| |
| |||||||
Log-Analyse und Auswertung: Avira hat Trojaner tr/mediyes.gen gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.11.2013, 16:37
| #1 |
| |  Avira hat Trojaner tr/mediyes.gen gefunden Ich habe am 29.10.2013 einen Virenscan mit Avira durchgeführt, da mein Laptop langsamer erschien. Avira fand den Trojaner tr/mediyes.gen Da ich beim Löschen immer sehr vorsichtig bin, habe ich ihn zu nächst in Quarantäne verschoben. Alle weiteren benötigten logfiles sind im Anhang. Hierzu logfile: Typ: Datei Quelle: C:\windows\system32\xpttheaa.tsp Status: Infiziert Quarantäne-Objekt: 1a3ad831.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.12.134 Virendefinitionsdatei: 7.11.110.16 Gefunden: TR/Mediyes.Gen Datum/Uhrzeit: 29.10.2013, 20:30 Typ: Datei Quelle: C:\windows\system32\xpttheaa.tsp Status: Infiziert Quarantäne-Objekt: 50f2ac79.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.12.134 Virendefinitionsdatei: 7.11.110.16 Gefunden: TR/Mediyes.Gen Datum/Uhrzeit: 29.10.2013, 20:29 |
|
11.11.2013, 16:59
| #2 |
| /// TB-Ausbilder   |  Avira hat Trojaner tr/mediyes.gen gefunden Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S /64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S /64
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /64
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /64
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /800
C:\Windows\system32\*.dll /800 /64
CREATERESTOREPOINT
|
|
13.11.2013, 14:08
| #3 |
| | Avira hat Trojaner tr/mediyes.gen gefundenCode:
ATTFilter OTL logfile created on: 11/13/2013 12:25:42 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anja\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 58.79% Memory free 3.49 Gb Paging File | 1.93 Gb Available in Paging File | 55.21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 280.79 Gb Total Space | 33.85 Gb Free Space | 12.06% Space Free | Partition Type: NTFS Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.61% Space Free | Partition Type: FAT32 Computer Name: ANJA-HP | User Name: Anja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/11 18:27:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe PRC - [2013/10/10 19:14:07 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/10/10 19:14:04 | 000,681,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/10/10 19:14:04 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013/01/04 09:28:54 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/10/01 13:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2010/02/17 21:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe PRC - [2007/07/24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/23 21:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2013/01/28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011/11/09 17:20:48 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2011/11/09 17:20:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/08/05 00:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/07/30 04:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010/04/05 19:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010/02/08 19:07:16 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV:64bit: - [2010/02/04 19:48:28 | 000,199,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2009/11/02 21:11:52 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/11/11 17:04:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/10/10 19:14:07 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/10/10 19:14:05 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService) SRV - [2013/10/10 19:14:04 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/10/08 21:09:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2013/01/28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2013/01/04 09:28:54 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/10/01 13:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/17 21:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/07/24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/10/10 19:14:05 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt) DRV:64bit: - [2013/10/10 19:14:05 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013/10/10 19:14:04 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/10/10 19:14:04 | 000,105,856 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/01/04 10:27:50 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2013/01/04 10:27:50 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2013/01/04 10:27:49 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2013/01/04 10:27:48 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/18 12:43:26 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/11/09 17:20:51 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/30 07:47:46 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/11/20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010/11/20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010/11/20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/08/11 17:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/08/05 00:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/08/04 23:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/07/20 22:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/07/20 22:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/07/20 22:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/07/14 15:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010/06/04 01:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/05/21 04:06:38 | 000,096,384 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc) DRV:64bit: - [2010/05/03 23:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/03/19 11:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/03/09 18:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010/03/02 23:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010/02/16 20:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010/02/08 19:07:16 | 000,527,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2010/02/08 19:07:16 | 000,280,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2010/02/08 19:07:16 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2010/02/08 19:07:16 | 000,121,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2010/02/08 19:07:16 | 000,094,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2009/11/02 21:12:00 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/09/12 08:56:50 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012/11/16 15:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012/04/30 19:19:43 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\SECDRV.SYS -- (secdrv) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes,DefaultScope = {8C92A092-F416-4AA5-A542-77E5EBA75736} IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=62c3ebff000000000000e02a823e4d52 IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{88E53329-7746-4236-941E-982AD23A3C71}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{8C92A092-F416-4AA5-A542-77E5EBA75736}: "URL" = hxxp://searchou.com/?q={searchTerms}&id=62c3ebff000000000000e02a823e4d52&r=368 IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40privitize.com:1.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0 FF - prefs.js..keyword.URL: "https://www.google.de/" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - prefs.js..browser.search.defaultenginename: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anja\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anja\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2011/10/30 10:53:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/30 10:53:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/30 10:53:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/01/04 10:28:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/01/04 10:28:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/01/04 10:28:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/01/04 10:28:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/01/04 10:28:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/03 20:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Extensions [2013/10/10 21:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\5berzbu4.default\extensions [2013/04/02 11:11:39 | 000,000,000 | ---D | M] (Privitize.com) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\5berzbu4.default\extensions\ffxtlbr@privitize.com [2013/10/10 21:43:40 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\firefox\profiles\5berzbu4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/04/02 11:09:22 | 000,001,378 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\mozilla\firefox\profiles\5berzbu4.default\searchplugins\privitize.xml [2013/11/11 17:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013/11/11 17:04:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://searchou.com/?id=62c3ebff000000000000e02a823e4d52 CHR - Extension: No name found = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: No name found = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\ CHR - Extension: No name found = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: No name found = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: No name found = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100908183258.dll (McAfee, Inc.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4120671964-2979887947-499652283-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C906C7E-01DD-4307-BB97-BA44FAA178F1}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\myrm - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~2\magnipic\sprote~1.dll) - c:\progra~2\magnipic\sprote~1.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{180be4f9-b3b5-11e0-bd63-e02a823e4d52}\Shell - "" = AutoRun O33 - MountPoints2\{180be4f9-b3b5-11e0-bd63-e02a823e4d52}\Shell\AutoRun\command - "" = D:\Autorun.exe O33 - MountPoints2\{222fe124-e847-11e0-91b6-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{222fe124-e847-11e0-91b6-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe O33 - MountPoints2\{222fe126-e847-11e0-91b6-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{222fe126-e847-11e0-91b6-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe O33 - MountPoints2\{222fe14e-e847-11e0-91b6-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{222fe14e-e847-11e0-91b6-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe O33 - MountPoints2\{222fe150-e847-11e0-91b6-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{222fe150-e847-11e0-91b6-e02a8249b4ae}\Shell\AutoRun\command - "" = K:\StartVMCLite.exe O33 - MountPoints2\{427208f8-cd8c-11e0-b1f0-e02a823e4d52}\Shell - "" = AutoRun O33 - MountPoints2\{427208f8-cd8c-11e0-b1f0-e02a823e4d52}\Shell\AutoRun\command - "" = J:\StartVMCLite.exe O33 - MountPoints2\{427208fb-cd8c-11e0-b1f0-e02a823e4d52}\Shell - "" = AutoRun O33 - MountPoints2\{427208fb-cd8c-11e0-b1f0-e02a823e4d52}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe O33 - MountPoints2\{58d8cf7d-a63b-11e0-9b6b-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{58d8cf7d-a63b-11e0-9b6b-e02a8249b4ae}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe O33 - MountPoints2\{58d8cf7f-a63b-11e0-9b6b-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{58d8cf7f-a63b-11e0-9b6b-e02a8249b4ae}\Shell\AutoRun\command - "" = J:\StartVMCLite.exe O33 - MountPoints2\{58d8d13c-a63b-11e0-9b6b-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{58d8d13c-a63b-11e0-9b6b-e02a8249b4ae}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{6ba11c07-a93b-11e0-b5b3-e02a823e4d52}\Shell - "" = AutoRun O33 - MountPoints2\{6ba11c07-a93b-11e0-b5b3-e02a823e4d52}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe O33 - MountPoints2\{6ba11c09-a93b-11e0-b5b3-e02a823e4d52}\Shell - "" = AutoRun O33 - MountPoints2\{6ba11c09-a93b-11e0-b5b3-e02a823e4d52}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe O33 - MountPoints2\{7041cde0-7a92-11e1-92b0-6431506b3c61}\Shell - "" = AutoRun O33 - MountPoints2\{7041cde0-7a92-11e1-92b0-6431506b3c61}\Shell\AutoRun\command - "" = H:\pbsstart.exe O33 - MountPoints2\{7e0b703e-e902-11e0-919e-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{7e0b703e-e902-11e0-919e-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe O33 - MountPoints2\{7e0b7040-e902-11e0-919e-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{7e0b7040-e902-11e0-919e-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe O33 - MountPoints2\{affefa94-300c-11e2-985a-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{affefa94-300c-11e2-985a-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\Windows\StartInstall.exe O33 - MountPoints2\{e2475866-a18a-11e0-991f-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{e2475866-a18a-11e0-991f-e02a8249b4ae}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe O33 - MountPoints2\{e2475870-a18a-11e0-991f-e02a8249b4ae}\Shell - "" = AutoRun O33 - MountPoints2\{e2475870-a18a-11e0-991f-e02a8249b4ae}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Start.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\StartVMCLite.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\StartVMCLite.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/11/11 18:27:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe [2013/11/11 17:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/10/29 21:17:18 | 000,000,000 | ---D | C] -- C:\FRST [2013/10/29 20:28:34 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Avira [2013/10/29 20:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/10/29 20:20:30 | 000,083,160 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys [2013/10/29 20:20:30 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013/10/29 20:20:29 | 000,132,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013/10/29 20:20:29 | 000,105,856 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013/10/29 20:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/10/29 20:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013/10/29 20:16:54 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\SUPERAntiSpyware.com [2013/10/29 20:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013/10/29 20:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013/10/29 20:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/10/19 17:26:30 | 000,000,000 | ---D | C] -- C:\Users\Anja\Desktop\19.10.2013 [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/11/13 12:10:20 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/11/13 12:09:58 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/11/13 12:09:58 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/13 12:02:26 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/11/13 12:01:29 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001UA.job [2013/11/13 12:01:11 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/11/13 11:58:43 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAnja.job [2013/11/13 11:58:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/11/11 18:27:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe [2013/11/11 16:31:50 | 000,037,898 | ---- | M] () -- C:\Users\Anja\Desktop\Avira-Fund_2.PNG [2013/11/11 16:31:20 | 000,039,195 | ---- | M] () -- C:\Users\Anja\Desktop\Avira-Fund_1.PNG [2013/11/11 16:19:52 | 000,666,762 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013/11/11 16:19:52 | 000,625,568 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/11/11 16:19:52 | 000,135,658 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013/11/11 16:19:52 | 000,111,206 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/11/11 16:19:51 | 001,527,550 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/10/29 22:00:04 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001Core.job [2013/10/29 21:12:09 | 000,000,168 | ---- | M] () -- C:\Users\Anja\defogger_reenable [2013/10/29 20:21:09 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/10/29 20:16:08 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/11/11 16:31:50 | 000,037,898 | ---- | C] () -- C:\Users\Anja\Desktop\Avira-Fund_2.PNG [2013/11/11 16:31:19 | 000,039,195 | ---- | C] () -- C:\Users\Anja\Desktop\Avira-Fund_1.PNG [2013/10/29 21:12:08 | 000,000,168 | ---- | C] () -- C:\Users\Anja\defogger_reenable [2013/10/29 20:21:09 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013/10/29 20:16:08 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/05/07 11:59:58 | 000,017,408 | ---- | C] () -- C:\Users\Anja\AppData\Local\WebpageIcons.db [2011/09/03 11:51:21 | 000,003,584 | ---- | C] () -- C:\Users\Anja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/07/15 09:22:02 | 000,007,607 | ---- | C] () -- C:\Users\Anja\AppData\Local\Resmon.ResmonCfg [2011/07/09 14:25:18 | 000,000,002 | ---- | C] () -- C:\Users\Anja\tenmy.ini [2011/06/28 14:54:44 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5161FDB657.sys [2011/06/28 14:54:38 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2011/10/30 12:23:14 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 5 "ProviderFileName0" = unimdm.tsp -- [2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 4 < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /64 > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 3 "ProviderFileName0" = C:\windows\SysNative\unimdm.tsp -- [2010/11/20 14:24:24 | 000,321,536 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = C:\windows\SysNative\kmddsp.tsp -- [2009/07/14 02:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = C:\windows\SysNative\ndptsp.tsp -- [2009/07/14 02:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = C:\windows\SysNative\hidphone.tsp -- [2009/07/14 02:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) "NumProviders" = 2 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S /64 > "DisplayName" = @%systemroot%\system32\wkssvc.dll,-100 "Group" = NetworkProvider "ImagePath" = C:\windows\SysNative\svchost.exe -- [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) "Description" = @%systemroot%\system32\wkssvc.dll,-101 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage] "Bind" = \Device\Smb_Tcpip_{58373CDD-8847-4 [Binary data over 200 bytes] "Route" = "Smb" "Tcpip" "{58373CDD-8847-48CC [Binary data over 200 bytes] "Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes] 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider] "DeviceName" = \Device\LanmanRedirector "Name" = Microsoft Windows Network "DisplayName" = @%systemroot%\system32\wkssvc.dll,-102 "ProviderPath" = C:\Windows\SysNative\ntlanman.dll -- [2010/11/20 14:27:23 | 000,129,536 | ---- | M] (Microsoft Corporation) 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "ServiceDll" = %SystemRoot%\System32\aptwix12w.dll "ServiceDllUnloadOnStop" = 1 "EnablePlainTextPassword" = 0 "EnableSecuritySignature" = 1 "RequireSecuritySignature" = 0 "OtherDomains" = [binary data] < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S /64 > "DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101 "Group" = TDI "ImagePath" = C:\windows\SysNative\svchost.exe -- [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\System32\dnsapi.dll,-102 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = Tdxnsi [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = C:\Windows\SysNative\dnsrslvr.dll -- [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) "ServiceDllUnloadOnStop" = 1 "extension" = C:\Windows\SysNative\dnsext.dll -- [2009/07/14 02:40:31 | 000,008,192 | ---- | M] (Microsoft Corporation) 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] "ShutdownOnIdle" = 0 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security] "Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo] 64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0] "Type" = 4 "Action" = 1 "GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data] "Data0" = 5355UDP [binary data] "DataType0" = 2 < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010/11/20 13:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009/07/14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data] "Update-Service" = Update-Service [binary data] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /64 > "RPCSS" = RpcEptMapperRpcSs [binary data] "defragsvc" = C:\windows\SysNative\defragsvc.dll -- [2009/07/14 02:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) "LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes] "LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes] "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "WerSvcGroup" = C:\windows\SysNative\wersvc.dll -- [2009/07/14 02:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) "LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data] "termsvcs" = TermService [binary data] "swprv" = C:\windows\SysNative\swprv.dll -- [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) "LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes] "LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data] "NetworkServiceAndNoImpersonation" = KtmRm [binary data] "regsvc" = RemoteRegistry [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSfdre [Binary data over 200 bytes] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkServiceNetworkRestricted" = PolicyAgent [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "sdrsvc" = C:\windows\SysNative\sdrsvc.dll -- [2010/11/20 14:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) "WbioSvcGroup" = C:\windows\SysNative\WbioSrvc.dll -- [2009/07/14 02:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) "imgsvc" = StiSvc [binary data] "wcssvc" = C:\windows\SysNative\WcsPlugInService.dll -- [2009/07/14 02:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation) "AxInstSVGroup" = C:\windows\SysNative\AxInstSV.dll -- [2010/11/20 14:25:44 | 000,114,688 | ---- | M] (Microsoft Corporation) "secsvcs" = WinDefend [binary data] "bthsvcs" = C:\windows\SysNative\bthserv.dll -- [2009/07/14 02:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) "PeerDist" = C:\windows\SysNative\PeerDistSvc.dll -- [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] 64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport] < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com > < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /64 > 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient] < %SystemRoot%\system32\*.tsp > [2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\hidphone.tsp [2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\kmddsp.tsp [2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ndptsp.tsp [2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\remotesp.tsp [2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\unimdm.tsp [1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < %SystemRoot%\system32\*.tsp /64 > [2009/07/14 02:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\hidphone.tsp [2009/07/14 02:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\kmddsp.tsp [2009/07/14 02:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ndptsp.tsp [2009/07/14 02:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\remotesp.tsp [2010/11/20 14:24:24 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\unimdm.tsp < C:\Windows\system32\*.dll /800 > [2012/03/04 00:30:43 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll [2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll [2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll [2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll [2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll [2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll [2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll [2012/11/30 05:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll [2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll [2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll [2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll [2012/11/30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll [2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll [2012/11/30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll [2012/11/30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll [2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll [2012/11/30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll [2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll [2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll [2012/11/30 05:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll [2012/11/30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll [2012/11/30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/11/30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll [2012/11/30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll [2012/11/30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll [2012/11/30 03:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll [2012/11/30 03:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll [2012/11/30 03:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll [2012/11/30 03:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll [2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll [2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll [2013/01/28 14:19:28 | 000,021,792 | ---- | M] (TuneUp Software) -- C:\Windows\system32\authuitu.dll [2012/07/04 22:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll [2012/06/06 06:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll [2012/06/02 05:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2012/06/02 05:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2012/08/02 17:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll [2012/03/11 14:34:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\system32\deployJava1.dll [2012/10/09 18:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll [2012/10/09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll [2012/11/02 06:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll [2012/03/03 06:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll [2012/03/04 00:30:44 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll [2012/03/04 00:30:44 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll [2011/10/15 06:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll [2012/12/07 13:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll [2012/03/04 00:30:44 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll [2012/03/04 00:30:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll [2012/03/04 00:30:45 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll [2012/03/04 00:30:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll [2012/03/04 00:30:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll [2012/03/04 00:30:44 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2012/03/04 00:30:44 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll [2012/11/14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2012/03/04 00:30:45 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll [2012/03/04 00:30:44 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll [2012/11/14 02:46:38 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2012/03/04 00:30:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll [2012/03/04 00:30:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll [2012/11/14 02:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2012/03/01 06:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2012/03/04 00:30:43 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll [2012/03/04 00:30:44 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll [2012/11/14 02:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2012/11/14 03:09:22 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2012/11/14 02:51:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2012/08/11 00:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll [2012/11/30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2012/11/30 05:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll [2012/03/04 00:30:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll [2011/09/10 12:17:20 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msclmd.dll [2012/11/14 02:47:20 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2012/03/04 00:30:45 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll [2012/11/14 03:48:26 | 012,320,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2012/11/14 02:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2012/03/04 00:30:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll [2012/04/07 12:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll [2012/03/04 00:30:46 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll [2012/03/04 00:30:45 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll [2011/12/16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll [2012/11/01 05:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll [2012/11/01 05:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll [2012/11/20 05:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll [2012/10/03 17:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll [2012/07/04 22:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll [2012/10/03 17:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll [2012/10/03 17:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll [2012/01/13 08:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll [2011/11/17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll [2012/01/04 09:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll [2012/11/30 03:44:04 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll [2012/03/04 00:30:43 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll [2011/12/20 22:09:06 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\system32\OpenAL32.dll [2011/11/19 15:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll [2012/03/04 00:30:43 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll [2011/10/26 05:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll [2011/10/26 05:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll [2012/02/17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll [2012/06/02 05:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll [2012/06/02 05:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2012/05/05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll [2012/06/02 05:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll [2012/09/25 23:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll [2012/11/09 05:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2012/02/20 19:01:15 | 000,258,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unicows.dll [2012/11/14 02:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2012/11/14 02:57:44 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2012/11/22 05:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll [2013/01/28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) -- C:\Windows\system32\uxtuneup.dll [2012/11/14 02:48:27 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2012/03/04 00:30:44 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll [2011/11/17 06:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll [2012/11/09 05:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll [2012/11/14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2012/08/24 17:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2012/03/01 06:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll [2012/11/30 05:54:00 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll [2012/12/07 13:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll [2011/12/20 22:09:07 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\system32\wrap_oal.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < C:\Windows\system32\*.dll /800 /64 > [2012/03/04 00:30:40 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll [2011/11/09 17:20:44 | 000,162,816 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\SysNative\AESTAC64.dll [2011/11/09 17:20:44 | 000,068,608 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\SysNative\AESTAR64.dll [2011/11/09 17:20:44 | 000,090,624 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\SysNative\AESTCo64.dll [2011/11/09 17:20:45 | 000,442,368 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\SysNative\AESTEC64.dll [2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/11/30 06:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/11/30 06:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/11/30 06:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/11/30 06:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/11/30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/11/30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/11/30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/11/30 06:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/11/30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/11/30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/11/30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/11/30 06:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/11/30 06:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/11/30 06:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/11/30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/11/30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/11/30 06:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2013/01/28 14:19:28 | 000,026,400 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll [2012/07/04 23:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\browser.dll [2012/06/06 07:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll [2012/06/02 06:41:27 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012/06/02 06:41:28 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2012/06/02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cryptsvc.dll [2011/10/26 06:21:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll [2012/08/02 18:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll [2012/10/09 19:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012/10/09 19:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2012/11/02 06:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll [2012/03/03 07:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2012/03/04 00:30:38 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll [2012/03/04 00:30:38 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll [2011/10/15 07:31:56 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll [2012/12/07 14:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2012/03/04 00:30:38 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll [2012/03/04 00:30:39 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll [2012/03/04 00:30:39 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll [2012/03/04 00:30:40 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll [2012/03/04 00:30:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll [2012/03/04 00:30:38 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll [2012/03/04 00:30:38 | 000,403,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iedkcs32.dll [2012/11/14 07:32:33 | 010,925,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieframe.dll [2012/03/04 00:30:39 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll [2012/03/04 00:30:38 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2012/11/14 06:55:45 | 002,144,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iertutil.dll [2012/03/04 00:30:38 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2012/03/04 00:30:39 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2012/11/14 06:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/03/01 07:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll [2012/03/04 00:30:40 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll [2012/03/04 00:30:37 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll [2012/10/03 18:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iphlpsvc.dll [2012/11/14 06:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/11/14 07:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/11/14 06:59:52 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsproxy.dll [2012/08/11 01:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\kerberos.dll [2012/11/30 06:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2012/11/30 06:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2012/07/11 17:09:48 | 000,064,856 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\klfphc.dll [2012/03/04 00:30:37 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll [2012/05/14 06:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll [2011/11/17 07:35:19 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2011/09/10 12:17:17 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msclmd.dll [2012/11/14 06:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/03/04 00:30:39 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedsbs.dll [2012/11/14 08:06:18 | 017,811,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtml.dll [2012/11/14 06:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/03/04 00:30:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll [2012/04/07 13:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2012/03/04 00:30:41 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll [2012/03/04 00:30:40 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll [2011/12/16 09:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll [2012/11/01 06:43:42 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msxml3.dll [2012/11/01 06:43:42 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msxml6.dll [2012/11/20 06:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2012/10/03 18:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012/07/04 23:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll [2012/10/03 18:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012/10/03 18:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012/10/03 18:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\nlaapi.dll [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\nlasvc.dll [2011/11/17 07:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll [2012/01/04 11:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll [2012/11/30 06:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2012/03/04 00:30:40 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll [2011/12/20 22:09:07 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\SysNative\OpenAL32.dll [2011/11/19 15:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll [2012/03/04 00:30:40 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\profsvc.dll [2011/10/26 06:25:15 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll [2011/10/26 06:25:16 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll [2012/02/17 07:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll [2012/04/26 06:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll [2012/04/26 06:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll [2012/06/02 06:45:31 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\schannel.dll [2011/11/17 07:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\shell32.dll [2012/05/05 09:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll [2011/11/17 07:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll [2011/11/17 07:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll [2011/11/09 17:20:48 | 000,219,648 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\staco64.dll [2011/11/09 17:20:48 | 000,651,264 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapi64.dll [2011/11/09 17:20:49 | 001,484,288 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapo64.dll [2011/11/09 17:20:49 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stcplx64.dll [2011/11/09 17:20:50 | 001,952,256 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stlang64.dll [2012/09/25 23:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012/11/09 06:45:09 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tzres.dll [2012/11/14 07:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/11/14 07:04:44 | 001,346,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\urlmon.dll [2012/11/22 06:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013/01/28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\uxtuneup.dll [2012/11/14 06:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012/07/26 03:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012/03/04 00:30:37 | 000,249,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\webcheck.dll [2011/11/17 07:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll [2012/11/09 06:45:32 | 000,750,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2012/11/14 07:04:11 | 001,392,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wininet.dll [2012/11/30 06:45:14 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2012/08/24 19:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2012/03/01 07:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wmi.dll [2012/11/30 06:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2012/11/30 06:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2012/11/30 06:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2012/12/07 14:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2011/12/20 22:09:08 | 000,419,840 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll [2012/06/02 23:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuaueng.dll [2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012/07/26 04:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012/07/26 04:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012/07/26 04:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WUDFSvc.dll [2012/07/26 04:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012/06/02 23:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2012/06/02 23:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012/06/02 14:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll < End of report > |
|
13.11.2013, 14:09
| #4 |
| | Avira hat Trojaner tr/mediyes.gen gefundenCode:
ATTFilter OTL Extras logfile created on: 11/13/2013 12:25:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anja\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 58.79% Memory free
3.49 Gb Paging File | 1.93 Gb Available in Paging File | 55.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 33.85 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.61% Space Free | Partition Type: FAT32
Computer Name: ANJA-HP | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F290B5-2A21-463B-8D1E-36A2D09F3B9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{202CC94E-BAA2-436E-84FE-60B941B53694}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C1596BA-3BF5-4972-AD1E-0644305C9943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EED468A-264F-4157-88D9-8BA9F5D3A69D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3C7C715A-4E45-41F1-930F-A0C5CC01FF34}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3D4F2FED-263A-4D97-92EA-6C122C491996}" = lport=2869 | protocol=6 | dir=in | app=system |
"{42374644-01E2-48E1-9FB3-EF6D5FA2A3C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4561761C-CE2B-466C-9DB6-875019F75E4C}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B90A4A5-F904-4384-B0C4-F3F1036F8BA1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5352E28B-F85B-4947-B4A6-915B92A95614}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5707A445-ADD8-4E1F-8775-795693DCA41F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{613514E3-4C74-41BB-8260-C34B941ADDFC}" = rport=139 | protocol=6 | dir=out | app=system |
"{6FF03940-3118-4335-BCA8-0AB9B48B2BD3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71DFE1DF-05C5-427B-872B-FE301CFD56F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{72E9B8E2-1528-4045-B71D-52E255A9B05B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{89766A7B-A70A-42B9-AB36-B2E4DA2C9386}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8B74D903-98AF-432E-8ABF-45D92AD5949A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{92620B74-7138-4B48-92FD-BC50550A5436}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A766D9ED-70F4-4650-AC51-1817A63EE599}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A790A5CC-C77D-44E5-A89E-46A052D3FA81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7CC2045-915A-43B8-B5A0-0323CD607A8B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AFEDCEBE-5DC1-4BC7-AE9A-21C485CE1957}" = rport=138 | protocol=17 | dir=out | app=system |
"{B6C57689-A42D-45B9-A147-B58C81442974}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB56EDC2-F936-4C1D-9F93-C8892BC71EAC}" = lport=445 | protocol=6 | dir=in | app=system |
"{BCCA7193-2080-4592-9779-F3A50570D725}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BF381C1C-4E9D-4AEA-9185-463A5C029604}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7C80C3F-5F79-4E70-A6EC-7F235F56464F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA34FFAE-7762-415B-A278-D833DAEC93E7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ED3F2E95-EC20-430C-8788-CCEB583A3AFC}" = rport=445 | protocol=6 | dir=out | app=system |
"{F4DE6A41-314D-4F1D-99E5-3949318A70E6}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5A21057-4992-4F8B-83D4-1AE81AF6CFBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F96EEA9B-86FF-4D70-B6BF-A3606E0DEFD6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD84B071-55FD-4E60-9F5D-F43F9F7500AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008E693E-0417-4A4D-84A5-084123313AA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0584BC5C-DF01-4DDB-8113-039FD7C3164A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{09E3CADF-CCB3-48C4-8F40-F9E7C0A17AEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0C6DA667-D8EC-4372-88F9-D37FFCF2B48F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1BCD0E2B-794B-4ABD-847C-D028153BCD49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2475D38F-B246-4152-A851-DC406486DFA4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2583831D-E856-482D-94EC-4F1A34BE1B46}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |
"{2B11CC13-89AF-4006-BBF6-E1A12536F55E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{369983DD-098F-423E-A97B-7F309D259F59}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{386EADFC-CAEC-4ECC-B651-B18DCCE0A5DB}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |
"{46D0EF7B-885B-41E4-8176-B28219303B64}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{485833CD-FC72-4E81-87C8-100232321529}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4CDCA744-0558-4473-9230-BF86D93595A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D89A9E7-4BCD-4C43-84ED-7A0BA1D0C535}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{5389E858-9EB1-4C7E-B4A1-A9C82845B9C9}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe |
"{55E886F3-B076-4A79-A385-48B393239DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |
"{567D2CB5-5AFB-4B5A-92B2-98B4D04C181C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{576AC4F5-3D73-4324-B53B-32698FF9560D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5CF79173-1B2B-4C7B-9CD0-6486921DDF3A}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |
"{5D0D977B-4A57-4BF7-A5DD-AEDC903477FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{614B0678-B9E2-4BF0-878D-133B30128992}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe |
"{6F0B21AF-9413-41D7-98B3-270751BA3163}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{73108004-D51A-4F66-887B-20ED05257C22}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7F0DDC1F-FE4A-4B37-84E9-6225D2FE8FA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{875F34C4-C198-4AA4-A2C6-C78FB4C8ED1B}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe |
"{921D4A79-0D32-41ED-AEDE-A6B5431D1073}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9AE0509F-E5A5-4D2C-A889-75C095C89AA5}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{9E4098DE-814C-495C-8D12-0F04649462E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9F97BABA-D871-40D3-AD23-76B9AA8B6644}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{A3991CAA-4718-496A-9322-5E63B8A5026B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{AB27AD43-4205-4735-8958-FF04B898D3A2}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe |
"{AC131E8B-CCB3-420D-BCA3-B101CDC8BBBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD68E832-B46C-42FC-A634-328E631540CE}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{B1C13CDB-97D8-4769-84DF-C99CE621606A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B27D279D-2456-4165-8A26-35B407EF8A0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B70F397F-7BF1-40AD-8304-6A459D61ECD6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BABC365D-EFE8-414C-8CAF-4CDA4D815C0A}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{BB02632D-01D7-4523-B7DE-54962AD9F1BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BB8C726B-A7B7-43CD-9060-1F041006FE78}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{C080501B-BAB3-4B72-8E88-A02415BA51C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C598A1D4-4384-414A-B7B7-792DF6EA7AA0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{C5B956F8-E433-486F-975E-68CFAC58F0FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6AE27A2-FD30-4883-905A-6749BAD8B1F4}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{CF0C13AB-10F2-461E-87A7-A483665282F2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D0E60413-66D2-48A2-953C-370BB4D272B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D29E1FE1-64FB-408A-95F3-2B2E02E5FF37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D7FED0FA-D751-425F-8FA5-5392B79BED49}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{DAC4CDD9-2EC8-42D1-B19C-3A694578F77D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DADCAA3F-1EDC-4771-BC5E-A45B6D73FFC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DDCBE5A4-7C25-4B46-9708-974B443E8472}" = protocol=6 | dir=out | app=system |
"{DE79EB63-58B2-4AEE-A478-64AA111C6F62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1C74745-911F-4166-A48E-6EBF331E3E9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7BA1B45-D623-460B-B8B6-1EE4066F489C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E9A93F81-E427-4B9E-922A-6E125B09ED65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ED054555-0EF1-411C-9421-EDA4899C57F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EE150EB8-0F12-480C-BEF6-66D0CA54F47B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF549622-DB15-41F6-8C85-91E9DD05640F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F2D483A3-7B16-442A-8C34-FC912968F525}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC114A6B-4D3B-4F48-BE2C-E011F19AF70D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0DF6233-C349-4297-A07C-8B6B0B3C40C5}" = MagniPic
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25E02664-2308-4DF4-BE71-7D982F6C1BCA}" = TV Star
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{506DDFBE-983F-4BC3-84B8-65F423B2D798}" = NVIDIA PhysX
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = Die Sims™ Inselgeschichten
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = Die Sims - Hokus Pokus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.9.0 "Legend"
"{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4F08198-5C84-4CDE-AE58-65506600C130}" = WinFunktion Mathematik plus 18
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5C1E5E2-11A5-4905-ACC6-6DDD5E3B7705}" = Visual C++ 8.0 x64 Runtime Setup Package
"{DA932D71-E52A-43D5-009E-395A1AEC1474}" = Die Sims™ Lebensgeschichten
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E684A226-D7B1-4B14-9778-44AD48A654F0}" = Corel Home Office
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E882771E-1C12-4E8C-99B6-E1B58DFCCFB2}" = FreeStyle Auto-Assist
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEE83A6D-7E16-ECAB-D10F-0B5813D2799E}" = Application Profiles
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfeeBrowserProtection" = McAfee Browser Protection Service
"Mozilla Firefox 25.0 (x86 de)" = Mozilla Firefox 25.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MVS" = McAfee Virus and Spyware Protection Service
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"Security Task Manager" = Security Task Manager 1.8d
"SP_008a99b9" =
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"UltraStar" = UltraStar 0.9.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ExpressFiles" = ExpressFiles
"Google Chrome" = Google Chrome
"Zip Uncompressor" = Zip Uncompressor
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/7/2012 4:20:19 PM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x16c8 Startzeit der fehlerhaften Anwendung: 0x01cd74da0f02dec4
Pfad
der fehlerhaften Anwendung: C:\windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 4e0dd139-e0cd-11e1-8783-e02a8249b4ae
Error - 8/9/2012 3:32:44 PM | Computer Name = Anja-HP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 7
Error - 8/9/2012 3:32:54 PM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmiprvse.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79d42 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0xd6c Startzeit der fehlerhaften Anwendung: 0x01cd7665bf5ad351
Pfad
der fehlerhaften Anwendung: C:\windows\system32\wbem\wmiprvse.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 03345d48-e259-11e1-9bed-6431506b3c61
Error - 8/10/2012 10:46:04 AM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79d2c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x1700 Startzeit der fehlerhaften Anwendung: 0x01cd7706dc5a3a0f
Pfad
der fehlerhaften Anwendung: C:\windows\system32\taskeng.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 1ba4f45e-e2fa-11e1-9bed-6431506b3c61
Error - 8/12/2012 10:11:37 AM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: defrag.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc4f7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x11c4 Startzeit der fehlerhaften Anwendung: 0x01cd7894613e6bca
Pfad
der fehlerhaften Anwendung: C:\windows\system32\defrag.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: a0598a94-e487-11e1-9bed-6431506b3c61
Error - 8/14/2012 3:57:49 PM | Computer Name = Anja-HP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 7
Error - 8/18/2012 5:37:02 AM | Computer Name = Anja-HP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 7
Error - 8/18/2012 5:37:16 AM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: consent.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79e79 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0xb0 Startzeit der fehlerhaften Anwendung: 0x01cd7d250cdab294
Pfad
der fehlerhaften Anwendung: C:\windows\system32\consent.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 4b58b68c-e918-11e1-87fa-e02a8249b4ae
Error - 8/18/2012 6:01:32 AM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vssvc.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7998d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x7d0 Startzeit der fehlerhaften Anwendung: 0x01cd7d2870a7e296
Pfad
der fehlerhaften Anwendung: C:\windows\system32\vssvc.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: afb4b91e-e91b-11e1-87fa-e02a8249b4ae
Error - 8/18/2012 7:17:15 AM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SCHTASKS.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79da3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x67c Startzeit der fehlerhaften Anwendung: 0x01cd7d33052a3a27
Pfad
der fehlerhaften Anwendung: C:\windows\system32\SCHTASKS.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 43574f56-e926-11e1-87fa-e02a8249b4ae
[ Hewlett-Packard Events ]
Error - 9/27/2012 11:03:46 AM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 10/31/2012 11:01:50 AM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 10/31/2012 11:01:59 AM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 10/31/2012 11:03:01 AM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 11/8/2012 5:11:09 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 11/8/2012 5:13:40 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 11/8/2012 5:13:41 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 11/15/2012 6:23:20 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 11/15/2012 6:24:35 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 11/15/2012 6:24:47 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description =
[ HP Software Framework Events ]
Error - 12/29/2012 2:58:59 PM | Computer Name = Anja-HP | Source = CaslWmi | ID = 5
Description = 2012.12.29 19:58:58.946|00000E94|Error |[CaslWmi]A::A{bool()}|Error
connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden
Fehlers nicht abgerufen werden: 8007041d.
Error - 12/29/2012 3:00:00 PM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.29 20:00:00.278|00000E94|Error |[CaslSmBios]hpSMBIOS::D{bool(byte[]&)}|Aufruf
wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
Error - 12/29/2012 3:03:29 PM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.29 20:03:29.396|00000E94|Error |[CaslWmi]A::A{bool()}|Error
connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden
Fehlers nicht abgerufen werden: 8007041d.
Error - 12/29/2012 3:07:01 PM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.29 20:07:01.198|00000E94|Error |[CaslWmi]A::A{bool()}|Error
connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden
Fehlers nicht abgerufen werden: 8007041d.
Error - 12/29/2012 3:08:01 PM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.29 20:08:01.367|00000E94|Error |a::a{hpCasl.enReturnCode()}|Registering
for SmartAdapter.PluggedIn Failed. RetCode: e_GENERAL_EXCEPTION
Error - 12/30/2012 8:49:31 AM | Computer Name = Anja-HP | Source = CaslWmi | ID = 5
Description = 2012.12.30 13:49:31.587|00000BCC|Error |[CaslWmi]A::A{bool()}|Error
connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden
Fehlers nicht abgerufen werden: 8007041d.
Error - 12/30/2012 8:50:32 AM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.30 13:50:32.926|00000BCC|Error |[CaslSmBios]hpSMBIOS::D{bool(byte[]&)}|Aufruf
wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
Error - 3/15/2013 2:30:10 PM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2013.03.15 19:30:10.285|000011B8|Error |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
597 from BIOS WMI call Read/0Fh while getting SmartAdapter state
[ HP Wireless Assistant Events ]
Error - 3/21/2013 3:42:17 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 4/4/2013 5:57:01 AM | Computer Name = Anja-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 4/4/2013 5:57:29 AM | Computer Name = Anja-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
Error - 4/19/2013 3:54:59 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 5/11/2013 7:19:33 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 5/11/2013 7:20:15 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 6/18/2013 8:50:48 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 7/8/2013 5:30:30 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597 bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
calibration) bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 8/7/2013 5:29:14 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 8/15/2013 2:37:44 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597 bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
calibration) bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
[ Media Center Events ]
Error - 8/9/2013 6:07:23 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 12:07:22 - Fehler beim Herstellen der Internetverbindung. 12:07:23
- Serververbindung konnte nicht hergestellt werden..
Error - 8/12/2013 7:46:28 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 13:46:26 - Fehler beim Herstellen der Internetverbindung. 13:46:26
- Serververbindung konnte nicht hergestellt werden..
Error - 8/12/2013 8:49:40 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 14:49:36 - Fehler beim Herstellen der Internetverbindung. 14:49:36
- Serververbindung konnte nicht hergestellt werden..
Error - 8/17/2013 2:25:01 PM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 20:25:00 - Fehler beim Herstellen der Internetverbindung. 20:25:00
- Serververbindung konnte nicht hergestellt werden..
Error - 8/19/2013 5:59:13 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 11:59:12 - Fehler beim Herstellen der Internetverbindung. 11:59:13
- Serververbindung konnte nicht hergestellt werden..
Error - 8/19/2013 6:59:31 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 12:59:30 - Fehler beim Herstellen der Internetverbindung. 12:59:30
- Serververbindung konnte nicht hergestellt werden..
Error - 8/19/2013 7:59:46 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 13:59:45 - Fehler beim Herstellen der Internetverbindung. 13:59:45
- Serververbindung konnte nicht hergestellt werden..
Error - 8/24/2013 4:44:27 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 10:44:21 - Fehler beim Herstellen der Internetverbindung. 10:44:21
- Serververbindung konnte nicht hergestellt werden..
Error - 9/1/2013 4:30:40 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 10:30:39 - Fehler beim Herstellen der Internetverbindung. 10:30:39
- Serververbindung konnte nicht hergestellt werden..
Error - 9/16/2013 9:13:01 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 15:12:40 - Fehler beim Herstellen der Internetverbindung. 15:12:41
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 11/13/2013 7:58:20 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%126
Error - 11/13/2013 7:58:20 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%126
Error - 11/13/2013 7:58:20 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%126
Error - 11/13/2013 7:58:20 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%126
Error - 11/13/2013 7:58:20 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1062
Error - 11/13/2013 7:58:28 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%126
Error - 11/13/2013 7:58:28 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%126
Error - 11/13/2013 7:58:28 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%126
Error - 11/13/2013 7:58:28 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%126
Error - 11/13/2013 7:58:28 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1062
< End of report >
|
|
13.11.2013, 18:08
| #5 |
| /// TB-Ausbilder | Avira hat Trojaner tr/mediyes.gen gefunden Servus, auf deinem Rechner befinden sich noch Reste von Mediyes. Zudem bist du noch mit Adware und unerwünschter Software infiziert. Wir kümmern uns darum: Schritt 1 Fixen mit OTL
Code:
ATTFilter :services
Update-Service
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
:Commands
[emptytemp]
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4 Downloade Dir bitte  Malwarebytes Anti-Malware
Bitte poste mit deiner nächsten Antwort
|
|
13.11.2013, 20:49
| #6 |
| | Avira hat Trojaner tr/mediyes.gen gefunden Logdatei des OTL-Fix Code:
ATTFilter All processes killed
========== SERVICES/DRIVERS ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Anja
->Temp folder emptied: 602429813 bytes
->Temporary Internet Files folder emptied: 19498868 bytes
->Java cache emptied: 9482767 bytes
->FireFox cache emptied: 415826057 bytes
->Google Chrome cache emptied: 407134986 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 101301 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 575906434 bytes
->Temporary Internet Files folder emptied: 2084150 bytes
->FireFox cache emptied: 6734463 bytes
->Flash cache emptied: 56914 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 114000 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 195727466 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36046003 bytes
RecycleBin emptied: 677744 bytes
Total Files Cleaned = 2,167.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11132013_185649
Files\Folders moved on Reboot...
C:\Users\Anja\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter # AdwCleaner v3.012 - Bericht erstellt am 13/11/2013 um 19:21:14
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Anja - ANJA-HP
# Gestartet von : C:\Users\Anja\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BabylonUpdater
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\clsoft ltd
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\RightClick
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\Program Files (x86)\ExpressFiles
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\MagniPic
Ordner Gelöscht : C:\Program Files (x86)\yourfiledownloader
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Anja\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Anja\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\yourfiledownloader
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\Extensions\ffxtlbr@privitize.com
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Datei Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mj-studio_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mj-studio_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DataMngr
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\magnipic\sprote~1.dll
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16457
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v
[ Datei : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\prefs.js ]
Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i0d523rf.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
-\\ Google Chrome v
[ Datei : C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [12452 octets] - [13/11/2013 19:18:35]
AdwCleaner[S0].txt - [11457 octets] - [13/11/2013 19:21:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11518 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Anja on 13.11.2013 at 19:46:05,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C92A092-F416-4AA5-A542-77E5EBA75736}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Anja\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{001BE13F-FE02-40F9-8C62-AEAE823CE9A1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{00575BFE-9AC8-4B9A-BFE5-3EEC66DACF68}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{007F51D0-5321-4F18-A57A-FD41547ED48A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{00F0B30C-F1E2-4A72-BBCA-BECC436B71BA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{01422EFC-3B30-4E15-9DA8-43D7C5903F2B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{015FBFDD-84F7-478C-87F5-71630EA21A45}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{01C14568-81F8-4A16-A2DC-20EA1C612301}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{020A65ED-F5D8-407D-A2D3-E0E7E21E095C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0237D3BE-EEA9-4584-A349-C96488DA6AE5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{02E2F83E-562E-484C-B364-E30A5F026F61}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0308D409-F6DE-43F1-9670-A6046AD52394}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{030F423B-C867-4D1C-88FA-3638073EA8B8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{031FA85F-4D85-4090-9DDC-C1761FD624F4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{035879C5-C94F-44B9-926A-2B79D74EDF95}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{03AA1DEC-02CE-4AD0-9B4B-936E7FCD0BD0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0502E671-CC91-4C7F-8AB8-2DF9E64320D7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{053EF262-9232-4A92-B5B7-5D5B4C713E1B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{055772A2-78A5-4583-8D18-0FCC479E2D19}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{05B43B5F-B240-444C-9CAD-7AC9F50CD74D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{05E61F23-306C-430C-88AD-8691150AA371}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{063E998D-BE00-4457-93D1-9CE25D295341}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0666B270-E8D2-4187-B761-7A7F8AEF2BFC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{06D3A800-6F54-4967-966B-2DE6243F303D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{06EBA169-E5AC-488C-A7CE-D1A2177D8500}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{071D7A30-A0BB-41E3-BD5A-A862E15DC9A1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{08C337B4-CD0B-48BF-A601-E7CE70F704E3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{094F73AB-A834-4123-BAAC-25CA1438DAD3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{096D7060-8732-433A-9FCE-C067EE49AB19}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0980E307-0B80-4A44-9584-C0144B1F9B89}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{099D89D1-C283-409E-AA31-966D98D03FEE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0A090681-C50A-4F93-9FC1-85AA987F4347}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0AFAE1BE-9483-42B5-818E-70EFBCA1898E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0B393109-0341-42F0-B5C4-72C44FBC1E37}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0B88DFA0-EA21-4B84-8B40-B97E3822ACA7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0C5B8C0D-2F33-4FFC-A9F6-FE4D97D05A1B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0C645EF8-7708-4C49-89F0-596A5FEC9E92}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0CAAB320-63B4-4E6E-B96E-D27EF52E3D11}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0D1B37AA-CB88-43C0-83C1-1381D69DF0C8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0DA78E7F-0E62-4B51-8373-F88EDF829B6D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0DAC62E0-EA2E-4CB8-8384-3DEFF714AF3E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0EB9B722-70AD-4831-80B6-76507A2D6702}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0EFEAFDB-C725-435E-A6E0-26FAF2914007}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1097330E-71BD-43A2-8CDE-9113A3B7313D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1240BD07-6BE8-48A8-9528-1A348C42DB3A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{134E9290-7125-41EF-8AE9-EB0A6F5F851D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1378B717-6299-44BD-9CCD-B3B88BB21373}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{13C7634F-629D-45C1-A4E7-0253709C6241}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{13D0DBC9-D4CF-4944-9239-FCBE4E8AF755}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1463B91A-2E5D-462F-BE2C-AF1F9EDB76A0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{15071DCF-CC14-4DE8-9AA1-8B16F2C4FEA9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{15426CEF-9768-4081-965E-F1A19E949FB4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{156E778B-0BA1-4049-A5B0-24C0750A1D35}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{15BFC1A5-D77C-4F6C-8948-A6DC7CCA45BE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{161B1096-7537-420A-AA2D-572DBAA8222E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1632CF35-FE38-485C-B412-61DF84145215}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1646981A-6E37-4E3A-908E-018949A2619C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{16844505-199E-4E96-AB0C-CDF7BC3D1ABC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{17C333C9-7A55-451E-B4A5-FEA6876A57B1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{17D441B9-88EB-4C80-8443-34AF24394D31}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{185A0E46-7117-437D-8798-7E86766546C6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{186189E3-7F80-48CE-8973-C1C82A2884ED}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{187FEBCE-7E02-4EFC-8963-8EF26BD1A85D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{18BBA536-6A2B-44B6-97F3-953C014BCB93}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{196A9D10-5348-4A22-8DBE-A673EB551DBE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{197E0A47-EAAD-420D-9F8F-32DBEC2BE57F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1A2488E6-E3D2-4DCB-ADF6-33FB8133A313}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1A730EB8-126C-45CF-A05B-565DC1A2CFA1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1A91FB8A-60A5-4696-A3CB-F6981EC5955D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1B241FB1-3A4A-4555-9165-01334B399D58}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1BB18C58-A9E9-4214-ADD6-37A4C4DFE6B9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1CE33AEF-82C3-464D-BFBB-D24774EE6AAF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1D1AFF5C-A4A2-433F-8063-E4B5BF466923}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1D443779-EFF5-40F1-A5DE-9F5EFE403412}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1D45029E-1662-46D2-AA09-AF3D8B35C6DB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1D8F0466-37BB-496A-ACA6-6EF42A56BE95}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1DC1C05D-A381-48B4-BD2D-6F527A9E0871}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1E17ACE8-C9C6-458E-AAD0-1465233FF8BA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1E68DF81-13A4-4CE3-A678-0C7418E87AA9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1ECB9C57-D9FA-4146-B11B-CC2BFA9856DC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1F2A5428-7642-4B42-A09E-C87A7AD60127}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1F68A8B3-4653-4957-84F0-9E2D381B7E8E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1FCB16A3-71B9-4006-B290-8858CA5F806E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2025551A-0277-4BBC-8E2B-421C0C3B8B11}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{203E62AD-2512-4449-A707-396B8DA83505}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2097F026-FD26-49DC-9C66-573B1C424937}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{20EE683C-E7E0-43DF-9E8F-5730C24759AC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{221AE7FB-CD30-44A0-A1BE-BD6ED44D4B1B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{234432E5-7EB5-47E2-967E-93E22D8D08EB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{235F2231-C64C-4537-B159-F15515C81E88}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{23B74BC5-A8BF-4787-A268-1F3661E27E7E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{245069D5-11C1-41B6-81D4-A9B8B8D54B3F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{24C88D75-1E37-4205-A89C-A6C58F927659}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{250B6AB4-2A50-41AD-BBC5-2850FBFE29D1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{253E6AEA-D9BE-4F10-872D-B44C5C62458F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{253E983E-1798-4735-960D-097E33C044E0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{25A36B0A-207E-4E80-ACDD-2436D0BA8C81}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{262F9238-911A-4DC5-840B-292D6B3922CF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{26DC530A-1884-4E61-90E5-FCCC0A8F12AD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2761F357-DB17-41AA-A5D2-49D4F6BCB546}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{27C4221E-3867-4A25-A2B8-BF0178CE2760}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{28403312-BC3D-4AD6-B536-63AAD1AF3A03}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2864AD87-D0C4-404F-9BFA-96B3C7F2E026}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{28DC669A-660C-4A2C-8B76-8ED2AE140806}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2965EDBC-83BA-48EB-9A26-C57D4237A9C1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2990D3EA-0761-492F-833E-7A9BF21EF1CF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{29D487E1-1FD3-4723-8668-05A2E884A72B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2ABBD2A0-C47D-4FF7-927B-156E07244D14}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2AF62FE6-6C69-4F0B-A018-158D02233B4E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2B50654A-8EC6-4D63-B353-5C0664BE200A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2B57EB46-8993-49DB-A2F6-D237958E39D0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2BBBA4D3-50A0-4736-B247-90334E4D6CBF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2BEB30AA-2E62-43AF-852F-80E3F762D3D3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2CD12347-0E90-4EC5-BD89-697BF4CEBDB5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2D9FC0CB-2E2B-4CAC-B286-D919BB907682}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2DBFDC92-4BF5-4C98-9793-D335EB99B295}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2E08B6B8-D796-4943-96EB-506D99C22F30}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2E3142D9-B010-420F-A4A1-0EB0FDF2B1D9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2E5A0998-A9C2-4C78-BB4A-7FDC9DAEC6D5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2E8C8BF5-45A0-4CDD-B180-8506CECECC7D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2EC8F042-CA55-4D18-B583-0133A69C3048}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2EFFA18B-2C48-463F-862F-704AC82E987B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2FEE4148-CC69-4759-A524-EB019AF20E50}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{303D4EDA-FAA1-4938-8047-40343E247A7F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{30430E47-876E-4F11-A996-8E2C49CBDA26}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{30AB7F66-1EE5-431B-B319-3CC26F13BACB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{31090261-E923-4EF1-8ABB-78149E5162BF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{312AF67B-DE78-4D80-BC12-C5059287E5F6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{317D0AC6-99EE-4C9A-B143-E8231D02E0B4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{31B36A3E-6EAF-49AA-890C-224755FB2089}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{326259B8-2D37-4EA3-8D62-9BC9C36950E7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{32841E65-8F9F-452E-96DF-45933B1B548A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{32F64B51-0632-4706-A94E-2879D86CD804}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{338CE20A-A079-494F-A6D3-7EEAEF3D8DEA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{33B2A88E-FBBA-455C-9641-BF1E91954EF5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{33CEB14B-E06A-42C6-B9FD-5FBE34539069}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{33E78270-78BE-4FC2-B703-192185C1BDF5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{348690F6-7682-46E0-81B4-7326A78F1E65}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{34F3C5FB-3EE8-43DA-AC58-246A42913783}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{354D7017-4465-42D3-907D-07BA412D86CC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{356315CC-7BF6-4BDB-9237-21CE7DE43859}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3621ADBD-3255-480F-B8E7-DC4AE65F0964}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{37681789-A696-4FC9-B73B-C7E1D2782929}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{377081D4-9580-450C-B40B-1C2412DE5BBD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{382ACD60-9CAA-48A0-A2E8-2B433EC62E5B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3870A40D-9D8D-42A7-B4AA-4D6A0E3DD665}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{38B590FC-BC48-44E8-A0DB-8728E6E015E2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{394A6B1E-6957-4325-AB45-E20FCCFAF9AB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3A670FA1-CFC6-4181-B303-0C6D16C70FCD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3A84A157-7F33-4DB9-99A6-324464E19F02}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3AA2211B-1B64-4C13-BA08-BC4B3692749A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3B13C19F-8CDC-4CFC-B9F1-83769DBA642D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3B3E81C1-75D5-45AC-A055-0B39643E891E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3C2B2ED2-43C6-4114-A200-210DA77DCFD0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3C5AC8B6-EFE6-40DA-AE9D-1C6C51FBE837}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3C8D7556-83EF-40F2-A3F1-05AEB7828CB6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3CED4B39-AA3D-411B-94A6-DF4B18A108FF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3D1DFEBE-54D0-4B7A-9D0F-CBBD46964DCF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3DDD2BD7-389E-43A2-8E53-BB3E7EB5DF6A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3E350C4F-855E-4805-A8B9-B4C3AF56864A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3E600447-3274-4F45-B23E-FC8B8C078FCE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3F647997-BE37-4AA5-8C7E-FF015FBE2DAE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3F66429C-A58D-4FA6-A8E3-2186AF1DD61F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3FDECFAD-9D7F-49B4-8ADF-68766D87F697}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4002CF26-8743-403F-9065-2D78BC14C854}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{40058F49-6CF9-4259-B5F9-3DB9DBAE98BA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{40377BE4-E077-4F7E-B2E3-D9766FC3979F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4039F200-943A-4618-B703-6293B428CB52}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{403D4D8F-9696-4018-A406-7EDF4995873B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{406B689E-42B5-45F8-A994-58777D6CF0E5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{40BB730D-C98B-4D57-8A6D-5BF7E39E2361}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{40C617FE-B87A-4882-8DA0-AD0F68AB2402}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{41F4472C-45C0-4C1A-9D0F-9E41E9348AA9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{42150026-C9B6-4980-8550-31C24B986085}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4216919F-7D8C-4038-85D4-A54E208C09F4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{425410A4-F6C5-456B-A3F4-DB2094CE8A37}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{42556BD2-0630-44BB-9E6F-76409496C9B0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{42C13826-2B91-4668-9A29-E68C0C8ACA7D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{435A82F8-16EE-4D80-B5D9-E51618C92AB6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{43A668C1-52DB-4A51-8C7D-CD73F9D0D5D2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{442F9312-45D6-4BBC-B093-E4E3FB19EFD0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{448676DF-7472-4E2E-AFFF-6FF38396CF5F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{44A91216-5E15-45DB-A452-0E1D3EEE1B5A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{45BFCBF8-2B45-4F6B-A280-8D9A1500BE73}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{45FC9A63-4DA9-4CC3-8CA1-45463E513CF8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{46026469-EDBA-4DAE-9975-CA4E0199DA1F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{460D606F-3A7D-42F0-9BA3-B33A7A7CD160}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4615926F-41EA-4B11-A321-9E10FC657503}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4628B279-0746-4B9E-BFD6-B78D5D2EA4D7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4656C621-EAC1-4A64-989F-72BA32799B61}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{46E04350-720F-4F69-A548-7B9948DCB667}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{47000BB0-CB2F-4DF3-B50C-680D5C9EB1D1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{47096F0E-7DF1-4DB7-BD0A-650FD2FE2EB3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{47128211-A562-4FB6-A3F7-EAA528DBBF24}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{471B2B97-4DC6-435D-9683-12DBF68BD459}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{47BA8196-7178-4566-9617-EE3D54267BC1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{47D087DC-CB94-439D-9E95-ABB387DFA432}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{48165532-2342-4AEF-8BF0-41B8440B0DEF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{493317BC-C9F6-4FDE-BDFF-89FA3ACC946D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4A69CF54-4B3D-42E7-8101-6EC8C94E235E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4AC88794-6487-4691-984B-6793A92ED880}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4B25DB7B-18D6-40CF-AB52-1D87B86A2F50}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4C252FB1-A2C9-4A38-9BBF-3785BF53C404}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4CC58F37-7272-4B5E-A447-47A226AE52CB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4D27BFE9-B239-42AB-8D90-AEA57BFDB630}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4D62C840-4ABD-434A-AD07-4BFA5B3D466A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4DD3823E-A559-42FE-8D1A-5766D2E32BFA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4DEA2494-F871-441D-8DA8-9DAF78D67CA1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4E22AEE5-2A92-484B-9554-5D71DF824C6E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4E3ED453-EFF3-4AD5-B7D6-55C6B25B889E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4E71ACA8-19F9-4ACC-9A8F-509E16A81BDF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4EB2905C-CB66-48D1-BEE4-D822745C6CE5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4F6E8C7F-9C4F-4995-860F-400F06745F9C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4FD3C279-3D60-4BD6-A6B1-252F8BB3DD94}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4FE894C1-9BF2-4620-84F9-1498435B5CE2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{503436E6-2DF6-4748-8FD8-C8112951230E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{50D17ECA-2A87-4948-8ABD-A5DC0AF874E5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{50E45B55-1537-48AC-8E35-F4BF4CC2876B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{51515737-DDDB-4F12-ACD6-74BA6EBC84DF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5172D9D8-92C9-44AB-8706-3AD958E7C4BE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5213F867-E58E-4BAC-AA9B-567F68A4DDED}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{524F3572-5BFB-481E-AD95-10941410EA2B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{53A5AC0C-AC31-4C27-842B-2BC7F2290B41}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{53BD31A8-6533-4760-A185-FAC52EDB7DFE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{53FA0800-DDAB-4706-8D0C-6B928BF1625B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5466F336-0FE8-4F43-B516-96D650EDCC43}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{546BE58C-6A22-464C-AD21-BD4A923FED35}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{547DE481-FFAC-43C8-8687-86387FB3446A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{54C83F01-55A0-49A5-923C-5A27031A82B9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{551C1F4F-143C-4694-9FD5-3938638140C4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{55443C1D-5D3C-469B-A1C1-19A58E9C3245}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5551CCEC-E243-497F-BD81-9DFDC5231552}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{557C9DA7-4EAE-4D93-8D3F-091280E3F598}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{558A8B4D-980C-492E-9BE4-072B06C22DDF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{55B20E1C-1347-485A-8DC7-5222872DBE13}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{56403899-93AD-4F04-85E1-231CD8760179}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{564C0F3C-8901-43A1-A449-BED5C2B372DF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{56A11499-11F2-41CC-AC82-CF5CB69D7593}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{56B3592C-EC7F-4D38-A7E1-541F94030844}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5713B203-756A-4B73-8D86-D4E15A42E740}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{57D28DE5-8140-4A29-9B7C-E12FC727B79A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{57EFBAF5-0128-4721-B319-FC2F1F3AA480}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5847B1B2-CE4B-45D2-BCC5-A55E1B1ACDB1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{58B26314-8C64-42D9-9454-AF3DCAA58E75}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5939E48C-8153-48AC-8BAB-2A49F4166236}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{59EB8593-899B-430E-8B24-AF25922E9D3A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5AA0FBFA-FA51-48E1-A64C-40B95EAC1ACB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5AA11990-CE2A-4B14-B549-7FFA5B642A81}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5B39FC88-49F2-43BD-89A6-08FBEB80C2ED}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5B4A8AF5-4C87-4085-87A4-F1BA170F1BE6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5C1A7BB0-2D18-4081-B380-A75C8432C880}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5C93FBAD-D997-45F6-96C9-B40B2F2C41E8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5CF24285-0A9D-4362-B5DA-EAA596A5DD3F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5D30D9CB-52EC-4C3D-BEEB-C36D752436B5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5D6E441B-57D8-42B8-8642-E448A5CCE6CA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5DAB78BD-0CF1-4822-A0A6-11D63DFCA19F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5DE21FF4-D4B1-4005-9D13-51EFECD5C8DE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5DFC34D1-5332-4D35-B01E-B519CE065DC7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5E8E5462-F35B-4D6E-B323-49F816B34DC2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5E95A085-A4E5-47CC-8CD3-63E2D2D1F5F6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5F9DE22F-4F56-49B4-9A67-2ACA33AD46EC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6025237B-4640-4830-B159-910AA829E4D7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{60843916-5A7C-4A9D-994A-8AF91616682E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{60A3205F-2958-4FE9-A1B1-8C3BE36A74BB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{60E5903E-D839-45A7-B4A1-DE1ED34BF8A8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{610AC13E-486B-4439-96C5-581EA2CCE366}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{617F8FAA-ED28-4373-8F49-CE45E77CFC2D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{61EA97CE-A996-4FAB-B4E0-2E494434E121}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{620E3953-BBD3-46B2-A60C-E625B006B01F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{620FD506-8CAE-4827-A768-19276C6BC4F5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{623F8014-22DC-4381-82AD-C1FD3814EAD1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{62E7EBA2-81AB-4D7B-A2C8-E856A58C083F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{633C6661-00C6-4AF9-886D-1CF589EEDD83}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6383DE01-85CB-4F55-AEE5-AD77DEB175A1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6408E3BA-D4AC-4236-B6D1-C064AC640C8B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{648923EB-D518-4069-B73E-38EA52CB6D14}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{649A784E-7771-4FC1-96EE-A9D503494BE5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{64CC9BC5-EA4D-46E9-9707-30A74B43F84A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{64FAB5A5-B530-4C1D-BF50-E6E59BE53C9F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{65274363-E427-4E9F-A0F6-C345C5407438}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{65281517-2F45-47A4-AC51-9B1A4DA503E0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6569EE07-DB9D-469E-8488-F4C7AC4EA01F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6591A5E4-28CB-4F8A-B8D2-8BE673ACEA5D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{66044FC4-D4E2-4D8C-A2E5-F10EACC75540}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{66BBA867-8D1D-49B8-9728-DEBD2432B7AB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{68155A39-EF81-4FF4-B933-806B599C5349}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6857306C-E639-4733-B4D2-D7F9CF447FD9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{685C963D-4D0E-400E-858E-0B0C6F5E1D0C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{68964A28-940B-486A-A79B-4E413F2C4478}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{68B14E25-8FEC-4BF9-9EFD-378C316D8AF8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{68EDEA77-E119-4B5D-B19C-7BFA8BE37AF6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6B048CDF-C7E2-4235-B35B-9E29821E6387}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6C370CD6-FB7C-4A74-8CBB-DB6DB2173705}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6D5BB3E9-6E8D-4E96-BCB3-EA079ACA3187}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6D8B6FAF-52DB-49B9-81ED-9CFE0544FAD0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6DB61388-5A72-45FD-8415-1151109563C9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6E37BF22-4638-41A6-A446-E2ADDEA301DC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6E82952E-2B3A-433F-91F6-A2DC1AC340D3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6FE6297E-2AB6-4D18-AC58-2FD0E85613AA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{701193DE-678F-4344-B331-755950B352D4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{71279DAF-305A-43AB-8069-3B4A17682602}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{715E7C03-4568-4BD7-ADF6-70D13D81F91F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{71EC5862-0DF7-4831-A74C-12517B2915E6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{72260607-8893-4B07-973A-BE503D625896}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7239CA03-328B-467A-A583-513107943C41}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{72719D26-3A44-4294-81B6-4C8780618061}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{72B44920-2FE5-4104-BE67-30A85666DA38}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{732DC3A2-64B3-4AE2-BBAD-A13CCA645707}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{73EDA30E-CE0B-4250-9778-BF82EE634FF6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{73F1E4E0-D65F-4D08-B7F9-7A6905133D78}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{742708BF-8A9E-4B39-991E-69A1EE258613}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{74912D82-F165-46D9-AECC-DA6E12480E0D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{74AC72E3-D8A2-488B-961D-975F41DC6898}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{74F7ABEF-A163-478A-A3AA-67F965155CAD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7550652E-0B3A-4EA9-BF03-EABC04E7E33E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7583E8B4-6941-47A5-91AB-75C7E4A1B67D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{76E14521-E387-4932-B549-AEFEABF29E3C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{76E4AE6B-9B4F-4332-9E53-4A43717727BC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{776C3A52-F8E1-41A8-A134-D4376D8CE6FE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{77CC68C8-2E1F-425B-B932-55FABEECED55}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{77E1153F-E571-4797-8FB4-EDE7C9D4C7DD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7808CDE8-5945-49FA-822A-533F054CCD5C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{78100C14-18E2-476A-8E36-EAB0CE0377F7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{782EE0AC-AF77-4501-B629-04F4C99C603E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7903CC78-74E8-45A1-8ABF-EBB46D0E72D8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{79AB7159-68DE-4C56-8E54-105AA5B5499D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7B44C855-318D-431D-94E9-D777A2B38928}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7B7CFB81-45D8-4B52-A796-AEEDF94DA913}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7C5B3FA5-9EB0-437D-A34E-7CBE8D5157AB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7C7BC9A3-78AF-440C-ACFA-3B79F868C12F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7CA2D2BE-19E2-453E-A0E9-4CABC1BDD694}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7CE1DE73-CC93-495B-8A62-FD7AC1BB2EB3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7CF4203D-CF17-4E41-81FA-AF831C4DACD1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7D65B5FD-E638-46A4-8753-BB31B7FDFD76}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7D73A490-529E-4DA3-9DF5-030F932DF1B8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7DA653A8-A47F-4408-8366-02E43B448708}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7DB431C5-EDC4-45F9-BCF3-86F98D217791}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7E5491CD-8AE7-43CD-9B5D-7F1FC843AAC0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7E7E9B65-DF7E-42F0-9DA1-7924F4A31351}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7EA07514-74A2-428A-AD4C-38E1C6A41CF6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7EA956D7-005C-4E39-A644-5540349B7172}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7EBD5BB4-CDB4-4655-A1D5-16091E267232}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7ED462F6-F6ED-4A79-B72D-F49BE3D4E610}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7F7D9F9D-8C04-4016-9457-0263A73D740A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7FC5143C-E51C-4F36-9B8C-935CBA97CBD2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7FC5F9B9-4F29-4E1B-8154-D1A8B68956F6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{80A7F7B9-145C-4D43-81FF-0E667CBEAA6F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{80D859FA-0377-4E8F-AF2B-D0E77B33D90A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8160E0E3-CC14-4D4A-89A4-D9C9217F8831}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{818B2490-2054-4683-A9D7-7659593B034D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{819A2821-331F-433D-ACC6-9C00CB571ED2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{81C3A667-5BC5-4ABB-B1C6-058B41BEAA8C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{81E114A0-1DE7-4387-B80E-CF4EA82F7316}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{82554106-3C2F-47F1-AC96-FE41FD2ABFC2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{825A8288-F13B-4430-BB74-93D980E94E6C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{82BFB72D-3D52-4E4D-A033-0F7EE2C41D00}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8498D211-0AE5-4B93-A083-8D872E041EBA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{84DF3EAC-4574-40EF-81FA-85FB40596912}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{85650BFF-A31A-4AAC-BC52-A4747AC77319}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8574DC71-3C05-4AF4-94A7-215809EF5F82}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{863D93BE-6865-42E8-BD7D-541145735436}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{86556902-A465-483F-BC98-65F8D4CF2DDE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8751AF76-D61C-49B1-9A5C-A1F71736AE40}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{87565F96-BA3D-4186-B56A-AA2C2B9F38A9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8971ED47-1188-41F1-8A44-B51A552CE029}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{89D26E1B-C315-4C9F-92AC-62644972371E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8A5AC2A6-7F80-4840-AFE5-2E72FDA21A14}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8B734D42-CD2F-455E-920E-284C069604BA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8BA24BF9-F031-4A2E-9676-EECB7A817E93}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8C88B55A-363B-454F-918A-5831F6FC69F8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8CAF0D4E-20AF-41A7-89DF-1F1F140FB02B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8D68F275-5392-41CA-98F1-BCBD11EE4CF0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8DA06D37-0B0A-48CB-829A-6F064DB70CE7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8DA62BA4-D426-4AA0-B876-746241642880}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8DB3B168-6616-49D2-AB3F-45C4A1ABA6C5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8DDD12FD-E156-42E0-94BB-413554AC5429}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8DF43BC9-EEE1-446A-9D5B-BCF9D0D3DCEA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8E08A987-9738-4B8A-956B-2ADBE12FB660}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8E1B6190-8495-429E-BFBD-828AC000E89C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8E63A92C-850F-4D3C-8AE6-075926DFE058}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8EC8141A-148A-4F44-8FEE-664B86DC9769}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8EEDF908-2785-4058-87F9-6F756FEF8515}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8F77CE25-B7BE-4B66-8BC9-325AB20037BE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8F787935-3EE0-4F03-98E6-7FFC048307AA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8F8BB9B7-9026-4C1C-BEFF-70BC366DF50D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{902B6170-FDBA-427C-A38B-CA77AB764694}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{905BCD13-65C3-4506-B544-4D1911A6DC7E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{90664843-102F-4BA3-8212-2A989072E73D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9096A005-A78B-4D24-97AC-73E807CC69AC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{918FB3A7-B759-499A-B7BD-F3B52365D7D1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{924B8F7E-ADA9-4DC1-BD19-ED8730A68783}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9297A23E-7A17-4C14-9589-72C6C41D3008}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{929BCC0B-3512-4AD1-B1EF-629C5E80FD96}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{92ADED59-8C98-47C6-9847-7A5D5E414ED9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{93753F91-DF0B-48DF-AE0B-91142B4DE14D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{93858B89-D40F-4C05-82AB-D6DE98D7A781}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{93C13575-9C05-434E-890B-3E3CA746AD19}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{93CE7780-3265-4B91-9B9D-C6D0BCF3FABB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9432D393-B663-41ED-91FC-04BF40FD4BFA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{946EDEA5-5A9E-4217-8E09-975803C5610B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{961CC196-A1EE-4A6A-A8EC-FD3064126198}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{96599C35-5E0E-4C0F-9B4A-290F9CFC1EA8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{966D2B2F-1D2A-42F1-AEF8-5CC7A4BF2858}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{96A0071A-12E6-4CFA-9D03-BC12B6CDC55A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{96E0FF46-9143-45FE-9F39-E35B428DCFC1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{96F8DE14-FAA6-4F32-9429-88852FC91439}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9746DCE9-F335-445D-BCAF-F8D2F476B5DF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{97A1120D-C99E-4598-977F-838AF3BBEAE8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{97A48E15-5580-4E66-9C83-AA0C92CDC36D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{97DABED2-EC0F-4632-87A4-4F652446B816}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{97DFFEBB-B862-419D-8D4B-526BD0F3E5C5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{984DF10F-3139-4CD0-95DD-76270F661129}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{997F46C8-2DB0-4162-AF6C-AD27EB26F7A6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9A50CC3F-8F70-4DC1-AC35-02C6621F77E2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9AD05902-1A3E-4C71-AEC6-3B8074194794}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9AEF0853-7CA4-405F-A549-6BAB98CBFBE5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9B5CCB2D-55CB-4619-83AE-6E25A5393848}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9B9690E9-AE6E-4E8A-88CD-5C07D1EAA807}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9BA20F36-E6AB-4D54-B245-3BF4EF899072}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9BBDB8BE-ADD2-4DFB-983C-001C8D0D65C8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9BC38920-22D5-4C80-8A9A-C833E5203745}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9BEB70A3-C98D-462F-94FA-0586A9D2CF52}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9BFA521A-76DE-4894-BED5-068D53DCFFAE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9C2183AD-2307-4627-9C1A-8D73EDAA572B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9C66E84B-FE22-41D5-9F02-08CD70DCF016}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9C81DF49-D574-4135-AE91-0806A89CE0B6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9D5F02A4-861F-44DA-9C2B-EB0B32699F47}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9DF9EDD1-B036-4C88-823B-7ED2B5F63A10}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9E4185BE-F574-4BF7-BAA9-677163CD5EB8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9E5DA368-C101-4543-8131-E10CE9BAC305}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9E8894AE-B217-44C1-A745-E888FE499BE7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9EA63F34-F5D9-4117-8597-35DF555145C6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9EE23DD7-3787-4B9A-BCC2-8E2F5F0409A8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9EE5D4C9-38A6-4F0B-8262-0CFC6BF7D369}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9EFDDED9-CCA3-4EA7-977A-411268C9ECB7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9F508FDA-D722-4AA7-8A80-8A9F4B6E7111}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A059DCF3-F53B-4FE8-9C2C-45BA52AC95FE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A07E77E7-F27F-46AF-8A59-078E38F275E7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A0804CE2-BB42-405F-95A9-21F08A29B84C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A16D81E7-D15B-4988-8F4F-78594F998EAD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A1D79073-07D5-4F39-B0E9-030A5ACA4742}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A1E89F35-8C8F-46AC-A2AA-A7024409DB21}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A22A9BF2-4ED6-48EC-B82A-3FE030D9FBC3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A27CACC7-DE4E-4C51-A98A-FB360AA2963A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A2866FD2-4FA6-4A66-AEFA-5C2EA9FCF1A5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A3018F9D-8BC0-4B67-88D5-AB0DDDF00A34}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A366BBFB-19FE-4B35-98FE-2CE8DE672A66}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A391697E-F240-40EB-BD0F-1EBE87BBB32B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A3A63358-41C7-4673-8CFA-CD7CF6ACCF6E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A3CD8793-2DC7-4281-AFB2-E32961774216}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A400FBEE-0781-422A-9503-61F274213727}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A4DF34B7-5382-4BC7-9DBC-6E54D508E87C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A55D6178-81E2-4720-81DD-F45BD9F551B8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A5BB18EC-B9A9-42FB-922F-E3C5D7927AF7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A6926EB7-FC1B-457E-BEC8-A1F8C6A2577A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A6B70E0D-8FB1-4664-AD46-E3368926B617}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A6C719B8-FE01-405F-9E9B-3B3B790F8C9F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A72272F5-1547-406B-AFBC-12A3AE604EED}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A75FD6C2-7F8F-4D55-B5BC-FA5F64B0C8F7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A786A4EE-502B-47DB-95DE-9812EE42F882}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A7A2B1F8-5FC2-48D5-86B3-9B3B47FE507D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A8113341-9151-430F-A5AB-C3BEAADC3173}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A869AF50-B78E-437A-BF76-62E3EEEE4C48}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A8B34496-B62C-4ABF-B2D6-4B5162CABEDC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A8E610FC-ED6F-4306-9D37-67521D554662}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A9971C8C-FCB4-439B-BA61-DF57879B7463}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A9C7AE72-4260-48FA-93DD-DD4D9A601EBD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AA3AAEC5-BEA4-4932-ADD5-9E1FEABBF8BE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AA65164C-67BA-4CD1-9973-749C2FFBEC12}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AB04498C-ECAC-4EF4-A4C7-D6878F65D7B8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AB0AB631-2F02-4AEE-92AB-CAFE7AFB03DD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AB85EFDB-A1C8-425E-B1D7-1A3E9DB75CE9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AD03CA33-0F89-48F4-A4BC-5C3E86AE364B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AD51D4F3-955C-42BD-8198-71FEA249D367}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{ADEBA2B6-4A8B-4934-80F8-417EB4C7C430}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AE2ED5C1-5F6C-49D2-853B-100A95EF0930}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AE612A59-1F87-4D99-97AB-AE0D8A8B2C12}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AE824F95-03B0-48FD-8A70-442C48274C4F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AEF03A84-4780-40AF-A802-E80BB208D24A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AFDDD416-6F9A-4224-B252-A6FBAF980C87}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B0D2C3C5-C1DC-44AD-A87F-602261F56647}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B0D4A45B-072F-4D51-A7E1-7ABC43097A14}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2431322-625D-497C-84A4-9258EFD5BFF8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2717228-F3FA-49CB-887D-6E5EF6A322C7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B29C2DCF-FE3E-4DF7-A282-AA1693FDD266}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2BAB039-3E7A-4599-B940-E7CA648FACD4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2CF853C-E442-4B27-BF0D-04FE97056464}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2DD219E-9744-48BC-8CB0-949ACBD6C435}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2EC07AF-CE3E-400F-9876-3408F5035C65}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2F572E1-A0F3-475C-A9F7-5774F7B65889}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B30BCD61-8F63-40A3-A9D5-0E029BCD46EC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B36F1962-CCB7-4D7D-B13A-FB13AB7E2AB6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B375EAAB-D7A0-4A93-898E-3BD73C06E344}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B3D9127B-E317-478E-9A64-D455B89E7FFD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B41C9C93-7E92-4C7A-9915-A7D9884C8C60}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B49542EE-ED6D-4EF0-B241-B5F35012C7E8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B4F58925-DF72-48B1-9516-4419F69459A5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B553C0A9-80CB-422E-B107-739571D11A68}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B5A86B83-133E-41BF-98C7-E8BD4D79281F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B617CB14-F776-4AFA-B830-0ECC5F8989BC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B61CF9F5-B398-4B3B-BE25-20AD67464B8A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B6CF4BBF-980E-4C70-97ED-359CF64A69F1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B76282A9-B0AF-4044-BD3F-8CD9FE55FC83}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B7D164D1-B320-4164-B689-6CBBBAD856D3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B8AEDF83-7EE9-4A9C-95FB-F5E42108A0C5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B8E0B8BB-301B-4095-8BEA-56E93ADF5550}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B8E2D615-B861-469A-B0A2-B49205AD6232}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B9335A49-CCD4-4C3B-944B-6E9595C427C0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B93D408B-1CAB-494E-BDCA-C25BA1C0937D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BA6C5763-76BE-4B9D-81F9-2A0AF4A4FDF8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BA89C3CE-14A5-4AA2-B2C8-955C4F2B951A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BAE64349-8E1C-4331-9B7B-6ECB2CBD1729}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BAF80117-DDB0-43D8-A59F-656CD94E0ADF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BB1F4439-F53E-4B45-9C85-D6E5EE4C93E8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BB76B79F-1FC3-4021-A43E-FF9801942FBE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BB8BFF4F-6803-49E5-BB1A-FA7968A7FE8E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BC779EAA-8F7E-483E-9D18-5713106EA182}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BCA8F5DD-3F8E-4EB0-A511-D7D1863504BB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BCE2B4A0-C26E-4AEC-82BC-9449B14F3D78}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BCF4E29E-5FB5-451D-BE02-56C9EA91AC0C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BD6C6292-5464-4464-83FF-382979328BF6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BD9C02FF-DF2B-4A6D-A6E3-0CBBDB111559}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BDE84F83-7350-452B-9519-3D08389395FA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BE4711A5-C4F8-439A-B34E-60BF2FDFC1F9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BE8C3C5F-73B5-4476-8E72-76C388CC55C5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BEDA1BED-A0A8-409C-8A30-BD4941E21EFD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BF601E7C-548D-40DA-8446-154756DF5024}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BF920F1E-08C3-4C31-BA38-75DF72D722F7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BF943B0B-4DE7-49B4-B5BC-73D5A0812383}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C004536D-0F48-4750-A79C-D335998DAE39}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C05B83C9-0F00-4BE4-8481-723B75B10638}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C0F743EC-9031-45BF-991A-FA9611050DA5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C1F8FFD2-33A6-4863-99BE-49D0FFA9202E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C26BF1CF-C65D-4898-9492-3BE32FCA555F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C270558A-37B4-4E1B-A3E9-48741019A8E9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C2902D45-D13E-496E-81FE-EBE72B35CA98}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C2A3AADB-7BB6-4CE8-BF8B-3A243C8CEEE9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C38EA6B8-01FF-4E85-B995-9B738CCB8677}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C3F07004-8DAF-4E1A-BED5-74A4B6719512}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C4785231-8188-4C37-9D97-95A729B2468C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C4E684ED-8F59-4B37-8C45-EBB23062E5D7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C52BD7BF-3DF6-4725-A9A6-97F7C91EC82C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C58858DD-2D99-4415-9C01-E614524D2664}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C6296497-4439-43F9-9481-F80474831081}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C65B2566-A34F-4F43-96A6-3906036BBCB3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C65CE090-F426-4F35-BDA6-D05B57C0E727}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C68267A9-1AEC-424E-9A67-11A3AF1EB170}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C6926C4B-590B-4501-A584-36E5A63B28DE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C6FFD51A-CE51-4771-AD9B-7074FD5A08F7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7141693-1A40-4515-97F1-94587EE2373F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7874CE3-4443-4F70-B7A6-3D7F74849A3C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7989BC1-53CE-422A-90EB-6E05E3731D38}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7A3D162-8764-4DA1-AECB-BABDA1A015B9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7D7C174-87E6-49A0-9861-86D642831C70}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7E3165C-08A0-4062-8D9F-B5C55F4C7B3A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C80621FE-FEA9-4D68-88CE-819DE931AC7D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C8065619-23C4-4446-B950-CA9162D54104}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C844187E-59C6-454D-A563-B812084657B1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C85B7647-4C1D-4160-A1D9-4B9014305AB2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C963F9D8-DF88-44DC-96F9-AD403DFF694E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C98221CA-B015-4E55-9A3E-6A31E7E16BE7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CA768A58-D7C4-4A8D-89FB-B85C49345B0F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CA88F34F-9F37-4987-9FD9-195950ACC76D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CA9DE0AD-43EA-409C-94E8-F47BEC2B3494}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CB06A848-FA43-4B83-98C8-0E5CAD5DEF70}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CB2A71E7-65FB-4FBF-93FE-C3AEED221813}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CB5A4A7E-9D83-4C29-A513-D804099C91D8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CBDC070A-EA02-44DA-9A0C-7EBE80CFA261}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CD363335-7858-4D1F-989E-C2E9E721102B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CDC3E5C5-DE2A-460C-8C2B-A38A752C47E0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CE1B7B00-4B45-40E0-819E-FDF010BC3949}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CE9D22C0-48EB-4F84-946A-7C8FC8F9BFA9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CEA592C1-E26B-4216-99AA-059A82A15CDC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CF32EB01-07E2-4A73-8D10-0D6C82D3E1CD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D03654FD-D163-4C02-A417-F514220FAFD1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D07D86A8-A20C-47E8-9045-17A58588AFAD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D0F58798-D27A-4E6A-9B22-EFF9A6DA2ABE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D114A7C9-4D06-4B31-8A78-A21C5BD266FB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D20BF1D7-7159-4C8D-BDEE-28E206126AE8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D2258E63-E77D-40CA-AFF4-45046BC0EC4B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D25CBC76-88F5-4F94-B60E-6DCA8C8FB88D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D2DCE3BF-55A3-460F-95CA-91FA32C2A6F2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D305E9FA-1680-44D0-B4A4-91E79BF6A502}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D32E73F9-164A-492A-8ABF-46479ED10508}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D4133B67-F309-4F0B-8E3C-0EC009A3A115}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D41E4132-E2EF-480F-8E77-8576FFEB387D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D4371291-9ED3-451F-A826-9B8F40EED23C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D48C0A21-0C3E-47E5-8FDB-CBEE8D5CEEC9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D4C4DFE7-F6C6-4947-9848-8685E84102A3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D56FD96C-0539-4CC2-BE82-1E7C57B5B607}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D5A2A205-EDB3-4758-8F09-59FADBF5A0CD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D5A2E7B7-24AB-4ADA-B134-17846686E7E7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D5A87AF8-0F6E-491D-B061-40C5DAE6A2A9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D5E05E70-7F38-4FD7-B612-0CCD2D8A6232}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D6447622-16B8-4A23-8042-44D92489FB12}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D645EFBF-5E57-4E9E-915B-D9EF2BA3DE9A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D700F990-AC0A-455F-9B5A-F928513DBF11}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D72ACCBD-36F5-4705-BE89-5886CF6E7441}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D791E100-A951-4D78-B6E3-768211729F0D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D7FD0D17-BCB6-45F7-AA8F-DBEB43A68965}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D7FF3495-DE65-43DE-AB13-4C6A7C6C5BE1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D80E9F75-10DB-4C48-8660-2490D55D1C27}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D941100F-B582-485C-BFA2-76462489D23A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D9F74CC1-6675-452E-AEF5-34E840F9159A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D9F8B07E-9B7B-4230-81B1-934BAF947136}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DA2822CD-6B0F-4350-9A71-43BAC0FC5562}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DA55FF90-8CAF-4334-A4B8-4B3FBF11793C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DA6070DB-DD9A-495C-B96C-5583D0E0EB0D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DA6549DC-6F2E-434B-A983-9FA8139A42F1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DB3F0163-9C0F-427B-8CF8-D9C20501A5FE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DC41414F-A651-4FAF-8CE4-78C59212A6C3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DC9FC6C4-38E9-42D7-93DC-A2560D1FACDD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DCC78E8B-7DC3-441A-B13C-AB164A1F4163}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DD14A8FA-7DD9-434B-9B15-1D2465817EC9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DD5260A0-FD54-40E2-84DF-AC38E483E12E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DD57D282-B297-40D2-935B-C5AC2BF18994}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DE0ACAFE-DFAE-44D1-A8EC-FA2DA1AAE7D2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DEC1E18C-31AB-4C92-8481-BB7AC8D3050F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DF230B03-7C3C-47BC-A6C4-766103AFF303}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DF7C819A-A6C9-46A5-B36C-FAEDF2084FC7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DF8143E1-DCB7-43D0-B21E-05D80A2E1232}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E19C40BE-4CAD-4806-BC9D-592E197649D5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E1ABA728-C881-4C35-BD55-D4DE4E5BD63E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E1BC9A35-BF1B-447A-BDEC-4BE4116BE69E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E21CDDC1-994D-4163-BB8E-DA832A044D6E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E2366277-DBBD-4DE1-809A-BDDD54778624}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E25C98FB-8BAA-4767-9C9F-B35C842270D0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E2CDE4A2-3F20-4B90-B967-69A9E109AAEF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E30B12DD-645A-4D1D-8F11-A3BDE53948EE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E3A6201A-A18F-4437-B5C9-2D3F2BA6ACA4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E3B7247C-B5E5-409D-B3D4-5EB4FF044A68}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E44E602E-EED7-4C6A-92C1-5DD49F882485}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E585CC77-A9B1-492F-9054-E1D8AF998E66}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E5899508-5B6A-441D-BA97-CB60E774DA3E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E597655C-D13B-4E61-819F-66900DCFEC4B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E5CF1D30-0F2A-4323-9F54-EE9912E2DA49}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E5D6D24C-6225-4C99-9A5C-E8D22AC7319D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E622C403-A842-4934-955D-3E67DFB08864}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E69950F8-CE76-4254-80A6-65FE1E3455FB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E6D10605-EF91-4927-A746-6344960ADB73}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E6E34437-01BC-4135-8F09-DE8149FA32AB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E8363D44-FBB5-454B-A595-7FA8749B3790}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E90843D9-7E0D-4757-9555-AC37F228451C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E97F2785-FFD7-4D46-8059-9AD508E1EDAC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA205228-5853-4B5D-9BE1-0399F662D665}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA4140DE-8067-4D90-8EC9-28BE5A243564}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA5B2C98-F40E-4453-B8B9-DFB7E8BE421E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA7488FE-9E38-437F-8549-848AA1E9C4C0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA7BC9C4-86DD-4D95-BD91-1A8D15DAAC7C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EAB583AB-7640-4389-A670-7918950FE558}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EB93A933-396E-4597-B6D0-ECE9C6CA50BB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EBF15F71-BB7E-43B6-87FA-C656A303DE7A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EC0E3403-124E-4565-AB67-8FF953E05199}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EC943DDA-BFD0-44C0-B48F-4D0DD429776D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{ED1D5E91-6382-4139-B63C-767B63BA5443}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EE5E8F1F-61E6-488C-B976-0EF2FD2DB0B1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EE7E15DB-72C0-4568-AF82-C713D112F6D7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EE7E74B4-AD1A-4714-A5F5-70F44166C8E2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EE9C7F37-D706-4BC0-AD86-FAC74DF05C18}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EEE80F47-5A78-456C-8ABE-E66D232B338E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EF8DAD79-EBA3-4117-8F0B-258DCB872081}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F0274F39-F917-4519-956A-C971B09C4FFE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F0B62E2E-E940-43C2-8F55-870DFEADCCE9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F0E7019C-F36D-4302-A50B-BD049BB391E7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F1163A8B-7222-44AD-8B49-89EA0B1FA502}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F169A3B3-CB29-41C4-8CCA-BEE493D57A8C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F1CF0B04-39A2-40F1-8003-EE0B38213B62}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F1E3F15E-9262-4D0F-92C9-A50C70E4A809}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F1E571CB-3D82-4EB7-9DD7-E78499F20200}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F21D63E6-605C-4891-8F28-47E85B08FEB1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F2CDCC86-E348-49A4-823B-0A1317610497}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F2CFEF96-E699-4340-8622-6468C63BA29D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F3A177F7-039F-45A0-A733-98A75BA1C4A4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F3C49E89-CB43-4AF1-AFB2-1414C43A53D2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F4286779-9D51-431A-A5EE-DC0373A59D41}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F44A7C2C-C1D8-4F16-8EA5-E51611C35FDD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F4F2EF79-B188-4365-8795-A0281992330A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F53E94A2-2F1A-46B3-B5C1-1599958461E8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F53F6D25-D180-4E9C-9DFF-B42512F950DA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F55CE0AE-90A8-43AD-90BA-81AA58E62B2F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F584795F-3859-40D2-B5F7-6605DCACB8F0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F58D6EA7-180D-4F2A-8386-26A37B79A184}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F5C4B6ED-CC20-4DA8-A43A-321326A3B6E1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F69D71A9-EC5C-49CA-AB51-B170C5EDAD3E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F6D57397-8F07-431B-9E51-CB5C28CE2BB7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F6F58FA8-F400-45E7-80F7-324FF9AE2025}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F70891C7-D857-4A58-BBB7-DB1C4BEB5E5A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F71BB0DE-1B55-4FE9-9580-D1142A2F5AA9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F784DA2F-4FB0-40D6-8100-051C2CAA2761}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F83AE19C-3DBA-4C04-A05E-8AFC6C27B0B5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F871AD50-1CA6-431A-B0D8-ECEA9627BCA4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F8D2E47E-1FFB-4D4D-BA68-C9195F23251D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F99074F9-2FAB-4D4F-8C29-C355B6BE53BD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F9F0A2BC-6593-4FE7-935B-AD867680F53F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FA1DCBA3-891D-4479-B233-BF61BDD11E01}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FA50024A-1178-4A79-9CDE-C4239B3CC69E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FA73E340-DC61-4F08-B6FB-4D213C3E30FF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FAF1EF35-E21B-4525-B45D-BF1EE8303B5E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FB894500-2570-4C36-8A2D-1A2323467BCD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FBE1E6B8-AA2E-428B-A2FB-386888D56C34}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FEAF57C4-D767-4628-AB98-1BE3D44158F3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FECDC011-22FC-4F04-9F3E-91D84968FA7E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FFD961DE-BF30-4A90-9554-B5ED09E84B85}
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Anja\appdata\local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.11.2013 at 20:00:06,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.13.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anja :: ANJA-HP [Administrator] 13.11.2013 20:09:13 mbam-log-2013-11-13 (20-09-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228442 Laufzeit: 15 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Anja\Downloads\petz_5_full_version_free_downloader_de_99028.exe (PUP.Optional.GoForFiles.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
14.11.2013, 17:12
| #7 |
| /// TB-Ausbilder | Avira hat Trojaner tr/mediyes.gen gefunden Servus, Wir spüren die letzten Reste auf, damit wir sie später entfernen können: Schritt 1 Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden wieder zwei Logdateien erzeugt. Poste mir diese. Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Gibt es noch Probleme mit Malware? Wenn ja, welche? Wie läuft der Rechner derzeit? Bitte poste mit deiner nächsten Antwort
|
|
16.11.2013, 10:36
| #8 |
| | Avira hat Trojaner tr/mediyes.gen gefunden FRST-Dateien FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Anja (administrator) on ANJA-HP on 15-11-2013 22:08:46
Running from C:\Users\Anja\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\windows\system32\atibtmon.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-10] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6588144 2013-10-02] (SUPERAntiSpyware)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
MountPoints2: G - G:\Start.exe
MountPoints2: I - I:\StartVMCLite.exe
MountPoints2: K - K:\StartVMCLite.exe
MountPoints2: {180be4f9-b3b5-11e0-bd63-e02a823e4d52} - D:\Autorun.exe
MountPoints2: {222fe124-e847-11e0-91b6-e02a8249b4ae} - I:\StartVMCLite.exe
MountPoints2: {222fe126-e847-11e0-91b6-e02a8249b4ae} - I:\StartVMCLite.exe
MountPoints2: {222fe14e-e847-11e0-91b6-e02a8249b4ae} - I:\StartVMCLite.exe
MountPoints2: {222fe150-e847-11e0-91b6-e02a8249b4ae} - K:\StartVMCLite.exe
MountPoints2: {427208f8-cd8c-11e0-b1f0-e02a823e4d52} - J:\StartVMCLite.exe
MountPoints2: {427208fb-cd8c-11e0-b1f0-e02a823e4d52} - I:\StartVMCLite.exe
MountPoints2: {58d8cf7d-a63b-11e0-9b6b-e02a8249b4ae} - D:\StartVMCLite.exe
MountPoints2: {58d8cf7f-a63b-11e0-9b6b-e02a8249b4ae} - J:\StartVMCLite.exe
MountPoints2: {58d8d13c-a63b-11e0-9b6b-e02a8249b4ae} - E:\Autorun.exe
MountPoints2: {6ba11c07-a93b-11e0-b5b3-e02a823e4d52} - D:\StartVMCLite.exe
MountPoints2: {6ba11c09-a93b-11e0-b5b3-e02a823e4d52} - I:\StartVMCLite.exe
MountPoints2: {7041cde0-7a92-11e1-92b0-6431506b3c61} - H:\pbsstart.exe
MountPoints2: {7e0b703e-e902-11e0-919e-e02a8249b4ae} - I:\StartVMCLite.exe
MountPoints2: {7e0b7040-e902-11e0-919e-e02a8249b4ae} - I:\StartVMCLite.exe
MountPoints2: {affefa94-300c-11e2-985a-e02a8249b4ae} - I:\Windows\StartInstall.exe
MountPoints2: {e2475866-a18a-11e0-991f-e02a8249b4ae} - D:\StartVMCLite.exe
MountPoints2: {e2475870-a18a-11e0-991f-e02a8249b4ae} - D:\StartVMCLite.exe
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-04] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\Gast\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Gast\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\Gast\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Gast\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
AppInit_DLLs: [0 ] ()
Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {88E53329-7746-4236-941E-982AD23A3C71} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100908183258.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - No File
Handler-x32: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: https://www.google.de/
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Anja\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Anja\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\searchplugins\privitize.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox
FF Extension: No Name - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
Chrome:
=======
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Safe Money) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Virtual Keyboard) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0
CHR Extension: (Anti-Banner) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Anja\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-04] (Kaspersky Lab ZAO)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-02-04] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2010-02-08] (McAfee, Inc.)
R2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [282824 2010-02-17] (McAfee, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2012-01-18] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-01-04] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-01-04] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-01-04] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2013-01-04] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121760 2010-02-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-02-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [527592 2010-02-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94224 2010-02-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [280008 2010-02-08] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2012-04-30] (Macrovision Europe Ltd)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-08-13] (Kaspersky Lab)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-15 22:08 - 2013-11-15 22:11 - 00020715 _____ C:\Users\Anja\Downloads\FRST.txt
2013-11-15 22:03 - 2013-11-15 22:04 - 01957794 _____ (Farbar) C:\Users\Anja\Downloads\FRST64.exe
2013-11-15 19:51 - 2013-11-15 19:51 - 00015581 _____ C:\Users\Anja\Desktop\Nachtrag.ods
2013-11-15 15:43 - 2013-11-15 15:43 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-11-15 15:40 - 2013-11-15 15:40 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Jahreszeiten.lnk
2013-11-15 15:32 - 2013-11-15 15:32 - 00003046 _____ C:\windows\System32\Tasks\{755B076A-C28C-4BE3-A000-452A4D9791AA}
2013-11-15 14:44 - 2013-11-15 14:44 - 00002282 _____ C:\Users\Public\Desktop\Die Sims™ 3 Diesel Accessoires.lnk
2013-11-15 14:01 - 2013-11-15 14:01 - 00002292 _____ C:\Users\Public\Desktop\Die Sims™ 3 Gib Gas-Accessoires.lnk
2013-11-15 13:54 - 2013-11-15 13:54 - 00002256 _____ C:\Users\Public\Desktop\Die Sims™ 3 Luxus-Accessoires.lnk
2013-11-15 13:38 - 2013-11-15 13:38 - 00002346 _____ C:\Users\Public\Desktop\Die Sims™ 3 Design-Garten-Accessoires.lnk
2013-11-15 13:27 - 2013-11-15 13:27 - 00002318 _____ C:\Users\Public\Desktop\Die Sims™ 3 Traumsuite-Accessoires.lnk
2013-11-15 13:14 - 2013-11-15 13:14 - 00002274 _____ C:\Users\Public\Desktop\Die Sims™ 3 Stadt-Accessoires.lnk
2013-11-15 13:05 - 2013-11-15 13:05 - 00002246 _____ C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
2013-11-15 12:46 - 2013-11-15 12:46 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Lebensfreude.lnk
2013-11-15 12:29 - 2013-11-15 12:29 - 00002264 _____ C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk
2013-11-14 22:10 - 2013-11-14 22:10 - 00002192 _____ C:\Users\Public\Desktop\Die Sims™ 3 Showtime.lnk
2013-11-14 21:25 - 2013-11-14 21:25 - 00002210 _____ C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk
2013-11-14 21:00 - 2013-11-14 21:00 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
2013-11-14 20:29 - 2013-11-14 20:29 - 00002086 _____ C:\Users\Public\Desktop\Die*Sims™*3.lnk
2013-11-13 20:06 - 2013-11-13 20:06 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Malwarebytes
2013-11-13 20:05 - 2013-11-13 20:05 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-13 20:05 - 2013-11-13 20:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 20:05 - 2013-11-13 20:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 20:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-13 20:04 - 2013-11-13 20:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Anja\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-13 20:00 - 2013-11-13 20:00 - 00075181 _____ C:\Users\Anja\Desktop\JRT.txt
2013-11-13 19:45 - 2013-11-13 19:45 - 00000000 ____D C:\windows\ERUNT
2013-11-13 19:43 - 2013-11-13 19:43 - 01034531 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe
2013-11-13 19:16 - 2013-11-13 19:21 - 00000000 ____D C:\AdwCleaner
2013-11-13 19:15 - 2013-11-13 19:16 - 01085542 _____ C:\Users\Anja\Desktop\adwcleaner.exe
2013-11-13 19:11 - 2013-11-13 19:12 - 00001069 _____ C:\Users\Anja\Desktop\SRWare Iron.lnk
2013-11-13 19:11 - 2013-11-13 19:11 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2013-11-13 18:56 - 2013-11-13 18:56 - 00000000 ____D C:\_OTL
2013-11-13 18:51 - 2013-11-13 18:51 - 00001004 _____ C:\Users\Public\Desktop\SRWare Iron.lnk
2013-11-13 18:51 - 2013-11-13 18:51 - 00000000 ____D C:\Users\Anja\AppData\Local\Chromium
2013-11-13 18:51 - 2013-11-13 18:51 - 00000000 ____D C:\Program Files (x86)\SRWare Iron
2013-11-13 18:50 - 2013-11-13 18:50 - 30706620 _____ (SRWare ) C:\Users\Anja\Downloads\srware_iron.exe
2013-11-13 18:47 - 2013-11-13 18:47 - 00000966 _____ C:\Users\Anja\Desktop\Continue Zip Extractor Installation.lnk
2013-11-13 18:32 - 2013-11-13 18:32 - 00000000 ____D C:\Users\Anja\AppData\Roaming\TP
2013-11-13 12:59 - 2013-11-13 12:59 - 00100712 _____ C:\Users\Anja\Desktop\Extras.Txt
2013-11-13 12:56 - 2013-11-13 12:56 - 00194440 _____ C:\Users\Anja\Desktop\OTL.Txt
2013-11-11 18:27 - 2013-11-11 18:27 - 00602112 _____ (OldTimer Tools) C:\Users\Anja\Desktop\OTL.exe
2013-11-11 17:03 - 2013-11-13 18:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 16:32 - 2013-11-11 16:32 - 00001362 _____ C:\Users\Anja\Desktop\quarantaene.txt
2013-10-29 22:21 - 2013-10-29 21:28 - 00032697 _____ C:\Users\Anja\Desktop\FRST_29-10-2013_21-28-06.txt
2013-10-29 22:21 - 2013-10-29 21:28 - 00029935 _____ C:\Users\Anja\Desktop\Addition.txt
2013-10-29 22:15 - 2013-10-29 22:15 - 00001202 _____ C:\Users\Anja\Desktop\Gmer.txt
2013-10-29 21:39 - 2013-10-29 21:40 - 00377856 _____ C:\Users\Anja\Downloads\gmer_2.1.19163.exe
2013-10-29 21:25 - 2013-10-29 21:28 - 00030958 _____ C:\Users\Anja\Downloads\Addition.txt
2013-10-29 21:17 - 2013-10-29 21:17 - 00000000 ____D C:\FRST
2013-10-29 21:12 - 2013-10-29 21:12 - 00000540 _____ C:\Users\Anja\Downloads\defogger_disable.log
2013-10-29 21:12 - 2013-10-29 21:12 - 00000168 ____C C:\Users\Anja\defogger_reenable
2013-10-29 21:09 - 2013-10-29 21:12 - 00050477 _____ C:\Users\Anja\Downloads\Defogger.exe
2013-10-29 20:28 - 2013-10-29 20:28 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Avira
2013-10-29 20:21 - 2013-10-29 20:21 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-29 20:20 - 2013-10-29 20:20 - 00000000 ____D C:\ProgramData\Avira
2013-10-29 20:20 - 2013-10-29 20:20 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-29 20:20 - 2013-10-10 19:14 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-10-29 20:20 - 2013-10-10 19:14 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-10-29 20:20 - 2013-10-10 19:14 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-10-29 20:20 - 2013-10-10 19:14 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-10-29 20:16 - 2013-10-29 20:16 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-29 20:16 - 2013-10-29 20:16 - 00000000 ____D C:\Users\Anja\AppData\Roaming\SUPERAntiSpyware.com
2013-10-29 20:15 - 2013-10-29 20:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-29 20:15 - 2013-10-29 20:15 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-29 20:09 - 2013-10-29 20:09 - 27866848 _____ (SUPERAntiSpyware) C:\Users\Anja\Downloads\SUPERAntiSpyware.exe
2013-10-29 20:08 - 2013-10-29 20:09 - 123853152 _____ C:\Users\Anja\Downloads\avira_free_antivirus_de.exe
2013-10-19 17:26 - 2013-10-19 19:20 - 00000000 ____D C:\Users\Anja\Desktop\19.10.2013
==================== One Month Modified Files and Folders =======
2013-11-15 22:11 - 2013-11-15 22:08 - 00020715 _____ C:\Users\Anja\Downloads\FRST.txt
2013-11-15 22:08 - 2013-03-09 13:11 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 22:04 - 2013-11-15 22:03 - 01957794 _____ (Farbar) C:\Users\Anja\Downloads\FRST64.exe
2013-11-15 22:01 - 2012-03-18 17:42 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 22:00 - 2011-10-10 18:52 - 00001116 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001UA.job
2013-11-15 22:00 - 2011-10-10 18:52 - 00001064 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001Core.job
2013-11-15 21:55 - 2010-11-30 07:36 - 02014866 _____ C:\windows\WindowsUpdate.log
2013-11-15 21:54 - 2009-07-14 05:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 21:54 - 2009-07-14 05:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 21:47 - 2012-05-07 11:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-15 21:44 - 2012-03-18 17:42 - 00001102 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-15 21:43 - 2013-04-04 12:35 - 00036261 _____ C:\windows\setupact.log
2013-11-15 21:43 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-15 19:51 - 2013-11-15 19:51 - 00015581 _____ C:\Users\Anja\Desktop\Nachtrag.ods
2013-11-15 19:34 - 2011-07-04 20:17 - 00000000 ____D C:\Users\Anja\AppData\Roaming\uTorrent
2013-11-15 19:28 - 2011-07-04 20:22 - 00000000 ____D C:\Users\Anja\Downloads\The Sims 2 Seasons
2013-11-15 19:03 - 2013-04-05 19:23 - 00187178 _____ C:\windows\PFRO.log
2013-11-15 15:49 - 2013-04-18 17:10 - 00000000 ____D C:\Users\Anja\Documents\Electronic Arts
2013-11-15 15:47 - 2011-08-13 12:02 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Origin
2013-11-15 15:47 - 2011-08-13 11:59 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-15 15:43 - 2013-11-15 15:43 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-11-15 15:43 - 2013-06-21 21:35 - 00001092 _____ C:\windows\KB893803v2.log
2013-11-15 15:43 - 2011-08-13 12:00 - 00000000 ____D C:\ProgramData\Origin
2013-11-15 15:40 - 2013-11-15 15:40 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Jahreszeiten.lnk
2013-11-15 15:37 - 2011-07-08 09:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-11-15 15:37 - 2010-09-09 01:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-15 15:32 - 2013-11-15 15:32 - 00003046 _____ C:\windows\System32\Tasks\{755B076A-C28C-4BE3-A000-452A4D9791AA}
2013-11-15 14:44 - 2013-11-15 14:44 - 00002282 _____ C:\Users\Public\Desktop\Die Sims™ 3 Diesel Accessoires.lnk
2013-11-15 14:01 - 2013-11-15 14:01 - 00002292 _____ C:\Users\Public\Desktop\Die Sims™ 3 Gib Gas-Accessoires.lnk
2013-11-15 13:54 - 2013-11-15 13:54 - 00002256 _____ C:\Users\Public\Desktop\Die Sims™ 3 Luxus-Accessoires.lnk
2013-11-15 13:38 - 2013-11-15 13:38 - 00002346 _____ C:\Users\Public\Desktop\Die Sims™ 3 Design-Garten-Accessoires.lnk
2013-11-15 13:27 - 2013-11-15 13:27 - 00002318 _____ C:\Users\Public\Desktop\Die Sims™ 3 Traumsuite-Accessoires.lnk
2013-11-15 13:14 - 2013-11-15 13:14 - 00002274 _____ C:\Users\Public\Desktop\Die Sims™ 3 Stadt-Accessoires.lnk
2013-11-15 13:05 - 2013-11-15 13:05 - 00002246 _____ C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
2013-11-15 12:46 - 2013-11-15 12:46 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Lebensfreude.lnk
2013-11-15 12:29 - 2013-11-15 12:29 - 00002264 _____ C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk
2013-11-14 22:10 - 2013-11-14 22:10 - 00002192 _____ C:\Users\Public\Desktop\Die Sims™ 3 Showtime.lnk
2013-11-14 21:25 - 2013-11-14 21:25 - 00002210 _____ C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk
2013-11-14 21:00 - 2013-11-14 21:00 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
2013-11-14 20:29 - 2013-11-14 20:29 - 00002086 _____ C:\Users\Public\Desktop\Die*Sims™*3.lnk
2013-11-13 20:06 - 2013-11-13 20:06 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Malwarebytes
2013-11-13 20:05 - 2013-11-13 20:05 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-13 20:05 - 2013-11-13 20:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 20:05 - 2013-11-13 20:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 20:04 - 2013-11-13 20:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Anja\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-13 20:00 - 2013-11-13 20:00 - 00075181 _____ C:\Users\Anja\Desktop\JRT.txt
2013-11-13 19:45 - 2013-11-13 19:45 - 00000000 ____D C:\windows\ERUNT
2013-11-13 19:43 - 2013-11-13 19:43 - 01034531 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe
2013-11-13 19:21 - 2013-11-13 19:16 - 00000000 ____D C:\AdwCleaner
2013-11-13 19:21 - 2011-06-30 19:28 - 00000000 ____D C:\ProgramData\ICQ
2013-11-13 19:16 - 2013-11-13 19:15 - 01085542 _____ C:\Users\Anja\Desktop\adwcleaner.exe
2013-11-13 19:12 - 2013-11-13 19:11 - 00001069 _____ C:\Users\Anja\Desktop\SRWare Iron.lnk
2013-11-13 19:11 - 2013-11-13 19:11 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2013-11-13 18:56 - 2013-11-13 18:56 - 00000000 ____D C:\_OTL
2013-11-13 18:51 - 2013-11-13 18:51 - 00001004 _____ C:\Users\Public\Desktop\SRWare Iron.lnk
2013-11-13 18:51 - 2013-11-13 18:51 - 00000000 ____D C:\Users\Anja\AppData\Local\Chromium
2013-11-13 18:51 - 2013-11-13 18:51 - 00000000 ____D C:\Program Files (x86)\SRWare Iron
2013-11-13 18:50 - 2013-11-13 18:50 - 30706620 _____ (SRWare ) C:\Users\Anja\Downloads\srware_iron.exe
2013-11-13 18:47 - 2013-11-13 18:47 - 00000966 _____ C:\Users\Anja\Desktop\Continue Zip Extractor Installation.lnk
2013-11-13 18:32 - 2013-11-13 18:32 - 00000000 ____D C:\Users\Anja\AppData\Roaming\TP
2013-11-13 18:24 - 2013-11-11 17:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 12:59 - 2013-11-13 12:59 - 00100712 _____ C:\Users\Anja\Desktop\Extras.Txt
2013-11-13 12:56 - 2013-11-13 12:56 - 00194440 _____ C:\Users\Anja\Desktop\OTL.Txt
2013-11-13 11:58 - 2013-06-05 22:53 - 00000328 _____ C:\windows\Tasks\HPCeeScheduleForAnja.job
2013-11-11 18:32 - 2013-06-05 22:53 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForAnja
2013-11-11 18:27 - 2013-11-11 18:27 - 00602112 _____ (OldTimer Tools) C:\Users\Anja\Desktop\OTL.exe
2013-11-11 16:32 - 2013-11-11 16:32 - 00001362 _____ C:\Users\Anja\Desktop\quarantaene.txt
2013-11-11 16:19 - 2010-09-09 01:21 - 00666762 _____ C:\windows\system32\perfh007.dat
2013-11-11 16:19 - 2010-09-09 01:21 - 00135658 _____ C:\windows\system32\perfc007.dat
2013-11-11 16:19 - 2009-07-14 06:13 - 01527550 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-29 22:15 - 2013-10-29 22:15 - 00001202 _____ C:\Users\Anja\Desktop\Gmer.txt
2013-10-29 21:40 - 2013-10-29 21:39 - 00377856 _____ C:\Users\Anja\Downloads\gmer_2.1.19163.exe
2013-10-29 21:28 - 2013-10-29 22:21 - 00032697 _____ C:\Users\Anja\Desktop\FRST_29-10-2013_21-28-06.txt
2013-10-29 21:28 - 2013-10-29 22:21 - 00029935 _____ C:\Users\Anja\Desktop\Addition.txt
2013-10-29 21:28 - 2013-10-29 21:25 - 00030958 _____ C:\Users\Anja\Downloads\Addition.txt
2013-10-29 21:17 - 2013-10-29 21:17 - 00000000 ____D C:\FRST
2013-10-29 21:12 - 2013-10-29 21:12 - 00000540 _____ C:\Users\Anja\Downloads\defogger_disable.log
2013-10-29 21:12 - 2013-10-29 21:12 - 00000168 ____C C:\Users\Anja\defogger_reenable
2013-10-29 21:12 - 2013-10-29 21:09 - 00050477 _____ C:\Users\Anja\Downloads\Defogger.exe
2013-10-29 21:12 - 2011-06-28 14:38 - 00000000 ___DC C:\Users\Anja
2013-10-29 20:39 - 2013-10-29 20:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-29 20:29 - 2009-07-14 06:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-29 20:28 - 2013-10-29 20:28 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Avira
2013-10-29 20:21 - 2013-10-29 20:21 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-29 20:20 - 2013-10-29 20:20 - 00000000 ____D C:\ProgramData\Avira
2013-10-29 20:20 - 2013-10-29 20:20 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-29 20:16 - 2013-10-29 20:16 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-29 20:16 - 2013-10-29 20:16 - 00000000 ____D C:\Users\Anja\AppData\Roaming\SUPERAntiSpyware.com
2013-10-29 20:15 - 2013-10-29 20:15 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-29 20:09 - 2013-10-29 20:09 - 27866848 _____ (SUPERAntiSpyware) C:\Users\Anja\Downloads\SUPERAntiSpyware.exe
2013-10-29 20:09 - 2013-10-29 20:08 - 123853152 _____ C:\Users\Anja\Downloads\avira_free_antivirus_de.exe
2013-10-19 19:20 - 2013-10-19 17:26 - 00000000 ____D C:\Users\Anja\Desktop\19.10.2013
2013-10-19 10:56 - 2012-03-18 17:42 - 00004102 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-19 10:56 - 2012-03-18 17:42 - 00003850 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:\Users\Anja\AppData\Local\Temp\avgnt.exe
C:\Users\Anja\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-13 12:51
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by Anja at 2013-11-15 22:12:48
Running from C:\Users\Anja\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: McAfee® Total Protection™ Service (Disabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee® Total Protection™ Service (Disabled - Out of date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee® Total Protection™ Service (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
µTorrent (x32 Version: 3.0.0)
Adobe Acrobat 5.0 (x32 Version: 5.0)
Adobe AIR (x32 Version: 2.7.0.19530)
Adobe Download Assistant (x32 Version: 1.0.2)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
AION Free-to-Play (x32)
Application Profiles (x32 Version: 2.0.4182.33919)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Avira Free Antivirus (x32 Version: 14.0.0.411)
Bing Bar Platform (x32 Version: 6.0.2237.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center InstallProxy (x32 Version: 2010.0805.358.5180)
Catalyst Control Center Localization All (x32 Version: 2010.0805.358.5180)
CCC Help Chinese Standard (x32 Version: 2010.0805.0357.5180)
CCC Help Chinese Traditional (x32 Version: 2010.0805.0357.5180)
CCC Help Czech (x32 Version: 2010.0805.0357.5180)
CCC Help Danish (x32 Version: 2010.0805.0357.5180)
CCC Help Dutch (x32 Version: 2010.0805.0357.5180)
CCC Help English (x32 Version: 2010.0805.0357.5180)
CCC Help Finnish (x32 Version: 2010.0805.0357.5180)
CCC Help French (x32 Version: 2010.0805.0357.5180)
CCC Help German (x32 Version: 2010.0805.0357.5180)
CCC Help Greek (x32 Version: 2010.0805.0357.5180)
CCC Help Hungarian (x32 Version: 2010.0805.0357.5180)
CCC Help Italian (x32 Version: 2010.0805.0357.5180)
CCC Help Japanese (x32 Version: 2010.0805.0357.5180)
CCC Help Korean (x32 Version: 2010.0805.0357.5180)
CCC Help Norwegian (x32 Version: 2010.0805.0357.5180)
CCC Help Polish (x32 Version: 2010.0805.0357.5180)
CCC Help Portuguese (x32 Version: 2010.0805.0357.5180)
CCC Help Russian (x32 Version: 2010.0805.0357.5180)
CCC Help Spanish (x32 Version: 2010.0805.0357.5180)
CCC Help Swedish (x32 Version: 2010.0805.0357.5180)
CCC Help Thai (x32 Version: 2010.0805.0357.5180)
CCC Help Turkish (x32 Version: 2010.0805.0357.5180)
ccc-core-static (x32 Version: 2010.0805.358.5180)
ccc-utility64 (Version: 2010.0805.358.5180)
Corel Home Office - CS Templates (x32 Version: 5.6.5)
Corel Home Office - CT Templates (x32 Version: 5.6.5)
Corel Home Office - IPM (x32 Version: 5.6.5)
Corel Home Office - JP Templates (x32 Version: 5.6.5)
Corel Home Office - KR Templates (x32 Version: 5.6.5)
Corel Home Office - Launcher (x32 Version: 5.6.5)
Corel Home Office - Templates RU (x32 Version: 5.6.5)
Corel Home Office - Templates1 (x32 Version: 5.6.5)
Corel Home Office (x32 Version: 5.0.87.621)
Corel Home Office (x32 Version: 5.6.5)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.40.2.0131)
Die Sims - Hokus Pokus (x32)
Die Sims 2 (x32)
Die Sims 2: Family Fun - Accessoires (x32)
Die Sims 2: Nightlife (x32)
Die Sims 2: Open For Business (x32)
Die Sims 2: Wilde Campus-Jahre (x32)
Die Sims™ 2 Apartment-Leben (x32)
Die Sims™ 2 Freizeit-Spaß (x32)
Die Sims™ 2 Gute Reise (x32)
Die Sims™ 2 H&M®-Fashion-Accessoires (x32)
Die Sims™ 2 Haustiere (x32)
Die Sims™ 2 IKEA® Home-Accessoires (x32)
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (x32)
Die Sims™ 2 Party-Accessoires (x32)
Die Sims™ 2 Teen Style-Accessoires (x32)
Die Sims™ 2: Glamour-Accessoires (x32)
Die Sims™ 3 (x32 Version: 1.42.130)
Die Sims™ 3 Design-Garten-Accessoires (x32 Version: 7.0.55)
Die Sims™ 3 Diesel Accessoires (x32 Version: 14.0.48)
Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96)
Die Sims™ 3 Gib Gas-Accessoires (x32 Version: 5.0.44)
Die Sims™ 3 Jahreszeiten (x32 Version: 16.0.136)
Die Sims™ 3 Late Night (x32 Version: 6.0.81)
Die Sims™ 3 Lebensfreude (x32 Version: 8.0.152)
Die Sims™ 3 Luxus-Accessoires (x32 Version: 3.0.38)
Die Sims™ 3 Reiseabenteuer (x32 Version: 2.0.86)
Die Sims™ 3 Showtime (x32 Version: 12.0.273)
Die Sims™ 3 Stadt-Accessoires (x32 Version: 9.0.73)
Die Sims™ 3 Traumkarrieren (x32 Version: 4.0.87)
Die Sims™ 3 Traumsuite-Accessoires (x32 Version: 11.0.84)
Die Sims™ Inselgeschichten (x32)
Die Sims™ Lebensgeschichten (x32)
Energy Star Digital Logo (x32 Version: 1.0.1)
Formelrechner (x32 Version: 1.00.0000)
FreeStyle Auto-Assist (x32)
Gameforge Live 1.9.0 "Legend" (x32 Version: 1.9.0)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4)
HP Documentation (x32 Version: 1.5.1.0)
HP ESU for Microsoft Windows 7 (x32 Version: 1.1.8.1)
HP HotKey Support (Version: 4.0.3.1)
HP Setup (x32 Version: 8.2.4130.3367)
HP SoftPaq Download Manager (x32 Version: 3.0.5.0)
HP Software Framework (x32 Version: 4.0.51.1)
HP Software Setup (x32 Version: 7.0.1.6)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Web Camera (Version: 1.0.0)
HP Webcam (x32 Version: 1.0.25.0)
HP Webcam Driver (x32 Version: 6.1.7600.0049)
HP Wireless Assistant (Version: 4.0.6.0)
IDT Audio (x32 Version: 1.0.6300.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
LightScribe System Software (x32 Version: 1.18.22.2)
LSI HDA Modem (Version: 2.2.98)
MagniPic (Version: 1.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Browser Protection Service (x32 Version: 5.1.0.325)
McAfee Firewall Protection Service (x32 Version: 5.1.0.325)
McAfee Virus and Spyware Protection Service (x32 Version: 5.1.0.325)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Norton Online Backup (x32 Version: 2.0.0.34)
NVIDIA PhysX (x32 Version: 9.09.0209)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 9.0.14.2148)
PDF Complete Special Edition (x32 Version: 3.5.117)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0011)
Roxio Activation Module (x32 Version: 1.0)
Roxio Creator Audio (x32 Version: 3.8.0)
Roxio Creator Business (x32 Version: 10.3.56.21)
Roxio Creator Business v10 (x32 Version: 3.8.0)
Roxio Creator Copy (x32 Version: 3.8.0)
Roxio Creator Data (x32 Version: 3.8.0)
Roxio Creator Tools (x32 Version: 3.8.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Sacred 2 (x32 Version: 2.64.0.0)
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Task Manager 1.8d (x32 Version: 1.8d)
Skype™ 5.10 (x32 Version: 5.10.116)
SRWare Iron Version SRWare Iron 30.0.1650.0 (x32 Version: SRWare Iron 30.0.1650.0)
Stronghold Kingdoms (x32 Version: 1.17)
SUPERAntiSpyware (Version: 5.6.1040)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
The Sims™ 2 Seasons (x32)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2)
TV Star (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Visual C++ 8.0 x64 Runtime Setup Package (x32 Version: 1.0.0.0)
Visual C++ 8.0 x86 Runtime Setup Package (x32 Version: 1.0.0.0)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Vodafone Mobile Connect Lite (x32 Version: 3.1.2.104)
Windows 7 Default Setting (x32 Version: 1.0.1.7)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinFunktion Mathematik plus 18 (x32 Version: 18.00.0000)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Zip Uncompressor (HKCU)
==================== Restore Points =========================
16-10-2013 13:16:31 Windows-Sicherung
29-10-2013 18:39:32 Windows-Sicherung
11-11-2013 15:18:18 Windows-Sicherung
13-11-2013 11:30:20 OTL Restore Point - 11/13/2013 12:30:11 PM
13-11-2013 17:31:50 Microsoft Office 2010 wird entfernt
14-11-2013 18:32:02 Entfernt TheSims3EP5
14-11-2013 18:34:25 Entfernt The Sims 3 Ambitions
14-11-2013 18:36:50 Entfernt The Sims 3 World Adventures
14-11-2013 18:39:44 Entfernt TheSims3EP4
14-11-2013 18:42:27 Entfernt The Sims 3 Outdoor Living Stuff
14-11-2013 18:44:14 Entfernt The Sims 3
14-11-2013 19:05:40 Installiert The Sims 3
14-11-2013 19:40:22 Installiert The Sims 3
14-11-2013 19:43:30 Installiert The Sims 3 World Adventures
14-11-2013 20:09:25 Installiert The Sims 3
14-11-2013 20:13:47 Installiert The Sims 3 Late Night
14-11-2013 20:48:38 Installiert The Sims 3
14-11-2013 21:00:58 Installiert TheSims3EP6
15-11-2013 11:18:41 Installiert TheSims3EP5
15-11-2013 11:42:01 Installiert TheSims3EP4
15-11-2013 11:53:54 Installiert The Sims 3 Ambitions
15-11-2013 12:13:01 Installiert The Sims 3 Town Life Stuff
15-11-2013 12:26:10 Installiert The Sims 3 Master Suite Stuff
15-11-2013 12:34:38 Installiert The Sims 3 Outdoor Living Stuff
15-11-2013 12:57:12 Installiert The Sims 3 Fast Lane Stuff
15-11-2013 13:31:23 Installiert The Sims 3
15-11-2013 13:41:17 Installiert TheSims3SP7
15-11-2013 14:14:12 Installiert The Sims 3
15-11-2013 14:36:30 Installiert TheSims3EP8
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {00BBE578-02EA-4170-8082-C9E9A13407F7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {0C164CE7-2C9C-4517-8560-8C328C9BDD55} - System32\Tasks\{7C087477-233F-4856-848B-8238E3BC9D7B} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Apartment-Leben\TSBin\Sims2Launcher.exe [2008-07-26] (Electronic Arts)
Task: {17208F38-122B-483A-9D20-08B479C7AFC8} - System32\Tasks\{E478E215-2332-44D7-8214-B689062655D2} => C:\Program Files (x86)\Monte Cristo\TV star\TV Star.exe [1999-10-05] (Vision Park)
Task: {23813C25-50BA-4BD8-93D7-F8C4FFE76B87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {37E6F48E-6DCD-43D0-BD1F-657C44D53A20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-18] (Google Inc.)
Task: {46FD326B-210A-44E3-87DA-1F936B250194} - System32\Tasks\{6398D677-A4E7-4EC6-94AA-0D195C409D29} => C:\Program Files (x86)\Firefly Studios\Stronghold Kingdoms\StrongholdKingdoms.exe [2012-09-17] (Firefly Studios)
Task: {48DAEF78-7972-406E-83AF-FCC45AB3D7E9} - System32\Tasks\{82745B83-E239-4108-92E0-DC155CD2A401} => C:\Users\Anja\Downloads\The Sims 2 - Apartment Life\The Sims 2 - Apartment Life.part01\Crack\Sims2EP8.exe [2008-08-26] (Maxis, a division of Electronic Arts Inc.)
Task: {4D44BF8E-2C06-4482-BA84-1A0E9217FBAF} - System32\Tasks\{D41EF7B7-BEE5-473B-BB66-38D04C65F0D3} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Apartment-Leben\TSBin\Sims2Launcher.exe [2008-07-26] (Electronic Arts)
Task: {4F47ED4E-E934-443D-8C28-3CF0D74ACF39} - System32\Tasks\{97036323-4394-493E-B652-D8F59621E349} => C:\Program Files (x86)\Firefly Studios\Stronghold Kingdoms\StrongholdKingdoms.exe [2012-09-17] (Firefly Studios)
Task: {506FAD33-EBF3-406B-A9AF-2755E1DE46B8} - System32\Tasks\{7FB44E24-E216-4994-A15D-A0041D141767} => C:\Program Files (x86)\Monte Cristo\TV star\TV Star.exe [1999-10-05] (Vision Park)
Task: {56BE1CC2-FB75-46DF-B5B7-6BA147A37DE2} - System32\Tasks\{0220A7DA-D894-44FF-987C-3ED23B67B793} => C:\Program Files (x86)\Firefly Studios\Stronghold Kingdoms\StrongholdKingdoms.exe [2012-09-17] (Firefly Studios)
Task: {64BDE0EA-A22F-47C4-9F5F-5091B71B1926} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {6AD9A9F0-8B6C-48D7-9974-7AC57EA450F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6C972B18-2075-4C92-906A-CEBAD35DFE41} - System32\Tasks\{AC50EEF0-54CE-4FFC-8F89-5882D05390FF} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Apartment-Leben\TSBin\Sims2Launcher.exe [2008-07-26] (Electronic Arts)
Task: {7C8347CF-AA15-491C-852C-77F676F56161} - System32\Tasks\{465D559C-3427-4B19-B42A-C143A9CC84B9} => C:\Users\Anja\Downloads\The Sims 2 - Apartment Life\The Sims 2 - Apartment Life.part01\Crack\Sims2EP8.exe [2008-08-26] (Maxis, a division of Electronic Arts Inc.)
Task: {7E03F50F-6D2B-498A-8B0F-355D5E918793} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001Core => C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10] (Google Inc.)
Task: {88DEA2E5-BFF0-4888-83BC-EBE5AAB937F8} - System32\Tasks\{EF9407A3-1D1C-40B6-A64E-B8165A0069A5} => C:\Program Files (x86)\KaraFun\KaraFun.exe
Task: {8A10AFC1-682F-442D-8BCE-734ED2AC7CF9} - System32\Tasks\{F84D1C96-27B2-41E8-9D1B-88ABF4714C71} => C:\Program Files (x86)\KaraFun\KaraFun.exe
Task: {A3E2E909-F446-48CB-AB8B-BA1EC52BF399} - System32\Tasks\{B4903DAC-9DED-4C22-978C-BAB8456F4A4A} => C:\Program Files (x86)\Monte Cristo\TV star\TV Star.exe [1999-10-05] (Vision Park)
Task: {A76C0736-7593-4188-B1D3-35CB36F92FB5} - System32\Tasks\{34B7E4F2-F51F-45C4-AB64-06BD704EF80C} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Apartment-Leben\TSBin\Sims2Launcher.exe [2008-07-26] (Electronic Arts)
Task: {B60FE59D-DE03-4730-A3E6-5F18212FC04B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-18] (Google Inc.)
Task: {B9A7D412-0283-4DBF-B01B-895F7071F6C3} - System32\Tasks\HPCeeScheduleForAnja => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {C409806D-A69E-49E9-B1AE-D9CC81E947DA} - System32\Tasks\{B3C3C770-37FE-45D3-BE42-393B387041AD} => D:\Crack\Sims2EP8.exe
Task: {C4FF5174-558E-4153-B7DB-B78B45E46B31} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001UA => C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10] (Google Inc.)
Task: {CAE40733-A415-4E64-81F0-D7137D098399} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4120671964-2979887947-499652283-1001
Task: {CDFBFD16-BCC7-45E7-B0DA-1D5AA16956C4} - System32\Tasks\{CBEAD9E9-B382-4827-A589-FBE6766AAED1} => C:\Program Files (x86)\Monte Cristo\TV star\TV Star.exe [1999-10-05] (Vision Park)
Task: {DBF59D42-F33B-46E8-B63E-AC0616CC6AC2} - System32\Tasks\Google Updater and Installer => C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10] (Google Inc.)
Task: {F4333FA2-4EC0-4B59-8FD7-437859DCBF84} - System32\Tasks\{2961CCA1-364D-41F0-8C54-F5D2A3008D8E} => D:\Crack\Sims2EP8.exe
Task: {F6A986D4-57FB-43C7-BF44-ED1D581CD389} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {F97F617B-2020-4B50-AB37-C587EFCD281C} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
Task: {FAEE5C7B-05F9-4B89-BACF-2E274558F81F} - System32\Tasks\{BA40C938-7BD6-41DF-97D3-A3867FA6564F} => C:\Program Files (x86)\Monte Cristo\TV star\TV Star.exe [1999-10-05] (Vision Park)
Task: {FB11F153-3B38-4FB0-B963-CEE73C1FD812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001Core.job => C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001UA.job => C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForAnja.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2013-10-29 20:20 - 2013-10-10 19:14 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-08-17 21:39 - 2013-01-04 09:28 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
2013-11-13 18:51 - 2013-10-05 21:22 - 00875008 _____ () C:\Program Files (x86)\SRWare Iron\libglesv2.dll
2013-11-13 18:51 - 2013-10-05 21:25 - 00102912 _____ () C:\Program Files (x86)\SRWare Iron\libegl.dll
2013-11-13 18:51 - 2013-10-05 20:12 - 00861696 _____ () C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: McAfee Inc. mfewfpk
Description: McAfee Inc. mfewfpk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfewfpk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/15/2013 09:44:10 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7
Error: (11/15/2013 07:04:43 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7
Error: (11/15/2013 03:48:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x67ba6c6a
ID des fehlerhaften Prozesses: 0x1310
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (11/15/2013 03:43:08 PM) (Source: Windows Installer 3.1) (User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.
Error: (11/15/2013 00:14:12 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7
Error: (11/14/2013 04:43:32 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7
Error: (11/13/2013 08:27:16 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7
System errors:
=============
Error: (11/15/2013 07:11:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.
Error: (11/15/2013 07:11:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Wireless Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/15/2013 07:11:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Wireless Assistant Service erreicht.
Error: (11/15/2013 07:11:18 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.
Error: (11/15/2013 07:10:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/15/2013 07:10:49 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.
Error: (11/15/2013 07:10:35 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.
Error: (11/15/2013 07:10:10 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
Error: (11/15/2013 00:15:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Software Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/15/2013 00:15:58 PM) (Source: DCOM) (User: )
Description: 1053hpqwmiex{F5539356-2F02-40D4-999E-FA61F45FE12E}
Microsoft Office Sessions:
=========================
Error: (11/15/2013 09:44:10 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 7
Error: (11/15/2013 07:04:43 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 7
Error: (11/15/2013 03:48:15 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d6727a7unknown0.0.0.000000000c000000567ba6c6a131001cee211b54df894C:\windows\SysWOW64\explorer.exeunknownf4965183-4e04-11e3-9dcf-e02a8249b4ae
Error: (11/15/2013 03:43:08 PM) (Source: Windows Installer 3.1)(User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.
Error: (11/15/2013 00:14:12 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 7
Error: (11/14/2013 04:43:32 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 7
Error: (11/13/2013 08:27:16 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 7
CodeIntegrity Errors:
===================================
Date: 2013-10-10 22:34:16.085
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-10 22:34:16.085
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-10 22:34:15.405
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-10 22:34:15.245
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-10 22:34:15.235
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-10 22:34:15.205
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 12:55:02.816
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 12:55:02.800
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 12:55:02.800
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-06 12:55:02.722
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 1788.56 MB
Available physical RAM: 678.88 MB
Total Pagefile: 3577.13 MB
Available Pagefile: 1555.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.79 GB) (Free:41.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (The Sims 3 Super) (CDROM) (Total:2.26 GB) (Free:0 GB) CDFS
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0D16673C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 22:17 on 15/11/2013 by Anja
Administrator - Elevation successful
========== filefind ==========
Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Local\Babylon\Setup\Babylon.dat.vir --a---- 11198 bytes [13:16 22/01/2012] [21:27 08/08/2011] 0EA4B325AEDED4466C4CF6F8DAE88ECF
Searching for "*clsoft ltd*"
No files found.
Searching for "*ICQToolbar*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll.vir --a---- 1054520 bytes [18:28 30/06/2011] [09:49 21/11/2010] 92C8692C478E2747E9EA0860F18E2E0A
Searching for "*RightClick*"
No files found.
Searching for "*Media Finder*"
No files found.
Searching for "*ICQ6Toolbar*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ICQ6Toolbar\icq6Toolbar.ico.vir --a---- 28662 bytes [18:28 30/06/2011] [09:44 21/11/2010] 085B2028F97E47C0367AB0187775F806
Searching for "*MagniPic*"
No files found.
Searching for "*yourfiledownloader*"
No files found.
Searching for "*Ilivid*"
C:\Users\Anja\Downloads\iLividSetupV1 (1).exe --a---- 823576 bytes [15:46 02/08/2012] [15:47 02/08/2012] (Unable to calculate MD5)
C:\Users\Anja\Downloads\iLividSetupV1.exe --a---- 2075104 bytes [15:16 23/08/2011] [15:17 23/08/2011] D454EF00B25ABDF86C7CC4EE22EFCED3
Searching for "*OpenCandy*"
No files found.
Searching for "*facemoods*"
C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_21823\facemoods.crx --a---- 32791 bytes [18:20 10/10/2011] [14:26 18/05/2011] 9E7C9CAB9B453DCAFE62A3A114E6293C
C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_21823\CRX_INSTALL\style\facemoods_chrome_1.0.1.css --a---- 1915 bytes [18:20 10/10/2011] [18:20 10/10/2011] 932E88939025DEA549719B7FFB869668
Searching for "*privitize*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\Extensions\ffxtlbr@privitize.com\content\privitize.css.vir --a---- 2327 bytes [10:09 02/04/2013] [10:09 02/04/2013] 6797822166784AA73A75491AC52F42BE
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\Extensions\ffxtlbr@privitize.com\content\privitize.xul.vir --a---- 1170 bytes [10:09 02/04/2013] [10:09 02/04/2013] F6944A563D9ED1704BF071A716A49A26
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\searchplugins\privitize.xml --a---- 1378 bytes [23:10 22/03/2013] [10:09 02/04/2013] 03FEBC85CF49CB91E6A99FE0351509C0
Searching for "*Searchqu*"
C:\ProgramData\SecTaskMan\_searchqudtx5D2D0 --a---- 269 bytes [10:54 20/05/2013] [10:54 20/05/2013] 9A8EA10B05BAA10F00634A546E5DFBA8
C:\Users\All Users\SecTaskMan\_searchqudtx5D2D0 --a---- 269 bytes [10:54 20/05/2013] [10:54 20/05/2013] 9A8EA10B05BAA10F00634A546E5DFBA8
Searching for "*Softonic*"
No files found.
Searching for "*DataMngr*"
C:\Users\Anja\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [18:45 13/11/2013] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C
========== folderfind ==========
Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Local\Babylon d------ [18:21 13/11/2013]
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\Babylon d------ [18:21 13/11/2013]
Searching for "*clsoft ltd*"
No folders found.
Searching for "*ICQToolbar*"
C:\AdwCleaner\Quarantine\C\ProgramData\ICQ\ICQToolbar d------ [18:21 13/11/2013]
Searching for "*RightClick*"
No folders found.
Searching for "*Media Finder*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\Media Finder d------ [18:21 13/11/2013]
Searching for "*ICQ6Toolbar*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ICQ6Toolbar d------ [18:21 13/11/2013]
Searching for "*MagniPic*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MagniPic d------ [18:21 13/11/2013]
Searching for "*yourfiledownloader*"
No folders found.
Searching for "*Ilivid*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Local\Ilivid Player d------ [18:21 13/11/2013]
Searching for "*OpenCandy*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\OpenCandy d------ [18:21 13/11/2013]
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\OpenCandy\OpenCandy_B3096BD3CD704E0997FBC573FDE502C2 d------ [18:21 13/11/2013]
Searching for "*facemoods*"
No folders found.
Searching for "*privitize*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\Extensions\ffxtlbr@privitize.com d------ [18:21 13/11/2013]
Searching for "*Searchqu*"
No folders found.
Searching for "*Softonic*"
No folders found.
Searching for "*DataMngr*"
C:\Users\Gast\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_datamngrUI.exe_c84a1dded5ec2afda304de5a7d366a8762716d_13223448 d----c- [19:58 14/08/2012]
C:\Users\Gast\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_datamngrUI.exe_c84a1dded5ec2afda304de5a7d366a8762716d_cab_0c9f4b51 d----c- [13:13 27/12/2012]
========== regfind ==========
Searching for "Babylon"
[HKEY_USERS\Gast\Software\BabylonToolbar]
[HKEY_USERS\Gast\Software\BabylonToolbar\BabylonToolbar]
Searching for "clsoft ltd"
No data found.
Searching for "ICQToolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\ICQ\ICQToolBar]
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\ICQ\ICQToolBar]
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\ICQ\ICQToolBar]
Searching for "RightClick"
No data found.
Searching for "Media Finder"
[HKEY_CURRENT_USER\Software\Classes\MF]
@="URL:Media Finder"
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Classes\MF]
@="URL:Media Finder"
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001_Classes\MF]
@="URL:Media Finder"
Searching for "ICQ6Toolbar"
No data found.
Searching for "MagniPic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0DF6233-C349-4297-A07C-8B6B0B3C40C5}]
"DisplayName"="MagniPic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0DF6233-C349-4297-A07C-8B6B0B3C40C5}]
"CategoryName"="MagniPic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASMANCS]
Searching for "yourfiledownloader"
No data found.
Searching for "Ilivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1 (1).exe"="iLivid Install"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1 (1).exe"="iLivid Install"
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1 (1).exe"="iLivid Install"
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation "
Searching for "OpenCandy"
No data found.
Searching for "facemoods"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com\facemoods]
[HKEY_USERS\Gast\Software\facemoods.com]
[HKEY_USERS\Gast\Software\facemoods.com\facemoods]
[HKEY_USERS\Gast\Software\facemoods.com\facemoods\instl]
"tlbrSrchUrl"="hxxp://start.facemoods.com/?a=gppc&f=3"
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com]
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com\facemoods]
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-501\Software\facemoods.com]
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-501\Software\facemoods.com\facemoods]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com\facemoods]
Searching for "privitize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{B13DEF35-A6D3-42ED-8C55-3CF74B4AF6D2}]
"ProfileName"="PrivitizeVPN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{B13DEF35-A6D3-42ED-8C55-3CF74B4AF6D2}]
"Description"="PrivitizeVPN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0000200000F0000F078A32B5D0A926EF115275565E88A12DB777C7A1BAD638952FE4579C0FEBD8E88]
"Description"="PrivitizeVPN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0000200000F0000F078A32B5D0A926EF115275565E88A12DB777C7A1BAD638952FE4579C0FEBD8E88]
"FirstNetwork"="PrivitizeVPN"
Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\Gast\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\Gast\Software\DataMngr]
"Folder"="C:\Program Files (x86)\Searchqu Toolbar"
[HKEY_USERS\Gast\Software\DataMngr]
"Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
[HKEY_USERS\Gast\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\Gast\Software\DataMngr\IEBHO]
"DNSUrl"="hxxp://www.searchqu.com/web?src=derr&appid=341&systemid=406&q="
[HKEY_USERS\Gast\Software\DataMngr\IEBHO]
"404Url"="hxxp://www.searchqu.com/web?src=404&appid=341&systemid=406&q="
Searching for "Softonic"
No data found.
Searching for "DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCD83A6F-89FA-431C-8262-C01CA90E0DB0}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"
[HKEY_USERS\Gast\Software\DataMngr]
[HKEY_USERS\Gast\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\Gast\Software\DataMngr]
"Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
[HKEY_USERS\Gast\Software\DataMngr]
"ShortDllPath"="C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"
[HKEY_USERS\Gast\Software\DataMngr]
"ShortDllPath64"="C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"
[HKEY_USERS\Gast\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
Searching for " "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{45057FCE-5784-48BE-8176-D9D00AF56C3C}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{54BC13DC-BF47-47D1-8F56-1E08E9F7FF6C}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{71828142-5A24-4BD0-97E7-976DA08CE6CF}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{75F18610-BDC0-45BD-B31F-DFD90F244030}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{C7F0A92A-ED56-4CD7-ADD3-5D5F11DACDD9}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B3F8E60B-DF77-4104-88AC-F5919C64649A}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{6AB00271-515B-4a4d-8A6E-9E66BF96A437}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
</Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
<Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11083014020579&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11121825050069&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001B794178&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1.00&0#]
"DeviceDesc"="X38 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1709&0#]
"DeviceDesc"="X38 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1.00&1#]
"DeviceDesc"="X38 SD "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1709&1#]
"DeviceDesc"="X38 SD "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11083014020579&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11121825050069&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001B794178&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1.00&0#]
"DeviceDesc"="X38 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1709&0#]
"DeviceDesc"="X38 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1.00&1#]
"DeviceDesc"="X38 SD "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1709&1#]
"DeviceDesc"="X38 SD "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11083014020579&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11121825050069&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001B794178&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1.00&0#]
"DeviceDesc"="X38 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1709&0#]
"DeviceDesc"="X38 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1.00&1#]
"DeviceDesc"="X38 SD "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1709&1#]
"DeviceDesc"="X38 SD "
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation "
-= EOF =-
Bericht von Avira: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 15. November 2013 22:36
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ANJA-HP
Versionsinformationen:
BUILD.DAT : 14.0.0.411 55393 Bytes 10.10.2013 19:14:00
AVSCAN.EXE : 14.0.0.383 968776 Bytes 10.10.2013 18:14:05
AVSCANRC.DLL : 14.0.0.225 62024 Bytes 10.10.2013 18:14:05
LUKE.DLL : 14.0.0.383 65096 Bytes 10.10.2013 18:14:07
AVSCPLR.DLL : 14.0.0.383 92232 Bytes 10.10.2013 18:14:05
AVREG.DLL : 14.0.0.383 250440 Bytes 10.10.2013 18:14:05
avlode.dll : 14.0.0.383 512584 Bytes 10.10.2013 18:14:05
avlode.rdf : 13.0.1.48 27867 Bytes 13.11.2013 17:14:24
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 18:14:08
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 18:14:08
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:14:08
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 18:14:08
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 18:14:08
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 18:14:08
VBASE006.VDF : 7.11.103.230 2293248 Bytes 24.09.2013 18:14:08
VBASE007.VDF : 7.11.111.18 3598336 Bytes 06.11.2013 15:08:26
VBASE008.VDF : 7.11.111.19 2048 Bytes 06.11.2013 15:08:27
VBASE009.VDF : 7.11.111.20 2048 Bytes 06.11.2013 15:08:27
VBASE010.VDF : 7.11.111.21 2048 Bytes 06.11.2013 15:08:27
VBASE011.VDF : 7.11.111.22 2048 Bytes 06.11.2013 15:08:27
VBASE012.VDF : 7.11.111.23 2048 Bytes 06.11.2013 15:08:27
VBASE013.VDF : 7.11.111.150 168448 Bytes 07.11.2013 15:08:27
VBASE014.VDF : 7.11.112.47 247808 Bytes 08.11.2013 15:08:27
VBASE015.VDF : 7.11.112.139 323584 Bytes 11.11.2013 15:08:27
VBASE016.VDF : 7.11.113.39 221696 Bytes 13.11.2013 17:14:22
VBASE017.VDF : 7.11.113.40 2048 Bytes 13.11.2013 17:14:22
VBASE018.VDF : 7.11.113.41 2048 Bytes 13.11.2013 17:14:22
VBASE019.VDF : 7.11.113.42 2048 Bytes 13.11.2013 17:14:22
VBASE020.VDF : 7.11.113.43 2048 Bytes 13.11.2013 17:14:22
VBASE021.VDF : 7.11.113.44 2048 Bytes 13.11.2013 17:14:22
VBASE022.VDF : 7.11.113.45 2048 Bytes 13.11.2013 17:14:22
VBASE023.VDF : 7.11.113.46 2048 Bytes 13.11.2013 17:14:22
VBASE024.VDF : 7.11.113.47 2048 Bytes 13.11.2013 17:14:22
VBASE025.VDF : 7.11.113.48 2048 Bytes 13.11.2013 17:14:22
VBASE026.VDF : 7.11.113.49 2048 Bytes 13.11.2013 17:14:22
VBASE027.VDF : 7.11.113.50 2048 Bytes 13.11.2013 17:14:22
VBASE028.VDF : 7.11.113.51 2048 Bytes 13.11.2013 17:14:22
VBASE029.VDF : 7.11.113.52 2048 Bytes 13.11.2013 17:14:23
VBASE030.VDF : 7.11.113.53 2048 Bytes 13.11.2013 17:14:23
VBASE031.VDF : 7.11.113.82 138752 Bytes 13.11.2013 17:14:23
Engineversion : 8.2.12.142
AEVDF.DLL : 8.1.3.4 102774 Bytes 10.10.2013 18:14:02
AESCRIPT.DLL : 8.1.4.166 516478 Bytes 13.11.2013 17:14:24
AESCN.DLL : 8.1.10.4 131446 Bytes 10.10.2013 18:14:02
AESBX.DLL : 8.2.16.26 1245560 Bytes 10.10.2013 18:14:02
AERDL.DLL : 8.2.0.128 688504 Bytes 10.10.2013 18:14:02
AEPACK.DLL : 8.3.3.4 758136 Bytes 29.10.2013 19:23:53
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 10.10.2013 18:14:02
AEHEUR.DLL : 8.1.4.744 6283642 Bytes 11.11.2013 15:08:30
AEHELP.DLL : 8.1.27.8 266617 Bytes 11.11.2013 15:08:28
AEGEN.DLL : 8.1.7.20 446839 Bytes 13.11.2013 17:14:24
AEEXP.DLL : 8.4.1.100 369016 Bytes 11.11.2013 15:08:30
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.10.2013 18:14:02
AECORE.DLL : 8.1.32.2 201081 Bytes 11.11.2013 15:08:28
AEBB.DLL : 8.1.1.4 53619 Bytes 10.10.2013 18:14:02
AVWINLL.DLL : 14.0.0.225 23624 Bytes 10.10.2013 18:14:05
AVPREF.DLL : 14.0.0.225 48712 Bytes 10.10.2013 18:14:05
AVREP.DLL : 14.0.0.225 175688 Bytes 10.10.2013 18:14:05
AVARKT.DLL : 14.0.0.225 257096 Bytes 10.10.2013 18:14:03
AVEVTLOG.DLL : 14.0.0.383 165960 Bytes 10.10.2013 18:14:03
SQLITE3.DLL : 3.7.0.1 394824 Bytes 10.10.2013 18:14:07
AVSMTP.DLL : 14.0.0.225 60488 Bytes 10.10.2013 18:14:05
NETNT.DLL : 14.0.0.225 13384 Bytes 10.10.2013 18:14:07
RCIMAGE.DLL : 14.0.0.225 4786760 Bytes 10.10.2013 18:14:07
RCTEXT.DLL : 14.0.0.225 67144 Bytes 10.10.2013 18:14:07
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_528687de\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Beginn des Suchlaufs: Freitag, 15. November 2013 22:36
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV64.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'atibtmon.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '184' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE64.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'AESTSr64.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess 'agr64svc.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPDrvMntSvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpHotkeyMonitor.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'mfevtps.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'myAgtSvc.Exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcshield.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqWmiEx.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPWA_Service.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'iron.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'iron.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'iron.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SystemLook_x64.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '34' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Anja\Downloads\iLividSetupV1 (1).exe'
C:\Users\Anja\Downloads\iLividSetupV1 (1).exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '549507f0.qua' verschoben!
Ende des Suchlaufs: Freitag, 15. November 2013 22:38
Benötigte Zeit: 01:51 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
776 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
775 Dateien ohne Befall
1 Archive wurden durchsucht
0 Warnungen
1 Hinweise
|
|
16.11.2013, 10:47
| #9 | |
| /// TB-Ausbilder | Avira hat Trojaner tr/mediyes.gen gefunden Servus, Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Zudem musst du dich von zwei AV Programmen verabschieden. Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast: Code:
ATTFilter Kaspersky
Avira
McAfee
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
AppInit_DLLs: [0 ] ()
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
C:\Users\Anja\Desktop\Continue Zip Extractor Installation.lnk
C:\Users\Anja\Downloads\iLivid*.exe
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\searchplugins\privitize.xml
C:\ProgramData\SecTaskMan\_searchqudtx5D2D0
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\ICQ\ICQToolBar" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Classes\MF" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0DF6233-C349-4297-A07C-8B6B0B3C40C5}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com" /f
Reg: reg delete "HKEY_USERS\Gast\Software\DataMngr" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCD83A6F-89FA-431C-8262-C01CA90E0DB0}" /f
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 4 ESET Online Scanner
Schritt 5 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
22.11.2013, 15:25
| #10 |
| /// TB-Ausbilder | Avira hat Trojaner tr/mediyes.gen gefunden Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu Avira hat Trojaner tr/mediyes.gen gefunden |
| avira, benötigte, durchgeführt, gefunde, langsamer, laptop, logfiles, löschen, quarantäne, scan, system, system32, tr/mediyes.gen, troja, trojaner, virenscan, weiteren, windows, works |
Textbox.
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
