for "*DVDVideoSoftTB*"
C:\Windows\Prefetch\DVDVIDEOSOFTTB_DETOOLBARHELPE-FFD752EE.pf --a---- 58746 bytes [11:48 19/05/2013] [16:34 20/06/2013] 5C9B693EE660526CDC409B006F8C833F
Searching for "*Optimizer Pro*"
No files found.
Searching for "*DomaIQ*"
No files found.
Searching for "*Conduit*"
C:\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\components\ConduitAutoCompleteSearch.js --a---- 8641 bytes [17:42 14/11/2011] [17:42 14/11/2011] 467C3FEB6421FFDE5CD545B21DCD4696
C:\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [17:42 14/11/2011] [17:42 14/11/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\searchplugin\conduit.xml --a---- 931 bytes [17:42 14/11/2011] [17:42 14/11/2011] 4327F0E7327C7855E4F0160BC77B9A75
Searching for "*facemoods*"
No files found.
Searching for "*PriceGong*"
C:\Users\Basti\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.pricegong.com%2Ffavicon.png --a---- 650 bytes [21:05 30/11/2012] [21:05 30/11/2012] 0ECFDCC49F935ACC585212CD8366A88D
Searching for "*eType*"
C:\Program Files\ATI\CIM\Config\PackageType.Dat --a---- 543 bytes [15:08 11/06/2007] [15:08 11/06/2007] D4300930295DB990807468E92F09FBA1
C:\Program Files (x86)\TuneUp Utilities 2013\data\ico_alpha_filetype_16x16.ico ------- 2550 bytes [19:29 30/11/2012] [13:00 25/09/2009] A19CAFAA0DA801AF200E45DAD6CBE6A9
C:\Program Files (x86)\TuneUp Utilities 2013\data\ico_alpha_filetype_16x16.png ------- 614 bytes [19:29 30/11/2012] [13:00 25/09/2009] FF858188473331C0F648ADFAD7FED268
C:\Program Files (x86)\TuneUp Utilities 2013\data\ico_alpha_FileType_32x32.png ------- 1008 bytes [19:29 30/11/2012] [13:00 25/09/2009] 1C39D56A1272E939B44613DA1112CFF3
C:\Program Files (x86)\TuneUp Utilities 2013\data\Integrator\images\panel5\style_filetypes.png ------- 614 bytes [19:29 30/11/2012] [13:00 25/09/2009] FF858188473331C0F648ADFAD7FED268
C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll --a---- 703488 bytes [00:13 13/12/2012] [00:13 13/12/2012] 54AB235486EF0272CCF495654FB45ED6
C:\Users\Basti\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fshop.gitarreundmehr.de%2FWebRoot%2FStoreTypes%2F6.14.3%2FStoreHosteurope%2Ffavicon.png --a---- 94 bytes [21:36 21/01/2013] [21:36 21/01/2013] 50B79913396099BAC454943B81E911FE
C:\Users\Basti\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.kostueme-guenstiger.de%2FWebRoot%2FStoreTypes%2F6.14.1%2FStrato%2Ffavicon.png --a---- 240 bytes [18:36 22/01/2013] [18:36 22/01/2013] 9848EAC453423932A0BE7B7AD20CF7B6
C:\Users\Basti\AppData\LocalLow\The Pok__mon Company International\Pokemon Trading Card Game Online\archetypes.bin --a---- 1007588 bytes [20:58 07/03/2013] [20:58 07/03/2013] 6F033D61FFEB444237FD346BB0CC2A41
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yrdsoke5.default\mimeTypes.rdf --a---- 3772 bytes [15:17 18/05/2013] [15:17 18/05/2013] 4D8F0DE2E95E00ADDFB85962BB629484
C:\Windows\SoftwareDistribution\Download\921c01d5083b492ede909147310ee3f5\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.17130_none_46cc128a0951a80d.manifest --a---- 6932 bytes [19:24 22/05/2013] [23:28 25/09/2012] 95C0E86DEAE4CBE26CC3032AEC36C249
C:\Windows\SoftwareDistribution\Download\921c01d5083b492ede909147310ee3f5\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.21329_none_476983c1225f0d1c.manifest --a---- 6932 bytes [19:24 22/05/2013] [23:19 25/09/2012] 432B4E12E7D7F6D80441F8961DC1E480
C:\Windows\SoftwareDistribution\Download\921c01d5083b492ede909147310ee3f5\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.17959_none_48a5fc16067ff9cf.manifest --a---- 6932 bytes [19:24 22/05/2013] [00:15 26/09/2012] 030A8501FC019497600F6282F67ABCDD
C:\Windows\SoftwareDistribution\Download\921c01d5083b492ede909147310ee3f5\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.22118_none_4959b0691f7e43c0.manifest --a---- 6932 bytes [19:24 22/05/2013] [01:05 26/09/2012] CA6B0492D0D8AB67A2CDB7032287C286
C:\Windows\System32\PortableDeviceTypes.dll --a---- 219648 bytes [00:21 14/07/2009] [01:41 14/07/2009] 4F3CD1C59EA71401E155C432BCECE180
C:\Windows\System32\wbem\portabledevicetypes.mof --a---- 3490 bytes [21:07 10/06/2009] [21:07 10/06/2009] 0481A7A50DB231DA04919B256D6EB39A
C:\Windows\SysWOW64\PortableDeviceTypes.dll --a---- 159744 bytes [00:06 14/07/2009] [01:16 14/07/2009] ADB45A977BD9E45790CA496DB84BA148
C:\Windows\SysWOW64\wbem\portabledevicetypes.mof --a---- 3490 bytes [21:46 10/06/2009] [21:46 10/06/2009] 0481A7A50DB231DA04919B256D6EB39A
C:\Windows\winsxs\amd64_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.1.7601.17514_none_a926cbb502a97a6e\PortableDeviceTypes.dll --a---- 219648 bytes [00:21 14/07/2009] [01:41 14/07/2009] 4F3CD1C59EA71401E155C432BCECE180
C:\Windows\winsxs\amd64_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.1.7601.17514_none_a926cbb502a97a6e\portabledevicetypes.mof --a---- 3490 bytes [21:07 10/06/2009] [21:07 10/06/2009] 0481A7A50DB231DA04919B256D6EB39A
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5.manifest --a---- 5417 bytes [03:32 21/11/2010] [03:27 21/11/2010] 0456BC804996A854112EDC9C40B6DE7E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5_aparaj.ttf_789944a5 --a---- 222356 bytes [03:32 21/11/2010] [03:27 21/11/2010] 0A5B5C55B73F577FF4AC8C9C31B4C183
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5_aparajb.ttf_caad65b5 --a---- 215860 bytes [03:32 21/11/2010] [03:27 21/11/2010] 7DC2ACC14E8095FAB4EEC11EEBE99B06
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5_aparajbi.ttf_02c81200 --a---- 228456 bytes [03:32 21/11/2010] [03:27 21/11/2010] CFDB97EBF546A11E49C38F0DF63708CF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5_aparaji.ttf_ca6e5634 --a---- 239596 bytes [03:32 21/11/2010] [03:27 21/11/2010] 596E910C2341E1FA280A1FC462BDD32C
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e.manifest --a---- 5279 bytes [02:59 14/07/2009] [02:59 14/07/2009] D8EAD8369C4A37B5D1B175691C79E6CF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e_cordia.ttf_6873986a --a---- 108572 bytes [02:59 14/07/2009] [02:59 14/07/2009] 1059AD38E2A3BD334504686A2901EEDB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e_cordiab.ttf_6fc99b08 --a---- 95892 bytes [02:59 14/07/2009] [02:59 14/07/2009] 89472D248B96ED4271EE74C7E6CDBE9D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e_cordiai.ttf_6f8a8b87 --a---- 100104 bytes [02:59 14/07/2009] [02:59 14/07/2009] 7A6CD3B905E2CF67EC81A58D1284EE17
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e_cordiaz.ttf_6ef165e0 --a---- 94816 bytes [02:59 14/07/2009] [02:59 14/07/2009] 3239D4CE37DC032F69B9D20CE4D1B094
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_6.1.7601.17514_none_afa74777185b3852.manifest --a---- 2057 bytes [03:32 21/11/2010] [03:27 21/11/2010] F37ED0885764E8376653F8465F1DBA79
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_6.1.7601.17514_none_afa74777185b3852_dokchamp.ttf_5b18a95f --a---- 149624 bytes [03:32 21/11/2010] [03:27 21/11/2010] 119688CC24C7A1C78A469B0ED365EDD7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-gishabold_31bf3856ad364e35_6.1.7600.16385_none_f50009547b049b77.manifest --a---- 2723 bytes [02:59 14/07/2009] [02:56 14/07/2009] 3CAC296A30FECF6F4BEE4844F241640A
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-gishabold_31bf3856ad364e35_6.1.7600.16385_none_f50009547b049b77_gishabd.ttf_f731b2ea --a---- 74056 bytes [02:59 14/07/2009] [02:56 14/07/2009] FE7E63965224194F774A380E9D53AD0D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-moolboran_31bf3856ad364e35_6.1.7600.16385_none_c3c7531afa803429.manifest --a---- 2470 bytes [02:59 14/07/2009] [02:58 14/07/2009] 52FA85EB5CAB8FEECF4E3BE13D110845
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-moolboran_31bf3856ad364e35_6.1.7600.16385_none_c3c7531afa803429_moolbor.ttf_8f2a9b94 --a---- 342840 bytes [02:59 14/07/2009] [02:58 14/07/2009] DBB5D50716AF7C45DD357A6A585D7A9E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-wingdings_31bf3856ad364e35_6.1.7600.16385_none_85208756a65ef4ea.manifest --a---- 2974 bytes [02:59 14/07/2009] [02:57 14/07/2009] 403C9B7CC01FFA05DF763FCE44423D34
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-wingdings_31bf3856ad364e35_6.1.7600.16385_none_85208756a65ef4ea_wingding.ttf_c9c065ed --a---- 83740 bytes [02:59 14/07/2009] [02:57 14/07/2009] 68C74934563BF4AFA50793C67BD19B24
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_6.1.7600.16385_none_5b3be3e0926bd543.manifest --a---- 3100 bytes [02:59 14/07/2009] [02:59 14/07/2009] 7A710DF0FC15D0EF1D325294EFC11DC0
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_6.1.7600.16385_none_5b3be3e0926bd543_lucon.ttf_76ed00f1 --a---- 115016 bytes [02:59 14/07/2009] [02:59 14/07/2009] ED07815509F9C255B6E0F66C7910EB97
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-sakkalmajalla_31bf3856ad364e35_6.1.7600.16385_none_fb8092e2c0173c39.manifest --a---- 2727 bytes [02:59 14/07/2009] [02:58 14/07/2009] EDBC8CB3F89C1EAFBA1ED08EEB71CFC9
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-sakkalmajalla_31bf3856ad364e35_6.1.7600.16385_none_fb8092e2c0173c39_majalla.ttf_5a048cf2 --a---- 370084 bytes [02:59 14/07/2009] [02:58 14/07/2009] 6E89ECFD2776A4697B964580E8924D0F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7.manifest --a---- 7105 bytes [03:32 21/11/2010] [03:27 21/11/2010] 5F85DCD6B5E1D125E418FB50DB20486D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7_times.ttf_2caa4556 --a---- 834240 bytes [03:32 21/11/2010] [03:27 21/11/2010] 01D51F020433AC2343DC03C097AAC735
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7_timesbd.ttf_a3c367a0 --a---- 840736 bytes [03:32 21/11/2010] [03:27 21/11/2010] A0CA394C46C62F25631B7151BBDC2D88
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7_timesbi.ttf_a3965c8d --a---- 619972 bytes [03:32 21/11/2010] [03:27 21/11/2010] 325B7AB333620D3DEBACEEA720B2ED27
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7_timesi.ttf_88bb465f --a---- 661244 bytes [03:32 21/11/2010] [03:27 21/11/2010] 4E08287934414B094529E48ACEBA0C4B
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_6.1.7600.16385_none_2a668cf479ef0388.manifest --a---- 3731 bytes [02:59 14/07/2009] [02:59 14/07/2009] 80B0F9F5E2DD4FBD578CFFDA017DFEBD
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_6.1.7600.16385_none_2a668cf479ef0388_iskpota.ttf_b97d7073 --a---- 548036 bytes [02:59 14/07/2009] [02:59 14/07/2009] 38ACC11EE03D6C1DF3DF3CC99A04B734
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_6.1.7600.16385_none_2a668cf479ef0388_iskpotab.ttf_f096fc81 --a---- 368924 bytes [02:59 14/07/2009] [02:59 14/07/2009] 9D1485C0D69BF9DBB6C5C8D1A1294299
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-new_tai_lue_31bf3856ad364e35_6.1.7600.16385_none_325f57c8c0ee36a8.manifest --a---- 3762 bytes [02:59 14/07/2009] [02:57 14/07/2009] DA31A1BA2943293C736A51A1E0C123B7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-new_tai_lue_31bf3856ad364e35_6.1.7600.16385_none_325f57c8c0ee36a8_ntailu.ttf_c1891505 --a---- 82864 bytes [02:59 14/07/2009] [02:57 14/07/2009] 58448BC8344E86403C7AD25B3509965F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-new_tai_lue_31bf3856ad364e35_6.1.7600.16385_none_325f57c8c0ee36a8_ntailub.ttf_139d3615 --a---- 75552 bytes [02:59 14/07/2009] [02:57 14/07/2009] 3CDB6AC81169D4D2D5C0D8A204EF35A9
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335.manifest --a---- 5275 bytes [02:59 14/07/2009] [02:58 14/07/2009] 23A2AE8EF9C123F971D2DDF732314947
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335_angsa.ttf_06632f96 --a---- 109808 bytes [02:59 14/07/2009] [02:58 14/07/2009] CC6C99B66A5B4C4E82FF2C6ED95077B4
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335_angsab.ttf_2615c880 --a---- 106220 bytes [02:59 14/07/2009] [02:58 14/07/2009] 3CB74FE6198EE7B4E4F675AACF265618
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335_angsai.ttf_284d5409 --a---- 103444 bytes [02:59 14/07/2009] [02:58 14/07/2009] B50EF16C35EC7487935D84BDE8C770D1
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335_angsaz.ttf_2dafa6e8 --a---- 105636 bytes [02:59 14/07/2009] [02:58 14/07/2009] 5E9F0667FB361414006555937EA5E053
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b.manifest --a---- 6885 bytes [02:59 14/07/2009] [02:59 14/07/2009] DC429046AF05CE093B5D6967DBE199BE
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b_cour.ttf_054afabf --a---- 709600 bytes [02:59 14/07/2009] [02:59 14/07/2009] 5BC234E37EE12ADC26918EB88E5E4EC4
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b_courbd.ttf_7d4db8d5 --a---- 710192 bytes [02:59 14/07/2009] [02:59 14/07/2009] 47EEA0AEE6A658D70341A2CCC25BB819
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b_courbi.ttf_7ee31c80 --a---- 530336 bytes [02:59 14/07/2009] [02:59 14/07/2009] AA3AA1F24B74AB96BE6835B500CC4E17
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b_couri.ttf_21733c5a --a---- 618240 bytes [02:59 14/07/2009] [02:59 14/07/2009] 166CF3C23215A1444FBF866189C88D79
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_6.1.7600.16385_none_6485fe8bf7ee4be9.manifest --a---- 2725 bytes [02:59 14/07/2009] [02:57 14/07/2009] 0D1D03A511F4E0A9F1AF1A4ACE2DBF30
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_6.1.7600.16385_none_6485fe8bf7ee4be9_leelawad.ttf_cebbef27 --a---- 97752 bytes [02:59 14/07/2009] [02:57 14/07/2009] A772AA8A7D2A778D9A2A43CC6D96ADA3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_6.1.7600.16385_none_d0e8774fa1155a53.manifest --a---- 2057 bytes [02:59 14/07/2009] [02:58 14/07/2009] 0199DDF5BE9020698303EF9A32DFB91C
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_6.1.7600.16385_none_d0e8774fa1155a53_l_10646.ttf_f757c3ca --a---- 325400 bytes [02:59 14/07/2009] [02:58 14/07/2009] BCCCD674C3FE808A4B01B8914C6898D5
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-meiryobold_31bf3856ad364e35_6.1.7600.16385_none_2942916491573830.manifest --a---- 2639 bytes [02:59 14/07/2009] [02:59 14/07/2009] E80D54D64C3679CCB52A42046E3C1C24
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-meiryobold_31bf3856ad364e35_6.1.7600.16385_none_2942916491573830_meiryob.ttc_d9ebd964 --a---- 9749256 bytes [02:59 14/07/2009] [02:59 14/07/2009] 95F75A104ABDC82E3AAD20279DA01AAB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..uetype-malgungothic_31bf3856ad364e35_6.1.7600.16385_none_6144d01edfdac19c.manifest --a---- 2566 bytes [02:59 14/07/2009] [02:58 14/07/2009] 0ED33A214CCF634C95B3A45A86ECCE24
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..uetype-malgungothic_31bf3856ad364e35_6.1.7600.16385_none_6144d01edfdac19c_malgun.ttf_166813d8 --a---- 4337296 bytes [02:59 14/07/2009] [02:58 14/07/2009] E06E6E77FB5ACEFC83E0589B6CE53E9D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40.manifest --a---- 7490 bytes [21:35 14/11/2011] [21:08 14/11/2011] A43B465A9073DD245889B42BABBDF12E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40_arial.ttf_e828c109 --a---- 778552 bytes [21:35 14/11/2011] [21:08 14/11/2011] 05ADA5BD099C819F28FBE4A1DE2F0A61
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40_arialbd.ttf_d4f87b8d --a---- 749004 bytes [21:35 14/11/2011] [21:08 14/11/2011] EB71CDAE8106DF1BC31444A045F812A4
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40_arialbi.ttf_d4cb707a --a---- 561924 bytes [21:35 14/11/2011] [21:08 14/11/2011] 934B2FAC22C00682057E26B895E48188
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40_ariali.ttf_a85a3504 --a---- 555884 bytes [21:35 14/11/2011] [21:08 14/11/2011] 4D5964EC09D480476DF4B48BF3D1DE14
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-batang_31bf3856ad364e35_6.1.7600.16385_none_13de7dc07ffbe591.manifest --a---- 3694 bytes [02:59 14/07/2009] [02:56 14/07/2009] D94F28AB5A347B521B24B834D8FC6702
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-batang_31bf3856ad364e35_6.1.7600.16385_none_13de7dc07ffbe591_batang.ttc_949601ce --a---- 16264732 bytes [02:59 14/07/2009] [02:56 14/07/2009] 982509F4C25A0AC0F4E368E222E894FE
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_6.1.7601.17514_none_65eab3ba3a64f6af.manifest --a---- 2055 bytes [03:31 21/11/2010] [03:26 21/11/2010] E9E68AFDAC61BAE0B25E07D0A06E8323
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_6.1.7601.17514_none_65eab3ba3a64f6af_daunpenh.ttf_f02ee377 --a---- 190700 bytes [03:31 21/11/2010] [03:26 21/11/2010] 5A68A4E0BD54F918326FDCF96028E3FF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_6.1.7600.16385_none_2a70c05575ba0bb8.manifest --a---- 3727 bytes [02:59 14/07/2009] [02:56 14/07/2009] CEB455C76EB3676D06541CC3EAF19B6E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_6.1.7600.16385_none_2a70c05575ba0bb8_ebrima.ttf_8897b9ba --a---- 304428 bytes [02:59 14/07/2009] [02:56 14/07/2009] 1BA82D324736A8A9D4327D482C4627C4
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_6.1.7600.16385_none_2a70c05575ba0bb8_ebrimabd.ttf_c39dde16 --a---- 298952 bytes [02:59 14/07/2009] [02:56 14/07/2009] 16CEC52B0C38A2A8E37A23AE9A953FCF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54.manifest --a---- 2563 bytes [02:59 14/07/2009] [02:56 14/07/2009] 5363C6C467724C6512941D802EB6352D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54_euphemia.ttf_dc2c9458 --a---- 172656 bytes [02:59 14/07/2009] [02:56 14/07/2009] 5C81010800152B142EA357CCBEE8C40E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gabriola_31bf3856ad364e35_6.1.7601.17514_none_e65a866e9dc81eaf.manifest --a---- 2563 bytes [03:32 21/11/2010] [03:27 21/11/2010] 98B03FF28D9981EADD71E243AE5F1AAA
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gabriola_31bf3856ad364e35_6.1.7601.17514_none_e65a866e9dc81eaf_gabriola.ttf_2896bb77 --a---- 1804512 bytes [03:32 21/11/2010] [03:27 21/11/2010] 9F6C62F1F041CA9F3D69AC76684314D0
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_6.1.7600.16385_none_d7a960cbb5ebb166.manifest --a---- 3714 bytes [02:59 14/07/2009] [02:58 14/07/2009] 0578DC1516FA41F21A9691F79345A990
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_6.1.7600.16385_none_d7a960cbb5ebb166_gautami.ttf_b2983076 --a---- 256384 bytes [02:59 14/07/2009] [02:58 14/07/2009] 379C6A5EC3D085B1AD2F0D83FD40C580
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_6.1.7600.16385_none_d7a960cbb5ebb166_gautamib.ttf_eba5f98c --a---- 221268 bytes [02:59 14/07/2009] [02:58 14/07/2009] 1CB82C6F93C51AA8DD7C7EA82CD641EB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gisha_31bf3856ad364e35_6.1.7600.16385_none_9cb7ddca79444d70.manifest --a---- 2698 bytes [02:59 14/07/2009] [02:59 14/07/2009] 6A3095B39497E368EA72ACBA871161F2
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gisha_31bf3856ad364e35_6.1.7600.16385_none_9cb7ddca79444d70_gisha.ttf_9a79c88c --a---- 72932 bytes [02:59 14/07/2009] [02:59 14/07/2009] D3E5565884B751094DF6825C37EEAC5E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gulim_31bf3856ad364e35_6.1.7600.16385_none_a1815c1476403b50.manifest --a---- 3931 bytes [02:59 14/07/2009] [02:57 14/07/2009] BEE9C432D3DF7B0E6AE63732EE4344AB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gulim_31bf3856ad364e35_6.1.7600.16385_none_a1815c1476403b50_gulim.ttc_7c526737 --a---- 13524972 bytes [02:59 14/07/2009] [02:57 14/07/2009] FDE85C81A1B925FAC046E0C916F04847
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_6.1.7600.16385_none_66211148328492ad.manifest --a---- 3717 bytes [02:59 14/07/2009] [02:57 14/07/2009] 9C503C00E7BB9A151EA7D26B453FB705
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_6.1.7600.16385_none_66211148328492ad_kartika.ttf_0cd3884f --a---- 131264 bytes [02:59 14/07/2009] [02:57 14/07/2009] 91CFE9F3B498C81D9095976C00BC1664
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_6.1.7600.16385_none_66211148328492ad_kartikab.ttf_45e15165 --a---- 126460 bytes [02:59 14/07/2009] [02:57 14/07/2009] BB1045132F8D0C83AA339E311194F072
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_6.1.7600.16385_none_a4fa82598434113b.manifest --a---- 3863 bytes [02:59 14/07/2009] [02:57 14/07/2009] B917E8E8BDBE3F86C6B20D63896775DD
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_6.1.7600.16385_none_a4fa82598434113b_khmerui.ttf_235cfc01 --a---- 330464 bytes [02:59 14/07/2009] [02:57 14/07/2009] 56F089D4A1AECFE1368A63828E078332
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_6.1.7600.16385_none_a4fa82598434113b_khmeruib.ttf_5516e039 --a---- 263864 bytes [02:59 14/07/2009] [02:57 14/07/2009] C5F4291DD642D702FFB779FB404A1A96
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3.manifest --a---- 5397 bytes [03:31 21/11/2010] [03:26 21/11/2010] EF1B99037D5C62C6CBDBBED960AC05C8
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3_kokila.ttf_28595c29 --a---- 201680 bytes [03:31 21/11/2010] [03:26 21/11/2010] E81D8414C1FFCDCA76DECBE30BDA10A9
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3_kokilab.ttf_4e762005 --a---- 202196 bytes [03:31 21/11/2010] [03:26 21/11/2010] 97C0C76B9794131EACC206B4F4FF45B0
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3_kokilabi.ttf_822b42fe --a---- 235940 bytes [03:31 21/11/2010] [03:26 21/11/2010] 5B536B9B1F28541888176C236178057F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3_kokilai.ttf_4e371084 --a---- 241672 bytes [03:31 21/11/2010] [03:26 21/11/2010] B7E6414813AB300059F544B4D7005D61
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_6.1.7600.16385_none_d02cc17733960c0e.manifest --a---- 3841 bytes [02:59 14/07/2009] [02:57 14/07/2009] 22F3316F783F38188830205C002D4B16
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_6.1.7600.16385_none_d02cc17733960c0e_laoui.ttf_7e71da2e --a---- 97516 bytes [02:59 14/07/2009] [02:57 14/07/2009] 998C392B8982EFAB2B87EB46D7EBC485
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_6.1.7600.16385_none_d02cc17733960c0e_laouib.ttf_9bbcb09e --a---- 88700 bytes [02:59 14/07/2009] [02:57 14/07/2009] 9BDB49CE05598D1F68939CCBA0CD39C7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c.manifest --a---- 3705 bytes [02:59 14/07/2009] [02:58 14/07/2009] FD1C03B33E9E799F58A37D887C1C84A2
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c_latha.ttf_95056720 --a---- 120848 bytes [02:59 14/07/2009] [02:58 14/07/2009] ACC67C6F3EA43DEE389EF123E02782A0
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c_lathab.ttf_b2503d90 --a---- 119848 bytes [02:59 14/07/2009] [02:58 14/07/2009] 25AC104DB31463ABF624C03E3219A231
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_6.1.7601.17514_none_125c068ced09fd34.manifest --a---- 3757 bytes [03:31 21/11/2010] [03:26 21/11/2010] 4B6E92D1BB4D4649F298689B014275A6
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_6.1.7601.17514_none_125c068ced09fd34_mangal.ttf_4eb5eb98 --a---- 206260 bytes [03:31 21/11/2010] [03:26 21/11/2010] C43B90A850A8309ED8001F1FFCC2D961
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_6.1.7601.17514_none_125c068ced09fd34_mangalb.ttf_67a2137e --a---- 191892 bytes [03:31 21/11/2010] [03:26 21/11/2010] 2634CE66D1C3D8634D2D0174C924D12C
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_6.1.7600.16385_none_aa49e9141901cae9.manifest --a---- 2537 bytes [02:59 14/07/2009] [02:57 14/07/2009] D8EE629D989072E00FA3E492585016A3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_6.1.7600.16385_none_aa49e9141901cae9_marlett.ttf_4c6c9093 --a---- 26672 bytes [02:59 14/07/2009] [02:57 14/07/2009] 5F10DAF510C3CB9CCFA737CADE9C5A90
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.1.7600.16385_none_d054871761215689.manifest --a---- 2612 bytes [02:59 14/07/2009] [02:58 14/07/2009] 384B494B333094252700681366AB69AF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.1.7600.16385_none_d054871761215689_meiryo.ttc_ab0401d6 --a---- 9533888 bytes [02:59 14/07/2009] [02:58 14/07/2009] D516FD68397BCED208EF2BDF5F71ED6D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mingliub_31bf3856ad364e35_6.1.7600.16385_none_2516994551e62499.manifest --a---- 3472 bytes [02:59 14/07/2009] [02:58 14/07/2009] 76DFE649463734B311CF0799564DDA45
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mingliub_31bf3856ad364e35_6.1.7600.16385_none_2516994551e62499_mingliub.ttc_b8743970 --a---- 33805700 bytes [02:59 14/07/2009] [02:58 14/07/2009] D4E65A967CC41D732CAE728BD3283692
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-msgothic_31bf3856ad364e35_6.1.7600.16385_none_34a180b79866a79c.manifest --a---- 3491 bytes [02:59 14/07/2009] [02:56 14/07/2009] 23E3AA80858C76F3ABE692BB7C08F9C6
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-msgothic_31bf3856ad364e35_6.1.7600.16385_none_34a180b79866a79c_msgothic.ttc_5396000d --a---- 9176636 bytes [02:59 14/07/2009] [02:57 14/07/2009] 1F162793323E204A0D598A9AA4241443
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-msmincho_31bf3856ad364e35_6.1.7600.16385_none_be34642396bfadae.manifest --a---- 3203 bytes [02:59 14/07/2009] [02:57 14/07/2009] C2C1F3142A83746D67B1777192E63508
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-msmincho_31bf3856ad364e35_6.1.7600.16385_none_be34642396bfadae_msmincho.ttc_45a433bb --a---- 10057108 bytes [02:59 14/07/2009] [02:57 14/07/2009] EA3F8835F67B492A0740AC34E1E807F8
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_6.1.7600.16385_none_cee2efd161995b03.manifest --a---- 2827 bytes [02:59 14/07/2009] [02:58 14/07/2009] 39D8325099CD5F32BFCFA171E3373306
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_6.1.7600.16385_none_cee2efd161995b03_mvboli.ttf_74791b0f --a---- 84940 bytes [02:59 14/07/2009] [02:58 14/07/2009] A7E3822358F6DCB2F986A68CF24721B2
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_6.1.7600.16385_none_11cc5af51bce7775.manifest --a---- 2809 bytes [02:59 14/07/2009] [02:57 14/07/2009] 1DC6A688A8180565B84FD2D6489391EF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_6.1.7600.16385_none_11cc5af51bce7775_nyala.ttf_cf5a23e7 --a---- 438016 bytes [02:59 14/07/2009] [02:57 14/07/2009] 9F895BE44FD462D400A25832EC1095A1
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_6.1.7600.16385_none_cec462f31334afc8.manifest --a---- 3744 bytes [02:59 14/07/2009] [02:59 14/07/2009] 0ECCF6D227DC77B2D15280658444B12E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_6.1.7600.16385_none_cec462f31334afc8_phagspa.ttf_5183c1d4 --a---- 146496 bytes [02:59 14/07/2009] [02:59 14/07/2009] 623A4E160C7783FB2450E2FADE07D883
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_6.1.7600.16385_none_cec462f31334afc8_phagspab.ttf_8437c490 --a---- 150228 bytes [02:59 14/07/2009] [02:59 14/07/2009] C96B36C6EC8C33462679CBF409F929DB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243.manifest --a---- 3705 bytes [02:59 14/07/2009] [02:57 14/07/2009] 4372E01549F493EBA3911B56124A80B3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243_raavi.ttf_15141359 --a---- 94300 bytes [02:59 14/07/2009] [02:57 14/07/2009] 8805728574A7EAF7D45CCB53591BD8A7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243_raavib.ttf_325ee9c9 --a---- 93800 bytes [02:59 14/07/2009] [02:57 14/07/2009] 32C4BFDAFA2C62023F5A95EC3D404CDD
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911.manifest --a---- 8306 bytes [17:17 16/08/2012] [05:24 16/08/2012] 651A1880A8488BF7D2F78CD1C9975730
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_segoeui.ttf_b39275ad --a---- 516560 bytes [17:17 16/08/2012] [05:24 16/08/2012] 69917140BC7639D6AAB16C3FD4637A8B
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_segoeuib.ttf_ea2ef279 --a---- 497372 bytes [17:17 16/08/2012] [05:24 16/08/2012] 0FD37958CD0738645F4D2DEB2DD9B59F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_segoeuii.ttf_ea35f432 --a---- 385560 bytes [17:17 16/08/2012] [05:24 16/08/2012] 494772733B824FA9084757B082533610
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_segoeuil.ttf_ea38f4ef --a---- 330908 bytes [17:17 16/08/2012] [05:24 16/08/2012] 5076583FA2A14CD2CF3634FF59A1138B
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_segoeuiz.ttf_ea46f861 --a---- 398148 bytes [17:17 16/08/2012] [05:24 16/08/2012] AD4AEC6E9E8956AA5263F8F3A6C8803F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_seguisb.ttf_a7ce912e --a---- 406192 bytes [17:17 16/08/2012] [05:24 16/08/2012] D4D6E1A6527A21185217393C427A52CB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_seguisym.ttf_e095394a --a---- 842104 bytes [17:17 16/08/2012] [05:24 16/08/2012] 714BD6C91CDD7390094567BF4D6A4E74
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shonar_31bf3856ad364e35_6.1.7601.17514_none_22bcf2b96e304317.manifest --a---- 3514 bytes [03:31 21/11/2010] [03:26 21/11/2010] A12284FD44CD2E9E8E278F50AC6B6ECC
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shonar_31bf3856ad364e35_6.1.7601.17514_none_22bcf2b96e304317_shonar.ttf_fdf1d355 --a---- 340100 bytes [03:31 21/11/2010] [03:26 21/11/2010] 53D7C27D36716A2E787903901E194932
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shonar_31bf3856ad364e35_6.1.7601.17514_none_22bcf2b96e304317_shonarb.ttf_127871e9 --a---- 301028 bytes [03:31 21/11/2010] [03:26 21/11/2010] 79E741EA910EF300165854F7854CD215
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_6.1.7600.16385_none_295c980d6b8c1975.manifest --a---- 3705 bytes [02:59 14/07/2009] [02:58 14/07/2009] D009E450187F272361EED37205547F81
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_6.1.7600.16385_none_295c980d6b8c1975_shruti.ttf_c4dbca5d --a---- 270172 bytes [02:59 14/07/2009] [02:58 14/07/2009] A4C86F8B063BA5894439B3E1B3B77A50
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_6.1.7600.16385_none_295c980d6b8c1975_shrutib.ttf_cc31ccfb --a---- 235340 bytes [02:59 14/07/2009] [02:58 14/07/2009] 31D8BDC6FF93105F5E81865633C9426A
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-simsunb_31bf3856ad364e35_6.1.7600.16385_none_ecef7b9d35a0dabd.manifest --a---- 2842 bytes [02:59 14/07/2009] [02:57 14/07/2009] E09F343C82E3348D62E48EC5E3C14EDF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-simsunb_31bf3856ad364e35_6.1.7600.16385_none_ecef7b9d35a0dabd_simsunb.ttf_08f71e3f --a---- 15406288 bytes [02:59 14/07/2009] [02:57 14/07/2009] 417A85FF314928ADC67E51BB1B458F04
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-simsun_31bf3856ad364e35_6.1.7600.16385_none_56fe10b1895fd80b.manifest --a---- 3436 bytes [02:59 14/07/2009] [02:57 14/07/2009] 4675A13F9E1EB02A6E3FCB0E35FFEEEF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-simsun_31bf3856ad364e35_6.1.7600.16385_none_56fe10b1895fd80b_simsun.ttc_eba56c14 --a---- 15323200 bytes [02:59 14/07/2009] [02:57 14/07/2009] 4D96249C34F491BA811E06078263A47D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-sylfaen_31bf3856ad364e35_6.1.7600.16385_none_baa3a3fe00df3026.manifest --a---- 2834 bytes [02:59 14/07/2009] [02:58 14/07/2009] 98BCF1795FEB446CE4AE285626169DCF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-sylfaen_31bf3856ad364e35_6.1.7600.16385_none_baa3a3fe00df3026_sylfaen.ttf_c14359b6 --a---- 228348 bytes [02:59 14/07/2009] [02:58 14/07/2009] CF85131EF1119A8D56E92CD8FF533995
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e.manifest --a---- 2907 bytes [02:59 14/07/2009] [02:56 14/07/2009] 00EC06A9133600D2C547F8F8D591A126
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e_symbol.ttf_7a3af274 --a---- 70128 bytes [02:59 14/07/2009] [02:56 14/07/2009] 9629034E291841F941497D4A365C01F7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.17621_none_8de4a1378b4dcecd.manifest --a---- 3818 bytes [21:35 14/11/2011] [21:08 14/11/2011] C8C26460D00177522E6C8780DE5AE86E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.17621_none_8de4a1378b4dcecd_tahoma.ttf_586caa52 --a---- 700180 bytes [21:35 14/11/2011] [21:08 14/11/2011] 801BC5BED6BF516980E1891A785563A8
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.17621_none_8de4a1378b4dcecd_tahomabd.ttf_c258876e --a---- 648008 bytes [21:35 14/11/2011] [21:08 14/11/2011] 269A3173C2531CFC6B376971A672DAC3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tai_le_31bf3856ad364e35_6.1.7600.16385_none_8b27023f8ebb68a4.manifest --a---- 3726 bytes [02:59 14/07/2009] [02:59 14/07/2009] 6A35F8A3BB454B24AB29FF307D1F67E2
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tai_le_31bf3856ad364e35_6.1.7600.16385_none_8b27023f8ebb68a4_taile.ttf_52348015 --a---- 72008 bytes [02:59 14/07/2009] [02:59 14/07/2009] FF43E14BDCC67883FBD7A6F6223920CC
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tai_le_31bf3856ad364e35_6.1.7600.16385_none_8b27023f8ebb68a4_taileb.ttf_6f7f5685 --a---- 63364 bytes [02:59 14/07/2009] [02:59 14/07/2009] 22181869727DC4B201302CC1C78F9ACE
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_6.1.7600.16385_none_e4baa884cb08804d.manifest --a---- 3693 bytes [02:59 14/07/2009] [02:59 14/07/2009] EDDDDA4D5747DB4BBEB644FDF996CD5E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_6.1.7600.16385_none_e4baa884cb08804d_tunga.ttf_63bed00f --a---- 188908 bytes [02:59 14/07/2009] [02:59 14/07/2009] 74CE3AEE1A945A489752721B23A8027C
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_6.1.7600.16385_none_e4baa884cb08804d_tungab.ttf_986e3427 --a---- 174896 bytes [02:59 14/07/2009] [02:59 14/07/2009] 2EB142DA4A4DDA7DCC915715DA3925DA
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202.manifest --a---- 5396 bytes [03:31 21/11/2010] [03:26 21/11/2010] BA2245A2F670C5414F91F7E3BE66180D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202_utsaah.ttf_0b44910a --a---- 216004 bytes [03:31 21/11/2010] [03:26 21/11/2010] 8A7D5EF1C37A77234417883EC9FDD6F6
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202_utsaahb.ttf_0e350a56 --a---- 210644 bytes [03:31 21/11/2010] [03:26 21/11/2010] 91E40B267560B94AF8306B4A43D189EB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202_utsaahbi.ttf_3e01b33f --a---- 218956 bytes [03:31 21/11/2010] [03:26 21/11/2010] 15B5D45C8C7723ABB68D0F98F5A9393B
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202_utsaahi.ttf_0df5fad5 --a---- 239152 bytes [03:31 21/11/2010] [03:26 21/11/2010] 617D7B66904A63C374450DB06412E9B6
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vani_31bf3856ad364e35_6.1.7601.17514_none_5a885c9b0fafaf30.manifest --a---- 3462 bytes [03:32 21/11/2010] [03:26 21/11/2010] 01BFD80FF763D158FB5BD0C584BD54AC
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vani_31bf3856ad364e35_6.1.7601.17514_none_5a885c9b0fafaf30_vani.ttf_cae9a052 --a---- 386996 bytes [03:32 21/11/2010] [03:26 21/11/2010] A806161B4AB9F06085DD7C969C6AB6F3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vani_31bf3856ad364e35_6.1.7601.17514_none_5a885c9b0fafaf30_vanib.ttf_8c9d41c8 --a---- 370576 bytes [03:32 21/11/2010] [03:26 21/11/2010] 756871F756EE24C7029AAFDAD4CBDC62
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vijaya_31bf3856ad364e35_6.1.7601.17514_none_44db357a5c7540d8.manifest --a---- 3494 bytes [03:32 21/11/2010] [03:26 21/11/2010] BC1F01A177243A2CF51228197BE66B30
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vijaya_31bf3856ad364e35_6.1.7601.17514_none_44db357a5c7540d8_vijaya.ttf_a73b2b74 --a---- 171192 bytes [03:32 21/11/2010] [03:26 21/11/2010] E2FEBB205F1BDA4C972F37857F327B82
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vijaya_31bf3856ad364e35_6.1.7601.17514_none_44db357a5c7540d8_vijayab.ttf_d1bd78a2 --a---- 154072 bytes [03:32 21/11/2010] [03:26 21/11/2010] 6CD6865A4DCA5AF03B76E21C34D80E70
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_6.1.7600.16385_none_d2195f0f72f474c8.manifest --a---- 3719 bytes [02:59 14/07/2009] [02:59 14/07/2009] 105C3618D7D07B871F8217B453208678
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_6.1.7600.16385_none_d2195f0f72f474c8_vrinda.ttf_4a270eaa --a---- 259520 bytes [02:59 14/07/2009] [02:59 14/07/2009] 3B839B8F5B064F5C20F40027783E6366
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_6.1.7600.16385_none_d2195f0f72f474c8_vrindab.ttf_790ee52a --a---- 257672 bytes [02:59 14/07/2009] [02:59 14/07/2009] C573F57D8C25477A939E3FCE3C737073
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5.manifest --a---- 5417 bytes [03:16 21/11/2010] [03:16 21/11/2010] 0456BC804996A854112EDC9C40B6DE7E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e.manifest --a---- 5279 bytes [02:33 14/07/2009] [02:25 14/07/2009] D8EAD8369C4A37B5D1B175691C79E6CF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-cordiaupc_31bf3856ad364e35_6.1.7600.16385_none_d5acc06207f06a2e.manifest --a---- 5106 bytes [02:33 14/07/2009] [02:18 14/07/2009] 55B71A3A3E8A1A37C4A444A97A4E19E2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_6.1.7601.17514_none_afa74777185b3852.manifest --a---- 2057 bytes [03:16 21/11/2010] [03:16 21/11/2010] F37ED0885764E8376653F8465F1DBA79
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-gishabold_31bf3856ad364e35_6.1.7600.16385_none_f50009547b049b77.manifest --a---- 2723 bytes [02:33 14/07/2009] [02:12 14/07/2009] 3CAC296A30FECF6F4BEE4844F241640A
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-levenimmt_31bf3856ad364e35_6.1.7600.16385_none_e0843b84595f479b.manifest --a---- 3272 bytes [02:33 14/07/2009] [02:27 14/07/2009] 7D7A96912FE62441D0BA0D2E05551DF3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-moolboran_31bf3856ad364e35_6.1.7600.16385_none_c3c7531afa803429.manifest --a---- 2470 bytes [02:33 14/07/2009] [02:17 14/07/2009] 52FA85EB5CAB8FEECF4E3BE13D110845
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-wingdings_31bf3856ad364e35_6.1.7600.16385_none_85208756a65ef4ea.manifest --a---- 2974 bytes [02:33 14/07/2009] [02:23 14/07/2009] 403C9B7CC01FFA05DF763FCE44423D34
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_6.1.7600.16385_none_5b3be3e0926bd543.manifest --a---- 3100 bytes [02:33 14/07/2009] [02:27 14/07/2009] 7A710DF0FC15D0EF1D325294EFC11DC0
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..etype-sakkalmajalla_31bf3856ad364e35_6.1.7600.16385_none_fb8092e2c0173c39.manifest --a---- 2727 bytes [02:33 14/07/2009] [02:26 14/07/2009] EDBC8CB3F89C1EAFBA1ED08EEB71CFC9
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7.manifest --a---- 7105 bytes [03:16 21/11/2010] [03:16 21/11/2010] 5F85DCD6B5E1D125E418FB50DB20486D
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-aharonibold_31bf3856ad364e35_6.1.7600.16385_none_df8bf8e079b63081.manifest --a---- 2379 bytes [02:33 14/07/2009] [02:15 14/07/2009] 1CE83FBBE4E2A168DF80FEF71469A066
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-comicsansms_31bf3856ad364e35_6.1.7600.16385_none_384a156a54139a6c.manifest --a---- 3288 bytes [02:33 14/07/2009] [02:25 14/07/2009] 6AF73999B2FA4A485C06D269E0550075
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-dilleniaupc_31bf3856ad364e35_6.1.7600.16385_none_8390abd0a70bdb46.manifest --a---- 5090 bytes [02:33 14/07/2009] [02:23 14/07/2009] EF2D841D59185CCCB3A924819A823E96
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-eucrosiaupc_31bf3856ad364e35_6.1.7600.16385_none_ecd82d1c49af0689.manifest --a---- 5090 bytes [02:33 14/07/2009] [02:18 14/07/2009] 2DFD99AAA62D5C15B2FFAD34798573D8
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_6.1.7600.16385_none_2a668cf479ef0388.manifest --a---- 3731 bytes [02:33 14/07/2009] [02:26 14/07/2009] 80B0F9F5E2DD4FBD578CFFDA017DFEBD
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-new_tai_lue_31bf3856ad364e35_6.1.7600.16385_none_325f57c8c0ee36a8.manifest --a---- 3762 bytes [02:33 14/07/2009] [02:18 14/07/2009] DA31A1BA2943293C736A51A1E0C123B7
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-plantagenet_31bf3856ad364e35_6.1.7600.16385_none_47246d9331e672af.manifest --a---- 2393 bytes [02:33 14/07/2009] [02:19 14/07/2009] 9DD6927DC2BB56405DC6B18025294EBC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-segoescript_31bf3856ad364e35_6.1.7601.17514_none_32eade0d03ae2a68.manifest --a---- 3329 bytes [03:15 21/11/2010] [03:15 21/11/2010] 3FF8B9014F6958EB89039950F5443463
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-trebuchetms_31bf3856ad364e35_6.1.7600.16385_none_d9b57888a1592ef4.manifest --a---- 5121 bytes [02:33 14/07/2009] [02:25 14/07/2009] C04DAAC71FF78B03C97723394FFA2083
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335.manifest --a---- 5275 bytes [02:33 14/07/2009] [02:24 14/07/2009] 23A2AE8EF9C123F971D2DDF732314947
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-angsanaupc_31bf3856ad364e35_6.1.7600.16385_none_c5a2a76019e76995.manifest --a---- 5101 bytes [02:33 14/07/2009] [02:27 14/07/2009] 75F475575D9D13C85056D1F21F5A039F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-arialblack_31bf3856ad364e35_6.1.7600.16385_none_4540bd0a80a4a192.manifest --a---- 2377 bytes [02:33 14/07/2009] [02:15 14/07/2009] C3DD6BF3DF6F2709A9C7F78AFDE6F57F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-constantia_31bf3856ad364e35_6.1.7600.16385_none_66fc2dc6236a4562.manifest --a---- 5124 bytes [02:33 14/07/2009] [02:18 14/07/2009] 0BAE5F104A2902EBBBC341F3FA76889F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b.manifest --a---- 6885 bytes [02:33 14/07/2009] [02:27 14/07/2009] DC429046AF05CE093B5D6967DBE199BE
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-frankruehl_31bf3856ad364e35_6.1.7600.16385_none_5a232d6cfade165e.manifest --a---- 2373 bytes [02:33 14/07/2009] [02:14 14/07/2009] 8A601B5EE34179184ABDC3D1BFDF6410
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-freesiaupc_31bf3856ad364e35_6.1.7600.16385_none_ad8aa55efd12136f.manifest --a---- 5083 bytes [02:33 14/07/2009] [02:18 14/07/2009] 910CCDADEE418A998EF16EFB08161C46
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-jasmineupc_31bf3856ad364e35_6.1.7600.16385_none_fffdf1db5de6d26d.manifest --a---- 5083 bytes [02:33 14/07/2009] [02:22 14/07/2009] 6E4C90ED2DF63F9AF1C9208DA05D5ABC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_6.1.7600.16385_none_6485fe8bf7ee4be9.manifest --a---- 2725 bytes [02:33 14/07/2009] [02:19 14/07/2009] 0D1D03A511F4E0A9F1AF1A4ACE2DBF30
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_6.1.7600.16385_none_d0e8774fa1155a53.manifest --a---- 2057 bytes [02:33 14/07/2009] [02:25 14/07/2009] 0199DDF5BE9020698303EF9A32DFB91C
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-meiryobold_31bf3856ad364e35_6.1.7600.16385_none_2942916491573830.manifest --a---- 2639 bytes [02:33 14/07/2009] [02:27 14/07/2009] E80D54D64C3679CCB52A42046E3C1C24
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-segoeprint_31bf3856ad364e35_6.1.7600.16385_none_50896942163a554e.manifest --a---- 3027 bytes [02:33 14/07/2009] [02:12 14/07/2009] AA01482EE49506437EDC2C5587610E21
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..uetype-browallianew_31bf3856ad364e35_6.1.7600.16385_none_8ec8f32d06b7767f.manifest --a---- 5109 bytes [02:33 14/07/2009] [02:27 14/07/2009] A43FD3CCA593C200E3053A09B04B1A1C
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..uetype-browalliaupc_31bf3856ad364e35_6.1.7600.16385_none_8e8a0e8706e4503f.manifest --a---- 5115 bytes [02:33 14/07/2009] [02:18 14/07/2009] E8555067506021ADA464C653DEFC2185
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..uetype-kodchiangupc_31bf3856ad364e35_6.1.7600.16385_none_d01c5f41457227be.manifest --a---- 5097 bytes [02:33 14/07/2009] [02:18 14/07/2009] 9821A89042CDF32DD2005395C4F40F28
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..uetype-malgungothic_31bf3856ad364e35_6.1.7600.16385_none_6144d01edfdac19c.manifest --a---- 2566 bytes [02:33 14/07/2009] [02:12 14/07/2009] 0ED33A214CCF634C95B3A45A86ECCE24
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-andalus_31bf3856ad364e35_6.1.7600.16385_none_4edc66caddc48ae2.manifest --a---- 2359 bytes [02:33 14/07/2009] [02:17 14/07/2009] 26D869714241D0DCF99C050E7DC46051
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17514_none_d0a9759ec3fa9e2d.manifest --a---- 7490 bytes [03:17 21/11/2010] [03:17 21/11/2010] CE5CA32A981728EC5E08BFCE60030EB6
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40.manifest ------- 7490 bytes [16:47 14/11/2011] [12:10 24/05/2011] A43B465A9073DD245889B42BABBDF12E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.21733_none_d11c742ddd2959a9.manifest ------- 7490 bytes [16:47 14/11/2011] [13:23 24/05/2011] 75C1F2B353CFCD400D1BDCCB26BA831F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-batang_31bf3856ad364e35_6.1.7600.16385_none_13de7dc07ffbe591.manifest --a---- 3694 bytes [02:33 14/07/2009] [02:25 14/07/2009] D94F28AB5A347B521B24B834D8FC6702
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.16385_none_469b1ef409759322.manifest --a---- 5108 bytes [02:33 14/07/2009] [02:16 14/07/2009] D2A4F09CC72F8211819C0678A68B4C33
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.17959_none_48a5fc16067ff9cf.manifest ------- 6932 bytes [20:06 14/11/2012] [00:15 26/09/2012] 030A8501FC019497600F6282F67ABCDD
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.22118_none_4959b0691f7e43c0.manifest ------- 6932 bytes [20:06 14/11/2012] [01:05 26/09/2012] CA6B0492D0D8AB67A2CDB7032287C286
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.1.7601.17514_none_50c7a4451ab021fd.manifest --a---- 4855 bytes [03:17 21/11/2010] [03:17 21/11/2010] 42FF57B86762522845A05D7B5B903161
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-candara_31bf3856ad364e35_6.1.7600.16385_none_47342bc83c01bc90.manifest --a---- 5108 bytes [02:33 14/07/2009] [02:18 14/07/2009] DC2997428FF8E6E0068DF2EF556DC2E2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_6.1.7600.16385_none_c5e444bbbf030bfa.manifest --a---- 5371 bytes [02:33 14/07/2009] [02:28 14/07/2009] 912133107740F67F02F724D740B00D96
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-corbel_31bf3856ad364e35_6.1.7600.16385_none_2e9e7f8d18669105.manifest --a---- 5089 bytes [02:33 14/07/2009] [02:16 14/07/2009] B5E38D80F5BBB6F15EBFEB4BA8DEDD11
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_6.1.7601.17514_none_65eab3ba3a64f6af.manifest --a---- 2055 bytes [03:15 21/11/2010] [03:15 21/11/2010] E9E68AFDAC61BAE0B25E07D0A06E8323
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-david_31bf3856ad364e35_6.1.7600.16385_none_b50b10afa0728978.manifest --a---- 3263 bytes [02:33 14/07/2009] [02:26 14/07/2009] 7AE47CCA11E569DC56A0D57C3B1C590E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-dfkaisb_31bf3856ad364e35_6.1.7600.16385_none_cf50101c76a692b6.manifest --a---- 2093 bytes [02:33 14/07/2009] [02:25 14/07/2009] CDC20CCC92AAE3AA3DD43BE42B50E001
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_6.1.7600.16385_none_2a70c05575ba0bb8.manifest --a---- 3727 bytes [02:33 14/07/2009] [02:16 14/07/2009] CEB455C76EB3676D06541CC3EAF19B6E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54.manifest --a---- 2563 bytes [02:33 14/07/2009] [02:16 14/07/2009] 5363C6C467724C6512941D802EB6352D
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-gabriola_31bf3856ad364e35_6.1.7601.17514_none_e65a866e9dc81eaf.manifest --a---- 2563 bytes [03:15 21/11/2010] [03:15 21/11/2010] 98B03FF28D9981EADD71E243AE5F1AAA
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_6.1.7600.16385_none_d7a960cbb5ebb166.manifest --a---- 3714 bytes [02:33 14/07/2009] [02:15 14/07/2009] 0578DC1516FA41F21A9691F79345A990
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-georgia_31bf3856ad364e35_6.1.7600.16385_none_8ceadd6195267598.manifest --a---- 5090 bytes [02:33 14/07/2009] [02:17 14/07/2009] 1895AB11B789E498F54B53B0640D3255
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-gisha_31bf3856ad364e35_6.1.7600.16385_none_9cb7ddca79444d70.manifest --a---- 2698 bytes [02:33 14/07/2009] [02:19 14/07/2009] 6A3095B39497E368EA72ACBA871161F2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-gulim_31bf3856ad364e35_6.1.7600.16385_none_a1815c1476403b50.manifest --a---- 3931 bytes [02:33 14/07/2009] [02:14 14/07/2009] BEE9C432D3DF7B0E6AE63732EE4344AB
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-impact_31bf3856ad364e35_6.1.7601.17514_none_a7740a1a89b08d82.manifest --a---- 2623 bytes [03:16 21/11/2010] [03:16 21/11/2010] 8AA1E2EB25B4BE03DEB47F8D7E7D9AA0
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-irisupc_31bf3856ad364e35_6.1.7600.16385_none_2449677664faf8df.manifest --a---- 5062 bytes [02:33 14/07/2009] [02:21 14/07/2009] 04A2F608570C41F2897F0A6115AFC5BA
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-kalinga_31bf3856ad364e35_6.1.7600.16385_none_654e82379a40b52b.manifest --a---- 3264 bytes [02:33 14/07/2009] [02:24 14/07/2009] C6A5F605C4A0E2B293B8A407E2375786
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_6.1.7600.16385_none_66211148328492ad.manifest --a---- 3717 bytes [02:33 14/07/2009] [02:24 14/07/2009] 9C503C00E7BB9A151EA7D26B453FB705
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_6.1.7600.16385_none_a4fa82598434113b.manifest --a---- 3863 bytes [02:33 14/07/2009] [02:24 14/07/2009] B917E8E8BDBE3F86C6B20D63896775DD
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3.manifest --a---- 5397 bytes [03:15 21/11/2010] [03:15 21/11/2010] EF1B99037D5C62C6CBDBBED960AC05C8
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_6.1.7600.16385_none_d02cc17733960c0e.manifest --a---- 3841 bytes [02:33 14/07/2009] [02:19 14/07/2009] 22F3316F783F38188830205C002D4B16
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c.manifest --a---- 3705 bytes [02:33 14/07/2009] [02:24 14/07/2009] FD1C03B33E9E799F58A37D887C1C84A2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-lilyupc_31bf3856ad364e35_6.1.7600.16385_none_767d64eb7a9abcc4.manifest --a---- 5062 bytes [02:33 14/07/2009] [02:25 14/07/2009] 0D2603A291FB8AA02D4C7F9F16BA45CE
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_6.1.7601.17514_none_125c068ced09fd34.manifest --a---- 3757 bytes [03:15 21/11/2010] [03:15 21/11/2010] 4B6E92D1BB4D4649F298689B014275A6
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_6.1.7600.16385_none_aa49e9141901cae9.manifest --a---- 2537 bytes [02:33 14/07/2009] [02:17 14/07/2009] D8EE629D989072E00FA3E492585016A3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.1.7600.16385_none_d054871761215689.manifest --a---- 2612 bytes [02:33 14/07/2009] [02:27 14/07/2009] 384B494B333094252700681366AB69AF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-mingliub_31bf3856ad364e35_6.1.7600.16385_none_2516994551e62499.manifest --a---- 3472 bytes [02:33 14/07/2009] [02:25 14/07/2009] 76DFE649463734B311CF0799564DDA45
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-mingliu_31bf3856ad364e35_6.1.7600.16385_none_170f5b78a1ae6145.manifest --a---- 3287 bytes [02:33 14/07/2009] [02:20 14/07/2009] 2028E3191A635511B9014FFCD3B751F2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-miriam_31bf3856ad364e35_6.1.7600.16385_none_7b7a9e11df9f30a1.manifest --a---- 3656 bytes [02:33 14/07/2009] [02:23 14/07/2009] 0F244FBFE8EA97566E8D3009063BC5DE
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-msgothic_31bf3856ad364e35_6.1.7600.16385_none_34a180b79866a79c.manifest --a---- 3491 bytes [02:33 14/07/2009] [02:25 14/07/2009] 23E3AA80858C76F3ABE692BB7C08F9C6
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-msmincho_31bf3856ad364e35_6.1.7600.16385_none_be34642396bfadae.manifest --a---- 3203 bytes [02:33 14/07/2009] [02:15 14/07/2009] C2C1F3142A83746D67B1777192E63508
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_6.1.7600.16385_none_cee2efd161995b03.manifest --a---- 2827 bytes [02:33 14/07/2009] [02:16 14/07/2009] 39D8325099CD5F32BFCFA171E3373306
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-narkisim_31bf3856ad364e35_6.1.7600.16385_none_01fe5ed021465f26.manifest --a---- 2365 bytes [02:33 14/07/2009] [02:27 14/07/2009] 62920A4A5B6CD758A05AF019DBA94ECC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_6.1.7600.16385_none_11cc5af51bce7775.manifest --a---- 2809 bytes [02:33 14/07/2009] [02:14 14/07/2009] 1DC6A688A8180565B84FD2D6489391EF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_6.1.7600.16385_none_cec462f31334afc8.manifest --a---- 3744 bytes [02:33 14/07/2009] [02:26 14/07/2009] 0ECCF6D227DC77B2D15280658444B12E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243.manifest --a---- 3705 bytes [02:33 14/07/2009] [02:13 14/07/2009] 4372E01549F493EBA3911B56124A80B3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-rod_31bf3856ad364e35_6.1.7600.16385_none_ea0e600fcdbd21b9.manifest --a---- 2598 bytes [02:33 14/07/2009] [02:13 14/07/2009] 2360B659384DB72463456EC753819F46
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7600.16385_none_2cb0f5602bedb50f.manifest --a---- 8306 bytes [02:33 14/07/2009] [02:26 14/07/2009] 33272CDFBE275EE35131CD95D15A60FB
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911.manifest ------- 8306 bytes [04:42 16/08/2012] [21:09 05/07/2012] 651A1880A8488BF7D2F78CD1C9975730
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.22045_none_2f4c144d42117054.manifest ------- 8306 bytes [04:42 16/08/2012] [21:08 05/07/2012] 264A4C3DEB834DE5F917464E223B08DB
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-shonar_31bf3856ad364e35_6.1.7601.17514_none_22bcf2b96e304317.manifest --a---- 3514 bytes [03:15 21/11/2010] [03:15 21/11/2010] A12284FD44CD2E9E8E278F50AC6B6ECC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_6.1.7600.16385_none_295c980d6b8c1975.manifest --a---- 3705 bytes [02:33 14/07/2009] [02:28 14/07/2009] D009E450187F272361EED37205547F81
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-simfang_31bf3856ad364e35_6.1.7600.16385_none_e417159f3b4eb1b7.manifest --a---- 2374 bytes [02:33 14/07/2009] [02:16 14/07/2009] 9BE3559EC2A9CED3716F161703ED2386
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-simhei_31bf3856ad364e35_6.1.7600.16385_none_501ca8058dc5e9fb.manifest --a---- 2365 bytes [02:33 14/07/2009] [02:14 14/07/2009] AECB5D8E38876A0D7397795D748FFEA6
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-simkai_31bf3856ad364e35_6.1.7600.16385_none_4e5646f58eea24c2.manifest --a---- 2361 bytes [02:33 14/07/2009] [02:25 14/07/2009] 20F4802FEFDEAEB2556A977FF2096707
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-simsunb_31bf3856ad364e35_6.1.7600.16385_none_ecef7b9d35a0dabd.manifest --a---- 2842 bytes [02:33 14/07/2009] [02:20 14/07/2009] E09F343C82E3348D62E48EC5E3C14EDF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-simsun_31bf3856ad364e35_6.1.7600.16385_none_56fe10b1895fd80b.manifest --a---- 3436 bytes [02:33 14/07/2009] [02:18 14/07/2009] 4675A13F9E1EB02A6E3FCB0E35FFEEEF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-sylfaen_31bf3856ad364e35_6.1.7600.16385_none_baa3a3fe00df3026.manifest --a---- 2834 bytes [02:33 14/07/2009] [02:24 14/07/2009] 98BCF1795FEB446CE4AE285626169DCF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e.manifest --a---- 2907 bytes [02:33 14/07/2009] [02:25 14/07/2009] 00EC06A9133600D2C547F8F8D591A126
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7600.16385_none_8bc15c538e547e20.manifest --a---- 3818 bytes [02:33 14/07/2009] [02:17 14/07/2009] D61CE6D26506B0F89DACA25CA56FF55A
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.17621_none_8de4a1378b4dcecd.manifest ------- 3818 bytes [16:47 14/11/2011] [12:10 24/05/2011] C8C26460D00177522E6C8780DE5AE86E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.21733_none_8e656eaaa471bd36.manifest ------- 3818 bytes [16:47 14/11/2011] [13:22 24/05/2011] 37E607818EC8DD8787A794AABAFC11A7
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-tai_le_31bf3856ad364e35_6.1.7600.16385_none_8b27023f8ebb68a4.manifest --a---- 3726 bytes [02:33 14/07/2009] [02:27 14/07/2009] 6A35F8A3BB454B24AB29FF307D1F67E2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_6.1.7600.16385_none_e4baa884cb08804d.manifest --a---- 3693 bytes [02:33 14/07/2009] [02:19 14/07/2009] EDDDDA4D5747DB4BBEB644FDF996CD5E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202.manifest --a---- 5396 bytes [03:16 21/11/2010] [03:16 21/11/2010] BA2245A2F670C5414F91F7E3BE66180D
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-vani_31bf3856ad364e35_6.1.7601.17514_none_5a885c9b0fafaf30.manifest --a---- 3462 bytes [03:16 21/11/2010] [03:16 21/11/2010] 01BFD80FF763D158FB5BD0C584BD54AC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.17514_none_1c9f288f15cd6e81.manifest --a---- 5090 bytes [03:16 21/11/2010] [03:16 21/11/2010] 8DCB2FFED3C82BEDDF1D96E4BE79AA90
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.17621_none_1c9159ab15d83b94.manifest ------- 5090 bytes [16:47 14/11/2011] [12:08 24/05/2011] FFBE602138745EB7F863302A09F62FB2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.21733_none_1d12271e2efc29fd.manifest ------- 5090 bytes [16:47 14/11/2011] [13:20 24/05/2011] 588B91BEDD030EA1E080DE36D51C7C3F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-vijaya_31bf3856ad364e35_6.1.7601.17514_none_44db357a5c7540d8.manifest --a---- 3494 bytes [03:16 21/11/2010] [03:16 21/11/2010] BC1F01A177243A2CF51228197BE66B30
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_6.1.7600.16385_none_d2195f0f72f474c8.manifest --a---- 3719 bytes [02:33 14/07/2009] [02:15 14/07/2009] 105C3618D7D07B871F8217B453208678
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-webdings_31bf3856ad364e35_6.1.7600.16385_none_0afbb87eda82d5dd.manifest --a---- 2365 bytes [02:33 14/07/2009] [02:22 14/07/2009] 099FBA3877645F8F83031B232C7E9785
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-yibaiti_31bf3856ad364e35_6.1.7600.16385_none_b436b1f0d44f46f1.manifest --a---- 2647 bytes [02:33 14/07/2009] [02:15 14/07/2009] DAFD79689E8D4428B2DCF59ED4C0E052
C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.1.7601.17514_none_4d0830314a4c0938\PortableDeviceTypes.dll --a---- 159744 bytes [00:06 14/07/2009] [01:16 14/07/2009] ADB45A977BD9E45790CA496DB84BA148
C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.1.7601.17514_none_4d0830314a4c0938\portabledevicetypes.mof --a---- 3490 bytes [21:46 10/06/2009] [21:46 10/06/2009] 0481A7A50DB231DA04919B256D6EB39A
Searching for "*OpenCandy*"
No files found.
========== folderfind ==========
Searching for "*babylon*"
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed d------ [20:58 18/11/2011]
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\theme\babylon_feed d------ [17:39 14/11/2011]
C:\Users\Basti\AppData\Roaming\ICQ\398305800\XtrazPrefs\babylon_feed d------ [20:58 18/11/2011]
Searching for "*DVDVideoSoftTB*"
No folders found.
Searching for "*Optimizer Pro*"
No folders found.
Searching for "*DomaIQ*"
No folders found.
Searching for "*Conduit*"
No folders found.
Searching for "*facemoods*"
No folders found.
Searching for "*PriceGong*"
No folders found.
Searching for "*eType*"
Gruß, Patros1001 |
|
23.06.2013, 19:35
| #9 | |
| /// TB-Ausbilder | erneuter GVU Angriff! Servus, bevor wir weitermachen, habe ich noch eine Frage: Hast du den ICQ Sparberater absichtlich/bewusst installiert? Zitat:
|
|
23.06.2013, 19:52
| #10 |
| | erneuter GVU Angriff! Also wäre mir nicht bekannt das ich das bewusst heruntergeladen hätte. Klar dann löschen wir das. gut wäre soweit gelöscht. Ist mein Programm Spybot search&destroy eigentlich sinnvoll? |
|
24.06.2013, 19:58
| #11 |
| | erneuter GVU Angriff! was für nützliche Programme kannst du mir denn noch empfehlen um immer auf dem neusten update und sicher zu sein? |
|
24.06.2013, 21:19
| #12 |
| /// TB-Ausbilder | erneuter GVU Angriff! Servus, Spybot ist nicht mehr so gut wie es schon mal war (meine persönliche Meinung). Wir entfernen die letzten Reste und kontrollieren nochmal alles. Danach entfernen wir alle Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1
Schritt 2 Fixen mit OTL
Code:
ATTFilter :OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.07.11 22:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f}
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O4 - HKLM..\Run: [] File not found
[2013.06.21 20:50:51 | 000,000,004 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\skype.ini
C:\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
C:\Users\Basti\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.pricegong.com%2Ffavicon.png
:Commands
[emptytemp]
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 ESET Online Scanner
Schritt 5 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
27.06.2013, 05:38
| #13 |
| | erneuter GVU Angriff! Hey, Ich schaff das leider erst morgen. |
|
27.06.2013, 14:38
| #14 |
| /// TB-Ausbilder | erneuter GVU Angriff! Servus, alles klar, dann bis morgen. |
|
30.06.2013, 08:52
| #15 |
| | erneuter GVU Angriff! moin moin, otl Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f}\chrome\locale folder moved successfully.
C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f}\chrome folder moved successfully.
C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC136321-1AE5-4A7F-B01C-5380D666175B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC136321-1AE5-4A7F-B01C-5380D666175B}\ not found.
File C:\Program Files (x86)\icq\Internet Explorer\icq.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
C:\Users\Basti\AppData\Roaming\skype.ini moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Basti
->Temp folder emptied: 5382154 bytes
->Temporary Internet Files folder emptied: 18153837 bytes
->Java cache emptied: 83324041 bytes
->FireFox cache emptied: 233683919 bytes
->Opera cache emptied: 52873358 bytes
->Flash cache emptied: 3767 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 320924 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42305012 bytes
RecycleBin emptied: 97934550 bytes
Total Files Cleaned = 509,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06302013_010316
Files\Folders moved on Reboot...
C:\Users\Basti\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Basti\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll moved successfully.
File\Folder C:\Windows\temp\hsperfdata_BASTI-PC$\372 not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
mbam Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Basti :: BASTI-PC [Administrator] Schutz: Aktiviert 30.06.2013 01:12:51 mbam-log-2013-06-30 (01-12-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 216223 Laufzeit: 8 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1d5557ed6d8def49adc1eefc8ec1a369
# engine=14206
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-30 03:30:33
# local_time=2013-06-30 05:30:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 572253 124192883 0 0
# scanned=617878
# found=1
# cleaned=0
# scan_time=14585
sh=A479673670334E0E9EB14AE2276A69D6882D1FDE ft=1 fh=0863bfb2c2e7c375 vn="Win32/LockScreen.APR trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Basti\AppData\Roaming\skype.dat.vir"
Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Secunia PSI (3.0.0.7009) Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities 2013 TuneUp Utilities Language Pack (de-DE) Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 21.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Spybot Teatimer.exe is disabled! Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
| Themen zu erneuter GVU Angriff! |
| abgesicherten, angriff, anleitung, autorun, bild, blöde, chip.de, dateien, eingabeaufforderung, erneut, folge, hallo zusammen, hochfahren, kaspersky, log, löschen, modus, neu, nichts, pcs, problem, system, trojaner, version, webcam |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
