Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ZeuS/ZBot Telekom Warnung OTL Log files

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.04.2013, 13:58   #1
Xychor
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Hallo,

ich habe, wie anscheinend einige in den letzten Tagen, eine E-Mail der dt. Telekom bekommen, dass es Hinweise darauf gibt, dass unter unserem Anschluss ein ZeuS/Zbot agiert.

Im Netzwerk befinden sich 3 Rechner (Vater, Schwester, Ich).

Einer der Rechner soll infiziert sein, die Frage ist welcher.

Wäre jemand so nett einen kurzen Blick auf meine OTL Logs zu werfen?

Schutzsoftware ist AVG (Freewareversion)

Ich bin mir nicht sicher, woran ich eine eventuelle Infizierung erkenne... (Es handelt sich nur um die Logs von meinem Rechner)

OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.04.2013 13:30:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Xychor\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 53,69% Memory free
8,00 Gb Paging File | 5,91 Gb Available in Paging File | 73,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,15 Gb Total Space | 5,01 Gb Free Space | 7,24% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 25,23 Gb Free Space | 12,92% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 10,19 Gb Free Space | 9,91% Space Free | Partition Type: NTFS
 
Computer Name: PC-JAN | User Name: Xychor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.11 13:28:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xychor\Desktop\OTL.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Xychor\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.02.02 13:41:24 | 000,878,928 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.12.11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.04.17 23:04:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
PRC - [2011.10.26 20:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.02 13:41:50 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013.02.02 13:41:50 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013.02.02 13:41:50 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013.02.02 13:41:50 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013.02.02 13:41:50 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013.02.02 13:41:50 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013.02.02 13:41:50 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013.02.02 13:41:50 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013.02.02 13:41:49 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2013.02.02 13:41:49 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013.02.02 13:41:49 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013.02.02 13:41:49 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013.01.02 23:55:51 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012.01.02 20:33:30 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.10.19 19:37:57 | 005,250,048 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.30 20:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1214052748-636940894-3971663584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1214052748-636940894-3971663584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1214052748-636940894-3971663584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1214052748-636940894-3971663584-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 F2 F9 92 84 99 CD 01 [binary data]
IE - HKU\S-1-5-21-1214052748-636940894-3971663584-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1214052748-636940894-3971663584-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214052748-636940894-3971663584-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1214052748-636940894-3971663584-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.17 23:04:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.01.08 22:36:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.01.08 22:36:41 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214052748-636940894-3971663584-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Xychor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Xychor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Xychor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
F3:64bit: - HKU\S-1-5-21-1214052748-636940894-3971663584-1001 WinNT: Load - (C:\Users\Xychor\LOCALS~1\Temp\msuyot.exe) - File not found
F3 - HKU\S-1-5-21-1214052748-636940894-3971663584-1001 WinNT: Load - (C:\Users\Xychor\LOCALS~1\Temp\msuyot.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FB98FC0-7832-403E-AF70-1E6DB50C23A6}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1214052748-636940894-3971663584-1001..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1214052748-636940894-3971663584-1001\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.11 13:28:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Xychor\Desktop\OTL.exe
[2013.04.11 12:49:17 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{ED76A74B-7EB0-463D-80A0-CCD8CB1B24C4}
[2013.04.11 03:01:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 03:01:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 03:01:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.11 03:01:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.11 03:01:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.11 03:01:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.11 03:01:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.11 03:01:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.11 03:01:39 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.11 03:01:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.11 03:01:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.11 03:01:38 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 03:01:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.11 03:01:36 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 03:01:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 00:40:50 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{1EB70703-720F-4DD6-81F1-A02B6FBA222F}
[2013.04.11 00:39:05 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{12E22BCE-4D02-4AD9-BEE2-B9F0419BA9F2}
[2013.04.10 12:15:05 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 12:15:05 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 12:15:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 12:15:04 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 12:15:04 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 12:15:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 12:14:57 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 12:14:56 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 12:14:55 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 12:14:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 12:14:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 12:14:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.10 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{55998C91-426F-4A89-A108-AFC4389D5F46}
[2013.04.10 01:53:20 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{DACCD880-1588-45FA-AA14-559DF9F6289C}
[2013.04.09 13:39:44 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{85916747-FD26-4AF5-96B0-21D8C8F468A3}
[2013.04.09 00:27:42 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{62707DFC-22B0-4BFE-87B3-B9A265A91DEA}
[2013.04.08 11:12:43 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{FA7E4208-46FF-458D-9C6E-79F1F16C8F1A}
[2013.04.07 13:31:13 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{4EC91941-F0E4-4F3C-A5AE-9FE152C310B2}
[2013.04.06 17:56:55 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{E15C5258-356D-40D2-B06F-B3104DCC5CB2}
[2013.04.06 03:45:55 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{65D55836-A0DB-46A5-A240-E6113CABA914}
[2013.04.05 07:23:37 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{638C7B8B-F833-4A63-B7EC-30F2C556205B}
[2013.04.05 07:21:55 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{CA369210-391A-47C4-91D4-723022B89372}
[2013.04.04 17:37:25 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{D7EB438E-1CBB-471F-BEB6-1A2928E49D18}
[2013.04.04 05:06:17 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{81DD6869-830D-4E0D-B5AA-C429ED537228}
[2013.04.03 15:40:51 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{FAC8AF76-86E4-4AB7-8893-AAE87662DAFA}
[2013.04.03 03:34:11 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{FCC6F4BA-5B05-4A69-92CC-345B05887EE5}
[2013.04.02 03:03:53 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{842CDB28-93F1-4CAF-960D-76A222D54D3C}
[2013.04.01 13:06:43 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{D74EE0A1-CF2D-4B66-8E17-1623522B4C2F}
[2013.03.31 23:20:05 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{E77E32F0-84CC-4A80-83F7-8A2C7594041F}
[2013.03.30 13:08:31 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{D8325BCE-213C-423D-9E11-2E420BC6CAF2}
[2013.03.29 17:56:30 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{317343F1-2F10-4DD5-8E72-4F9F7CDCF024}
[2013.03.29 03:06:17 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{3F59454D-5FCD-47E6-BF40-FF0060994CDF}
[2013.03.28 13:43:28 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{FC26BAFC-6119-483E-81A0-C3092D2D65EF}
[2013.03.27 20:36:40 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{8D8DA816-DC1C-4ABC-9B22-8CFA80BE5473}
[2013.03.27 07:17:58 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{4270427C-9682-4306-878A-82B234994359}
[2013.03.27 01:23:15 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{B21E4800-ED45-4421-9D57-0BE9475D6FDD}
[2013.03.26 12:29:03 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{DBB3A81A-0A2A-4B9A-8EE8-F1017238BDCA}
[2013.03.26 00:06:33 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{30CC38B5-58BC-478F-AC87-131A2D17DD9B}
[2013.03.25 09:58:23 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{031FF947-9676-4C6F-A16A-3874A41287BF}
[2013.03.24 17:46:41 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{6BAA8D6B-24E7-455A-ADB2-33EC4DCDE747}
[2013.03.24 05:24:31 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{1870C5E5-63E9-4ABD-9CCE-35B5684DFBD7}
[2013.03.23 16:29:06 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{A25FF71E-DA38-4585-9F15-19670F3C6AAE}
[2013.03.23 03:27:17 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{D0733EC3-2DCD-4496-8C5B-25C0B35A339B}
[2013.03.22 15:12:43 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{7B7A6789-5DD3-4D99-A792-DEB13C85CC95}
[2013.03.22 04:02:24 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.22 04:02:24 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.22 04:02:24 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.22 04:02:24 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.22 04:02:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.22 04:02:24 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.22 04:02:24 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.22 04:02:24 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.22 04:02:23 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.22 04:02:23 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.22 04:02:23 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.22 04:02:23 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.22 04:02:23 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.22 04:02:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.22 04:02:23 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.22 04:02:23 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.22 04:02:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.22 04:02:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.22 04:02:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.22 04:02:23 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.22 04:02:22 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.22 04:02:22 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.22 04:02:22 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.22 04:02:22 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.22 04:02:22 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.22 04:02:22 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.22 04:02:22 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.22 04:02:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.22 04:02:22 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.22 04:02:22 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.22 04:02:22 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.22 04:02:22 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.22 04:02:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.22 04:02:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.22 04:02:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.22 04:02:22 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.22 04:02:21 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.22 04:02:21 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.22 04:02:21 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.22 04:02:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.22 04:02:21 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.22 04:02:21 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.22 04:02:21 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.22 04:02:21 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.22 04:02:21 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.22 04:02:21 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.22 04:02:21 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.22 04:02:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.22 04:02:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.22 04:02:21 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.22 04:02:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.22 04:02:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.22 04:02:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.21 18:36:26 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{56F62617-9747-4F05-9D6F-25B142E872B1}
[2013.03.21 04:23:02 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{D1E2EE53-6D0B-4EA7-A030-75B576852EE7}
[2013.03.21 00:49:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.20 15:28:02 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{4FC3B414-B97B-4993-A283-F0AA87E2B532}
[2013.03.19 16:25:25 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{1B640989-E499-4B6F-A7A7-2E947D1774EE}
[2013.03.19 02:05:47 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{F60A3625-38C7-4DF3-B2F3-536263D97D47}
[2013.03.18 13:50:09 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{B1DD525B-BFD2-4376-BB52-B78C73696794}
[2013.03.17 14:06:03 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{C41A9D36-3A0B-49E8-AF9D-AFC87F778F31}
[2013.03.16 19:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.03.16 19:02:49 | 000,000,000 | ---D | C] -- C:\Users\Xychor\AppData\Local\{6857F17F-524E-4F72-AA0C-167D90479ED2}
[2012.10.23 19:00:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.11 13:28:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Xychor\Desktop\OTL.exe
[2013.04.11 12:40:38 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 12:40:38 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 12:38:10 | 001,527,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.11 12:38:10 | 000,664,674 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.11 12:38:10 | 000,624,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.11 12:38:10 | 000,134,842 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.11 12:38:10 | 000,110,494 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.11 12:33:36 | 000,295,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.11 12:33:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 12:32:53 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.11 00:47:46 | 000,005,289 | ---- | M] () -- C:\Users\Xychor\.recently-used.xbel
[2013.04.09 21:46:57 | 001,852,928 | ---- | M] () -- C:\Users\Xychor\Desktop\jobst-audio_bausatz_preisliste_2013_mrz0.pdf
[2013.04.08 18:14:11 | 000,082,620 | ---- | M] () -- C:\Users\Xychor\Desktop\erpx6utuxb.jpg
[2013.04.08 18:07:11 | 000,030,004 | ---- | M] () -- C:\Users\Xychor\Desktop\1_184788.jpg
[2013.04.08 11:11:30 | 000,135,431 | ---- | M] () -- C:\Users\Xychor\Desktop\544925_498860223502567_749226110_n.jpg
[2013.04.05 08:26:09 | 000,039,122 | ---- | M] () -- C:\Users\Xychor\Desktop\flunkyballfb.jpg
[2013.04.05 08:25:39 | 000,509,296 | ---- | M] () -- C:\Users\Xychor\Desktop\flunkyball.jpg
[2013.04.03 08:46:39 | 000,200,896 | ---- | M] () -- C:\Users\Xychor\Desktop\Unbenannt.jpg
[2013.03.30 06:16:35 | 000,068,783 | ---- | M] () -- C:\Users\Xychor\Desktop\Deskkeller.jpg
[2013.03.29 21:59:58 | 000,001,048 | ---- | M] () -- C:\Users\Xychor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.29 21:59:46 | 000,001,018 | ---- | M] () -- C:\Users\Xychor\Desktop\Dropbox.lnk
[2013.03.24 18:42:39 | 000,394,916 | ---- | M] () -- C:\Users\Xychor\Desktop\Stundenplan SS13.jpg
[2013.03.22 04:02:24 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.22 04:02:24 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.22 04:02:24 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.22 04:02:24 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.22 04:02:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.22 04:02:24 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.22 04:02:24 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.22 04:02:24 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.22 04:02:23 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.22 04:02:23 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.22 04:02:23 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.22 04:02:23 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.22 04:02:23 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.22 04:02:23 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.22 04:02:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.22 04:02:23 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.22 04:02:23 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.22 04:02:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.22 04:02:23 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.22 04:02:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.22 04:02:23 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.22 04:02:22 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.22 04:02:22 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.22 04:02:22 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.22 04:02:22 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.22 04:02:22 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.22 04:02:22 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.22 04:02:22 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.22 04:02:22 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.22 04:02:22 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.22 04:02:22 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.22 04:02:22 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.22 04:02:22 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.22 04:02:22 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.22 04:02:22 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.22 04:02:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.22 04:02:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.22 04:02:22 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.22 04:02:21 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.22 04:02:21 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.22 04:02:21 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.22 04:02:21 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.22 04:02:21 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.22 04:02:21 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.22 04:02:21 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.22 04:02:21 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.22 04:02:21 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.22 04:02:21 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.22 04:02:21 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.22 04:02:21 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.22 04:02:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.22 04:02:21 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.22 04:02:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.22 04:02:21 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.22 04:02:20 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.19 18:13:45 | 000,086,044 | ---- | M] () -- C:\Users\Xychor\Desktop\Mohsgedeck.jpg
[2013.03.19 18:13:17 | 000,022,034 | ---- | M] () -- C:\Users\Xychor\Desktop\Geologengedeck.odt
[2013.03.19 18:04:22 | 000,007,334 | ---- | M] () -- C:\Users\Xychor\Desktop\OpenDocument Text (neu).odt
[2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.03.16 19:05:54 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.11 00:47:46 | 000,005,289 | ---- | C] () -- C:\Users\Xychor\.recently-used.xbel
[2013.04.09 21:46:56 | 001,852,928 | ---- | C] () -- C:\Users\Xychor\Desktop\jobst-audio_bausatz_preisliste_2013_mrz0.pdf
[2013.04.08 18:14:11 | 000,082,620 | ---- | C] () -- C:\Users\Xychor\Desktop\erpx6utuxb.jpg
[2013.04.08 18:07:11 | 000,030,004 | ---- | C] () -- C:\Users\Xychor\Desktop\1_184788.jpg
[2013.04.08 11:11:30 | 000,135,431 | ---- | C] () -- C:\Users\Xychor\Desktop\544925_498860223502567_749226110_n.jpg
[2013.04.05 08:21:35 | 000,039,122 | ---- | C] () -- C:\Users\Xychor\Desktop\flunkyballfb.jpg
[2013.04.05 08:06:02 | 000,509,296 | ---- | C] () -- C:\Users\Xychor\Desktop\flunkyball.jpg
[2013.04.03 08:46:39 | 000,200,896 | ---- | C] () -- C:\Users\Xychor\Desktop\Unbenannt.jpg
[2013.03.30 06:16:35 | 000,068,783 | ---- | C] () -- C:\Users\Xychor\Desktop\Deskkeller.jpg
[2013.03.24 18:42:39 | 000,394,916 | ---- | C] () -- C:\Users\Xychor\Desktop\Stundenplan SS13.jpg
[2013.03.22 04:02:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.22 04:02:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.19 18:10:51 | 000,086,044 | ---- | C] () -- C:\Users\Xychor\Desktop\Mohsgedeck.jpg
[2013.03.19 18:07:22 | 000,022,034 | ---- | C] () -- C:\Users\Xychor\Desktop\Geologengedeck.odt
[2013.03.19 18:04:22 | 000,007,334 | ---- | C] () -- C:\Users\Xychor\Desktop\OpenDocument Text (neu).odt
[2013.01.20 05:12:27 | 000,007,605 | ---- | C] () -- C:\Users\Xychor\AppData\Local\Resmon.ResmonCfg
[2013.01.08 22:31:43 | 000,234,674 | ---- | C] () -- C:\Windows\hpoins21.dat
[2013.01.08 22:31:43 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2013.01.06 04:18:49 | 000,005,448 | -HS- | C] () -- C:\Users\Xychor\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013.01.06 04:18:49 | 000,005,448 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012.10.23 19:00:59 | 083,023,306 | ---- | C] () -- C:\ProgramData\dapeton.pad
[2012.09.20 14:03:36 | 000,003,584 | ---- | C] () -- C:\Users\Xychor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.15 16:51:10 | 001,553,426 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.05 07:43:07 | 000,225,720 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012.01.03 09:04:03 | 000,016,066 | ---- | C] () -- C:\Users\Xychor\Bewerbung.odt
[2012.01.03 09:04:03 | 000,007,334 | ---- | C] () -- C:\Users\Xychor\Bewerbung2.odt
[2012.01.03 09:03:50 | 000,043,349 | ---- | C] () -- C:\Users\Xychor\glykaemischer_index_lebensmitteln.pdf
[2012.01.03 09:03:47 | 000,015,555 | ---- | C] () -- C:\Users\Xychor\Rechnung.odt
[2012.01.03 09:03:26 | 000,026,215 | ---- | C] () -- C:\Users\Xychor\Rechnung.pdf
[2012.01.02 18:44:55 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.01.02 18:44:55 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
         
--- --- ---


Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.04.2013 13:30:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Xychor\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 53,69% Memory free
8,00 Gb Paging File | 5,91 Gb Available in Paging File | 73,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,15 Gb Total Space | 5,01 Gb Free Space | 7,24% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 25,23 Gb Free Space | 12,92% Space Free | Partition Type: NTFS
Drive E: | 102,78 Gb Total Space | 10,19 Gb Free Space | 9,91% Space Free | Partition Type: NTFS
 
Computer Name: PC-JAN | User Name: Xychor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-1214052748-636940894-3971663584-1001\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DD1B63-1A04-4CEE-9E1E-1626C80D38B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0B3DBA6A-A3E1-4833-BBDD-76DD1A3DF0FC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0DE03724-8981-42C3-B8BF-D81CD9BB8B2A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0EACEEA9-79D6-423C-B52F-9746091A8F05}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1083FD71-484E-4777-9B75-E4EED3438ED6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{11273924-94D6-4D75-BCC4-F100D1DFB2DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{28E42B13-E498-4ECB-93CE-9C4097B7E5F9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{346504D6-6E75-43B3-8174-3763B1B18525}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5492327D-21E8-4CE1-BB62-EEED5CAE4C0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B4E70B8-6FC0-4C87-926A-51FC7785ADC8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6517CFA7-2FE4-4092-AEBE-0301DB3172AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{755E8AFA-9DF9-4E63-B77A-DBFFE30631F5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{75FDA165-A83C-4D05-8C44-A213B3529132}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8480D606-C4DB-41FC-838C-CDE6C0D71AE3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{84C6C9AB-2896-47F2-9480-E30F1FB3FE76}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8EF1283C-0532-472D-BA49-FABEC3EBED17}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9326899C-D151-4A6A-8182-BCF9E3BCC883}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{960D7058-90D5-40D9-8A78-EA002FA73191}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B192EEFC-EB14-49A8-8719-AAA0F525AE0C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BF8D1EF9-31B0-4F28-B5DF-297689E3CA16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C78BF4E1-B1B1-49CA-ABB3-77C992E5E2B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E01296F3-7545-4018-95ED-634B1824139E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E89F3C35-66C0-48FC-9084-4857459A80C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F53C8AA7-79BD-437B-AC18-2ADC29F12E90}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FF493069-224C-43ED-BD63-D2B6D03672A4}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0120E808-B1A3-4B76-96F5-73CA1C3C1274}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0218C499-8A14-402D-8F51-56EB32C7CBBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{03AE3397-1EE0-4D04-AFE4-5D1104D998AD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{07A46694-5128-4AB7-86E4-63A8499895FA}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{08840790-A372-4810-B569-6D5A2A24A464}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{0A3C9383-61C8-44F8-83A4-578EE85F6BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{0FD125F6-C49B-4B26-B50A-2082BC8B1564}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{16480000-E701-49E4-8017-B874C602C18C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{18193D54-1301-49AE-B73B-F7C248A8C7AC}" = protocol=6 | dir=in | app=c:\users\xychor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1FD5E4B0-7DCD-43A0-95D7-97FC083C9CB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{21F9ED7C-6463-430A-9B54-47DBBD3FEE4E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{27BFE2F6-EFA4-4A51-B55F-4FBABD873AC7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{29793F33-E9AF-4563-9E4B-6D3F10C47551}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{2E19A7FA-2503-49BA-94F1-B9874789A790}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{36593680-2C2F-4875-9BE5-985B36AB9DAB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{3C7CDCEB-319A-4783-835A-1239287AE4C5}" = protocol=6 | dir=out | app=system | 
"{3CA32A5E-8FAF-43EF-B4AB-CA78C30697F1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{3F5290B1-E702-475A-9EE0-C6E0DD4C12EC}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{44973F01-7D14-4AC8-9016-C22131410866}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4512A9C1-AFC3-47E6-B94C-E0FC29CD6A51}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4F1EA65B-A93F-408E-A35B-34124B8B8CBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4F53DA95-2D51-4C7C-BA72-E0A3F678A42C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5AADAEA1-300E-42C3-885D-187FE93A783B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{5AE9E57A-C171-4CB4-BC0C-D7D889379000}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{5B824460-11FC-4694-8F1A-680584BBC97E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{607FE0C6-988C-4F6E-A186-6B6862C20527}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{61AC1C2B-BAC2-4CCA-9F78-61DB6642A51F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{67796C72-C673-4665-81A1-B78E53A9FB07}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{69E085FD-3165-4982-A078-C0B9870A341D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{6E91A093-7389-4373-8E5B-824BDB8C7265}" = protocol=17 | dir=in | app=c:\users\xychor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6F6A7DED-58C6-49EF-8C04-54222781E3E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{6FE89137-F965-4423-8AB7-B87D7C58E2D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{7186099A-5A40-4D7D-BA18-FEDB01AE4958}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7502CB90-2121-47E2-98CD-A3A0F97CE83C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{7728339A-8D64-4154-82D2-F3377D5BDF16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{77A8C62E-8A0F-4B9E-8F5B-FC2EA24F5558}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{7BA076EB-6243-4EDE-83BB-A2841BD72E5E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{7E53926B-1547-445F-82B4-E395AF32F758}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{806EB102-10D8-4254-9065-7DA31136BCB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83EB0E20-33FB-4385-9F56-0B8ABE4B9958}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{868049C1-72DD-45AD-B900-DDC9CF7B3BB1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{94E67719-9DF1-4B88-A99C-F1526C172AB5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{95CF967C-1BC5-47A2-AA1C-325FECD51946}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{96BCDB62-CC36-4D96-A916-A5C8C6F059C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{974C4ED9-C6F2-42C8-A484-0358CB3E3B62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{98A76D19-1A18-4E93-8316-B0C7EE3F0D0E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{98B601FB-84AB-4C90-862D-A06C7AA8390C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A27E4C01-78CF-4DA5-AC63-A9ABD9949FE3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{A3043FB9-A4AB-49E1-B8D4-651E54B42126}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{A56F8A46-43CD-4116-84FE-3CD20271C1FC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A9FC2A9B-9B37-45AE-8D4C-C28BAB774B46}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{AA3AE4DC-B9CC-4739-9838-278B7BA19CBA}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{ABE03697-93B2-47F0-91C6-8320DFFA8520}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{AF967A2A-A08A-4FC9-A7B8-34E9D12D0669}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{B043689E-B62B-4AAC-A22E-308BA1E8986B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{B1D3259E-C0B1-48C6-9979-BD0AD01BCA93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2068583-D179-45BB-8DC7-E965F26C8D43}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B2662EB0-E1DC-44CC-B194-D2D3CFF841E7}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{B349148E-A09F-4226-970E-3E86C5771E04}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{B76B65B7-B57B-45F9-BBE0-6AE13980339E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{BC486153-1F7A-4F80-8460-A23753C3B6EA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{C1B98A0E-529D-4B11-83DE-EC6A3CD661E7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{C43711F3-08C8-4399-8DC7-10B32477DF8C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{C5630EEB-7887-46BF-8F64-42818172BCF4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{CBAEF101-03FA-4DBD-ACAB-91B5E245173A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{CC582AC6-A60E-4E29-BA5D-E0EE803BE3F6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{CE9C0400-EE11-428B-B71E-77AA72FBA437}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D50E9636-70DF-490A-9F29-B4F9991DC40A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{D530C5DE-4412-4BDC-B1C4-A4A0CB33A237}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{DA0253C0-FE0B-4C20-9D9A-7FBB756C9895}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF89F614-B9B4-4CBC-8EF2-FD471C4F1A7E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{E062589E-E364-4357-96D5-96ED7ECD1FC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{E49FEBF0-DA85-4D51-8A47-0CF1291A87C6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E4CFC9BB-056C-4EA1-B36E-80E9303D1EE0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E5014B25-B1CA-4C11-BF3E-B9DB6AA19BAC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{E5253250-7609-48C2-AAE3-BB7DEB1B3BF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{E5BED1BA-2EA8-494D-B220-07DED84E2C04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{E78371DB-3144-492E-9BFD-EB3F23C27013}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{E8F0B00C-B1DF-4E14-90D4-6014A1EB2860}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9173598-169D-4248-B6F5-5B5F1D305D04}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{E95295E7-0859-417D-A2CD-A23780C19AC9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{ED3737F9-3F4F-436D-8E78-A3449750C515}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{EF92F279-F423-42C1-AFA4-D395C6E206CD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{F4EE1CEA-E3C7-4672-8FA2-1E45DA13D6D6}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{F545DB75-4D8A-4CDB-8649-C15BCF9A212F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{F6218813-B15C-4334-BC3A-64178336C040}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"TCP Query User{0F313BE4-26D2-4C98-986E-D8ACD2678648}D:\spiele\mark of chaos\warhammer.exe" = protocol=6 | dir=in | app=d:\spiele\mark of chaos\warhammer.exe | 
"TCP Query User{10FE2D31-0A24-42BC-8EE6-957ECDEA85BA}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{115A19BB-B455-4486-BC8D-5AED55BB5F86}D:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{1199E67A-6513-463F-8BBA-8D2B1E324DBE}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{14270B5C-38A2-415A-B711-14F0CB98EA0E}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"TCP Query User{16286DC4-4FB0-472D-84A0-A8EC5E153000}C:\users\xychor\appdata\roaming\boguut\oxog.exe" = protocol=6 | dir=in | app=c:\users\xychor\appdata\roaming\boguut\oxog.exe | 
"TCP Query User{27F48E89-A1B9-4BD2-8422-E0AC6CC6EB75}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{36D5D073-87EE-4294-939B-A37591CD6954}D:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"TCP Query User{75F28CBA-613A-49D3-AE76-99376FF75BB5}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | 
"TCP Query User{7DB82BD1-978A-4912-926E-1F51785E9DD0}C:\users\xychor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\xychor\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{8699AE4E-E61B-4854-B69A-DD47319D7ABA}D:\spiele\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"TCP Query User{9D1A7B00-0635-4C3A-B268-E54C513D43B8}D:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{C0D620B4-1755-4A9C-955A-1C6D4A1407A5}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{D10E0B94-46F3-4204-896E-A1A3447FCCB6}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{FB3BEE5C-5D27-4FE2-9664-65A5EA70423D}D:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{0508E8EF-6E40-4F6B-B53E-566ECEDF3F7A}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{1005DD4E-9067-43BA-A248-E24959B7988F}C:\users\xychor\appdata\roaming\boguut\oxog.exe" = protocol=17 | dir=in | app=c:\users\xychor\appdata\roaming\boguut\oxog.exe | 
"UDP Query User{131765CA-18CC-4034-8D04-B5D8E5963ED6}D:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{394446F8-5137-4E02-A2FB-B212336D6B5A}D:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{59E77656-48FB-412F-A042-55CF5C5DF95A}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{5E0515CC-D8B6-4CD7-B788-601E0B02B967}D:\spiele\mark of chaos\warhammer.exe" = protocol=17 | dir=in | app=d:\spiele\mark of chaos\warhammer.exe | 
"UDP Query User{5FE926F4-8CA3-40B9-8CE5-12E8BF43C403}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | 
"UDP Query User{68731DE2-FEFB-4676-BCC4-73A6FB931B41}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{7CD0F657-7816-4A0F-98D2-6B365F503D91}D:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{841DADBE-6104-422B-9D97-B6624F1A6A7C}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"UDP Query User{8772002B-534C-40B7-B677-706E97DAB8A3}D:\spiele\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"UDP Query User{AE56F292-C220-4CC6-A720-57D69CF5EF45}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{CAD7BA81-7B20-4098-9387-423A21D60644}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{CEEEF2B8-D48D-404C-8D33-68F253AA82B7}C:\users\xychor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\xychor\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{F72D55AD-DB3C-43B7-96C9-84427EB2E57F}D:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2013
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{442D5880-05B4-4DC8-A038-2EDA79FAE601}" = Warhammer Mark of Chaos Manual Patch
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer® Mark of Chaos
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bibliographix 9_is1" = Bibliographix 9
"BitTorrent" = BitTorrent
"Diablo III" = Diablo III
"DMXControl" = DMXControl 2.12
"DocRepair" = DocRepair
"Inkscape" = Inkscape 0.46
"IrfanView" = IrfanView (remove only)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.13.1734" = Opera 12.13
"Pidgin" = Pidgin
"Quantum GIS Wroclaw" = Quantum GIS Wroclaw 1.7.3 Wroclaw
"RealPlayer 15.0" = RealPlayer
"SedLog_is1" = SedLog 2.1.4
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1214052748-636940894-3971663584-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.01.2013 11:50:48 | Computer Name = PC-Jan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Traktor.exe, Version: 1.2.7.9529,
Zeitstempel: 0x4d36cc12 Name des fehlerhaften Moduls: Traktor.exe, Version: 1.2.7.9529,
Zeitstempel: 0x4d36cc12 Ausnahmecode: 0x40000015 Fehleroffset: 0x00482d74 ID des fehlerhaften
Prozesses: 0x82f20 Startzeit der fehlerhaften Anwendung: 0x01cdff01885c7ef5 Pfad 
der fehlerhaften Anwendung: C:\Program Files\Native Instruments\Traktor\Traktor.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Native Instruments\Traktor\Traktor.exe
Berichtskennung:
d029d822-6af4-11e2-b680-001966f9ef91
 
Error - 30.01.2013 11:52:42 | Computer Name = PC-Jan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Traktor.exe, Version: 1.2.7.9529,
Zeitstempel: 0x4d36cc12 Name des fehlerhaften Moduls: Traktor.exe, Version: 1.2.7.9529,
Zeitstempel: 0x4d36cc12 Ausnahmecode: 0x40000015 Fehleroffset: 0x00482d74 ID des fehlerhaften
Prozesses: 0x839d0 Startzeit der fehlerhaften Anwendung: 0x01cdff01cbcd93cc Pfad 
der fehlerhaften Anwendung: C:\Program Files\Native Instruments\Traktor\Traktor.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Native Instruments\Traktor\Traktor.exe
Berichtskennung:
148bba7b-6af5-11e2-b680-001966f9ef91
 
Error - 30.01.2013 11:53:06 | Computer Name = PC-Jan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Traktor.exe, Version: 1.2.7.9529,
Zeitstempel: 0x4d36cc12 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00032ed0 ID des fehlerhaften
Prozesses: 0x83fd4 Startzeit der fehlerhaften Anwendung: 0x01cdff01d8a8f221 Pfad 
der fehlerhaften Anwendung: C:\Program Files\Native Instruments\Traktor\Traktor.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 22ac89cd-6af5-11e2-b680-001966f9ef91
 
Error - 30.01.2013 11:53:32 | Computer Name = PC-Jan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Traktor.exe, Version: 1.2.7.9529,
Zeitstempel: 0x4d36cc12 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00033709 ID des fehlerhaften
Prozesses: 0xb103c Startzeit der fehlerhaften Anwendung: 0x01cdff01e6f9707b Pfad 
der fehlerhaften Anwendung: C:\Program Files\Native Instruments\Traktor\Traktor.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 31d8607f-6af5-11e2-b680-001966f9ef91
 
Error - 02.02.2013 07:35:47 | Computer Name = PC-Jan | Source = .NET Runtime Optimization Service | ID = 1107
Description = 
 
Error - 02.02.2013 07:39:51 | Computer Name = PC-Jan | Source = ESENT | ID = 215
Description = WinMail (3920) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
 
Error - 02.02.2013 07:39:57 | Computer Name = PC-Jan | Source = ESENT | ID = 215
Description = WinMail (3152) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
 
Error - 04.02.2013 18:55:57 | Computer Name = PC-Jan | Source = Application Hang | ID = 1002
Description = Programm Traktor.exe, Version 1.2.7.9529 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 22d4 Startzeit:
01ce0329c1951d71 Endzeit: 23 Anwendungspfad: C:\Program Files\Native Instruments\Traktor\Traktor.exe
 
Berichts-ID:
e5bb1b6a-6f1d-11e2-9a4e-001966f9ef91 
 
Error - 20.03.2013 19:47:31 | Computer Name = PC-Jan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3189, 
Zeitstempel: 0x4ea85649 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038dc9 ID des fehlerhaften
Prozesses: 0x4ed0 Startzeit der fehlerhaften Anwendung: 0x01ce25c36569ca9d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 87588c5e-91b8-11e2-9be7-001966f9ef91
 
Error - 23.03.2013 10:29:14 | Computer Name = PC-Jan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.1.33,
Zeitstempel: 0x4e64e4e2 Name des fehlerhaften Moduls: AcroRd32.dll, Version: 10.1.1.33,
Zeitstempel: 0x4e64f98b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000218f8 ID des fehlerhaften
Prozesses: 0x35bc Startzeit der fehlerhaften Anwendung: 0x01ce27d2c09765b2 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.dll
Berichtskennung:
08d26b0b-93c6-11e2-8eac-001966f9ef91
 
[ System Events ]
Error - 09.01.2013 22:27:48 | Computer Name = PC-Jan | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
 
Error - 09.01.2013 22:27:48 | Computer Name = PC-Jan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
 
Error - 09.01.2013 23:03:50 | Computer Name = PC-Jan | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 12.01.2013 04:59:42 | Computer Name = PC-Jan | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
 
Error - 13.01.2013 10:33:15 | Computer Name = PC-Jan | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
 
Error - 13.01.2013 14:44:15 | Computer Name = PC-Jan | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
 
Error - 13.01.2013 14:44:18 | Computer Name = PC-Jan | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
 
Error - 13.01.2013 14:46:22 | Computer Name = PC-Jan | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
 
Error - 13.01.2013 14:46:22 | Computer Name = PC-Jan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
 
Error - 13.01.2013 18:43:39 | Computer Name = PC-Jan | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
 
 
< End of report >
         
--- --- ---

Alt 11.04.2013, 14:30   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Hallo,

gab es auf dem Rechner, von dem dieses OTL-Log stammt, irgendwann mal eine Schädlingswarnung sprich ist der Virenscanner mal angesprungen?
__________________

__________________

Alt 11.04.2013, 14:56   #3
Xychor
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Hallo cosinus,

ja, das ist vorgekommen und zwar am 07.01.13 mit folgendem Bericht:

"";"Tracking cookie.Tradedoubler gefunden, C:\Users\Xychor\AppData\Roaming\Microsoft\Windows\Cookies\49NWVDYG.txt";"Infiziert"
"";"Tracking cookie.Mediaplex gefunden, C:\Users\Xychor\AppData\Roaming\Microsoft\Windows\Cookies\QRPKQMDA.txt";"Infiziert"
"";"Tracking cookie.Atdmt gefunden, C:\Users\Xychor\AppData\Roaming\Microsoft\Windows\Cookies\ME0BT1VE.txt";"Infiziert"
"";"Tracking cookie.Serving-sys gefunden, C:\Users\Xychor\AppData\Roaming\Microsoft\Windows\Cookies\SUMDADXS.txt";"In Virenquarantäne verschoben"
"";"Tracking cookie.Serving-sys gefunden, C:\Users\Xychor\AppData\Roaming\Microsoft\Windows\Cookies\F73W2704.txt";"In Virenquarantäne verschoben"
"";"Tracking cookie.Oewabox gefunden, C:\Users\Xychor\AppData\Roaming\Opera\Opera\cookies4.dat";"In Virenquarantäne verschoben"

AVG konnte die Probleme lt. eigener Angabe aber beheben.
__________________

Alt 11.04.2013, 15:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Das sind eh nur Cookies
Gab es auf den anderen Rechnern denn Funde?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.04.2013, 15:18   #5
Xychor
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Die anderen habe ich bisher noch nicht gecheckt.

Der Rechner von meinem Vater ist erst vor 3 Wochen neu angeschafft worden, inkl. AVG Vollversion. Er macht außer Ebay, Email und E-Nachrichten damit auch nicht viel. Würde mich arg wundern, wenn nach so kurzer Zeit bereits eine Infektion vorläge, aber möglich wärs natürlich. Der andere Rechner ist von meiner Schwester und steht nur rum, da sie vor einigen Monaten ausgezogen ist. Davon dürfte in den letzten 2-3 Monaten also keine Aktivität von ausgegangen sein.

Ich tippe daher am ehesten auf mich selbst als Verursacher.

Bye the way: Was ist denn von dieser komischen "oxog.exe" zu halten? Ich kann damit kein installiertes Programm verbinden und google meint wohl auch es handele sich ggf. um malware


Alt 11.04.2013, 15:51   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Das Ding ist mir auch aufgefallen, deswegen fragte ich ja nach Funden. Aber nun gut.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> ZeuS/ZBot Telekom Warnung OTL Log files

Alt 11.04.2013, 17:38   #7
Xychor
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Gesagt getan! Hier die geforderten logs:

Gmer: Beim ersten Durchlauf stürzte das Programm ab (Anwendung reagiert nicht); beim 2. mal gings dann aber.

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-11 17:12:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-4 WDC_WD740ADFS-00SLR5 rev.21.07QR5 69,25GB
Running: mievd99n.exe; Driver: C:\Users\Xychor\AppData\Local\Temp\uxldapow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                               fffff80002dfb000 85 bytes [58, AA, F9, FF, B8, 99, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 646                                                               fffff80002dfb056 29 bytes {XOR AL, AL; JMP 0xfffffffffff79b6b}

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                              * 2
.text     C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                              * 2
.text     C:\Users\Xychor\AppData\Roaming\Dropbox\bin\Dropbox.exe[3716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69            0000000076971465 2 bytes [97, 76]
.text     C:\Users\Xychor\AppData\Roaming\Dropbox\bin\Dropbox.exe[3716] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155           00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                              * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                              * 2
.text     C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076971465 2 bytes [97, 76]
.text     C:\Program Files (x86)\AVG\AVG2013\avgui.exe[3228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000769714bb 2 bytes [97, 76]
.text     ...                                                                                                                              * 2

---- EOF - GMER 2.1 ----
         
MBAR log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.11.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Xychor :: PC-JAN [administrator]

11.04.2013 17:22:17
mbar-log-2013-04-11 (17-22-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27215
Time elapsed: 4 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (PUM.UserWLoad) -> Data: C:\Users\Xychor\LOCALS~1\Temp\msuyot.exe -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load (Trojan.Agent) -> Data: C:\Users\Xychor\LOCALS~1\Temp\msuyot.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Die Version von der angegebenen Website, hat nach dem Cleanup jedoch keinen Neustart induziert, sondern lediglich einen System restore point angefertigt

Ein 2. Scan verlief ohne Ergebnisse (scan log alles "0 detected")

Edith sagt: Bevor ich deinen Anweisungen gefolgt bin, habe ich die Behebungsstrategie aus der Telekommail ausprobiert, d.h. Malwarebyte drüber laufen lassen. Ergebnis waren 3 Funde: 2 unter den Pfaden aus dem MBAR Log und ein "Trojan.Delf" in C:ProgramData/lsass.exe. Alle 3 sollten nach Neustart entfernt worden sein.

Geändert von Xychor (11.04.2013 um 17:43 Uhr)

Alt 12.04.2013, 13:36   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.04.2013, 15:16   #9
Xychor
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



So, dann wollen wir mal. Schon mal danke so weit!

aswMBR log:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-12 14:34:57
-----------------------------
14:34:57.594    OS Version: Windows x64 6.1.7601 Service Pack 1
14:34:57.594    Number of processors: 4 586 0x403
14:34:57.594    ComputerName: PC-JAN  UserName: Xychor
14:34:59.604    Initialize success
14:37:34.833    AVAST engine defs: 13041200
14:37:42.842    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:37:42.842    Disk 0 Vendor: ST3320620SV 3.ACH Size: 305245MB BusType: 3
14:37:42.850    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-4
14:37:42.860    Disk 1 Vendor: WDC_WD740ADFS-00SLR5 21.07QR5 Size: 70911MB BusType: 3
14:37:42.977    Disk 1 MBR read successfully
14:37:42.985    Disk 1 MBR scan
14:37:43.049    Disk 1 Windows 7 default MBR code
14:37:43.067    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:37:43.100    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS        70809 MB offset 206848
14:37:43.141    Disk 1 scanning C:\Windows\system32\drivers
14:37:55.952    Service scanning
14:38:23.959    Modules scanning
14:38:23.977    Disk 1 trace - called modules:
14:38:23.993    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys 
14:38:23.993    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004a27060]
14:38:24.004    3 CLASSPNP.SYS[fffff8800193e43f] -> nt!IofCallDriver -> [0xfffffa8003adb580]
14:38:24.010    5 ACPI.sys[fffff88000f5d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-4[0xfffffa8003ada060]
14:38:25.446    AVAST engine scan C:\Windows
14:38:27.934    AVAST engine scan C:\Windows\system32
14:43:40.505    AVAST engine scan C:\Windows\system32\drivers
14:43:52.728    AVAST engine scan C:\Users\Xychor
15:13:28.813    AVAST engine scan C:\ProgramData
15:14:42.061    Scan finished successfully
15:15:47.801    Disk 1 MBR has been saved successfully to "C:\Users\Xychor\Desktop\MBR.dat"
15:15:47.809    The log file has been saved successfully to "C:\Users\Xychor\Desktop\aswMBR.txt"
         
TDSSKiller log:

Code:
ATTFilter
15:16:04.0426 7980  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:16:04.0768 7980  ============================================================
15:16:04.0768 7980  Current date / time: 2013/04/12 15:16:04.0768
15:16:04.0768 7980  SystemInfo:
15:16:04.0768 7980  
15:16:04.0768 7980  OS Version: 6.1.7601 ServicePack: 1.0
15:16:04.0768 7980  Product type: Workstation
15:16:04.0768 7980  ComputerName: PC-JAN
15:16:04.0776 7980  UserName: Xychor
15:16:04.0776 7980  Windows directory: C:\Windows
15:16:04.0776 7980  System windows directory: C:\Windows
15:16:04.0776 7980  Running under WOW64
15:16:04.0776 7980  Processor architecture: Intel x64
15:16:04.0776 7980  Number of processors: 4
15:16:04.0776 7980  Page size: 0x1000
15:16:04.0776 7980  Boot type: Normal boot
15:16:04.0776 7980  ============================================================
15:16:06.0010 7980  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:16:06.0018 7980  Drive \Device\Harddisk1\DR1 - Size: 0x114FF30000 (69.25 Gb), SectorSize: 0x200, Cylinders: 0x234F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:16:06.0026 7980  ============================================================
15:16:06.0026 7980  \Device\Harddisk0\DR0:
15:16:06.0061 7980  MBR partitions:
15:16:06.0061 7980  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
15:16:06.0061 7980  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1869E598, BlocksNum 0xCD8F129
15:16:06.0061 7980  \Device\Harddisk1\DR1:
15:16:06.0061 7980  MBR partitions:
15:16:06.0061 7980  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:16:06.0061 7980  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x8A4C800
15:16:06.0061 7980  ============================================================
15:16:06.0077 7980  C: <-> \Device\Harddisk1\DR1\Partition2
15:16:06.0944 7980  D: <-> \Device\Harddisk0\DR0\Partition1
15:16:09.0758 7980  E: <-> \Device\Harddisk0\DR0\Partition2
15:16:09.0758 7980  ============================================================
15:16:09.0758 7980  Initialize success
15:16:09.0758 7980  ============================================================
15:16:50.0911 8152  ============================================================
15:16:50.0911 8152  Scan started
15:16:50.0911 8152  Mode: Manual; SigCheck; TDLFS; 
15:16:50.0911 8152  ============================================================
15:16:54.0137 8152  ================ Scan system memory ========================
15:16:54.0137 8152  System memory - ok
15:16:54.0137 8152  ================ Scan services =============================
15:16:54.0227 8152  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:16:54.0395 8152  1394ohci - ok
15:16:54.0428 8152  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:16:54.0436 8152  ACPI - ok
15:16:54.0452 8152  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:16:54.0569 8152  AcpiPmi - ok
15:16:54.0620 8152  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:16:54.0655 8152  AdobeARMservice - ok
15:16:54.0704 8152  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:16:54.0739 8152  adp94xx - ok
15:16:54.0754 8152  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:16:54.0770 8152  adpahci - ok
15:16:54.0788 8152  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:16:54.0797 8152  adpu320 - ok
15:16:54.0813 8152  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:16:54.0952 8152  AeLookupSvc - ok
15:16:54.0993 8152  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:16:55.0083 8152  AFD - ok
15:16:55.0108 8152  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:16:55.0131 8152  agp440 - ok
15:16:55.0147 8152  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:16:55.0186 8152  ALG - ok
15:16:55.0202 8152  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:16:55.0217 8152  aliide - ok
15:16:55.0231 8152  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:16:55.0241 8152  amdide - ok
15:16:55.0256 8152  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:16:55.0286 8152  AmdK8 - ok
15:16:55.0303 8152  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:16:55.0329 8152  AmdPPM - ok
15:16:55.0352 8152  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:16:55.0370 8152  amdsata - ok
15:16:55.0385 8152  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:16:55.0399 8152  amdsbs - ok
15:16:55.0411 8152  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:16:55.0418 8152  amdxata - ok
15:16:55.0434 8152  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:16:55.0622 8152  AppID - ok
15:16:55.0651 8152  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:16:55.0708 8152  AppIDSvc - ok
15:16:55.0741 8152  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:16:55.0790 8152  Appinfo - ok
15:16:55.0797 8152  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:16:55.0809 8152  arc - ok
15:16:55.0811 8152  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:16:55.0829 8152  arcsas - ok
15:16:55.0844 8152  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:16:55.0877 8152  AsyncMac - ok
15:16:55.0893 8152  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:16:55.0907 8152  atapi - ok
15:16:55.0967 8152  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:16:56.0083 8152  athr - ok
15:16:56.0127 8152  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:16:56.0227 8152  AudioEndpointBuilder - ok
15:16:56.0243 8152  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:16:56.0266 8152  AudioSrv - ok
15:16:56.0473 8152  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
15:16:56.0682 8152  AVGIDSAgent - ok
15:16:56.0706 8152  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:16:56.0731 8152  AVGIDSDriver - ok
15:16:56.0756 8152  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
15:16:56.0764 8152  AVGIDSHA - ok
15:16:56.0776 8152  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
15:16:56.0791 8152  Avgldx64 - ok
15:16:56.0823 8152  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
15:16:56.0833 8152  Avgloga - ok
15:16:56.0852 8152  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
15:16:56.0868 8152  Avgmfx64 - ok
15:16:56.0883 8152  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
15:16:56.0891 8152  Avgrkx64 - ok
15:16:56.0899 8152  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
15:16:56.0918 8152  Avgtdia - ok
15:16:56.0934 8152  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
15:16:56.0954 8152  avgwd - ok
15:16:56.0969 8152  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:16:57.0069 8152  AxInstSV - ok
15:16:57.0104 8152  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:16:57.0153 8152  b06bdrv - ok
15:16:57.0170 8152  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:16:57.0196 8152  b57nd60a - ok
15:16:57.0229 8152  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:16:57.0256 8152  BDESVC - ok
15:16:57.0264 8152  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:16:57.0303 8152  Beep - ok
15:16:57.0362 8152  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:16:57.0420 8152  BFE - ok
15:16:57.0452 8152  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:16:57.0528 8152  BITS - ok
15:16:57.0553 8152  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:16:57.0569 8152  blbdrive - ok
15:16:57.0610 8152  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:16:57.0647 8152  bowser - ok
15:16:57.0657 8152  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:16:57.0680 8152  BrFiltLo - ok
15:16:57.0696 8152  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:16:57.0704 8152  BrFiltUp - ok
15:16:57.0719 8152  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:16:57.0745 8152  Browser - ok
15:16:57.0760 8152  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:16:57.0793 8152  Brserid - ok
15:16:57.0793 8152  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:16:57.0817 8152  BrSerWdm - ok
15:16:57.0817 8152  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:16:57.0834 8152  BrUsbMdm - ok
15:16:57.0838 8152  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:16:57.0846 8152  BrUsbSer - ok
15:16:57.0866 8152  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:16:57.0885 8152  BTHMODEM - ok
15:16:57.0909 8152  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:16:57.0950 8152  bthserv - ok
15:16:57.0969 8152  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:16:58.0010 8152  cdfs - ok
15:16:58.0034 8152  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
15:16:58.0067 8152  cdrom - ok
15:16:58.0092 8152  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:16:58.0133 8152  CertPropSvc - ok
15:16:58.0141 8152  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:16:58.0157 8152  circlass - ok
15:16:58.0186 8152  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:16:58.0202 8152  CLFS - ok
15:16:58.0250 8152  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:16:58.0280 8152  clr_optimization_v2.0.50727_32 - ok
15:16:58.0311 8152  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:16:58.0327 8152  clr_optimization_v2.0.50727_64 - ok
15:16:58.0362 8152  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:16:58.0405 8152  clr_optimization_v4.0.30319_32 - ok
15:16:58.0424 8152  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:16:58.0442 8152  clr_optimization_v4.0.30319_64 - ok
15:16:58.0442 8152  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:16:58.0467 8152  CmBatt - ok
15:16:58.0491 8152  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:16:58.0504 8152  cmdide - ok
15:16:58.0520 8152  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:16:58.0555 8152  CNG - ok
15:16:58.0563 8152  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:16:58.0571 8152  Compbatt - ok
15:16:58.0586 8152  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:16:58.0612 8152  CompositeBus - ok
15:16:58.0627 8152  COMSysApp - ok
15:16:58.0627 8152  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:16:58.0643 8152  crcdisk - ok
15:16:58.0670 8152  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:16:58.0708 8152  CryptSvc - ok
15:16:58.0733 8152  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
15:16:58.0741 8152  CVirtA - ok
15:16:58.0827 8152  [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
15:16:58.0899 8152  CVPND - ok
15:16:58.0936 8152  [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
15:16:58.0944 8152  CVPNDRVA - ok
15:16:58.0977 8152  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:16:59.0043 8152  DcomLaunch - ok
15:16:59.0067 8152  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:16:59.0108 8152  defragsvc - ok
15:16:59.0143 8152  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:16:59.0188 8152  DfsC - ok
15:16:59.0219 8152  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:16:59.0245 8152  Dhcp - ok
15:16:59.0245 8152  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:16:59.0293 8152  discache - ok
15:16:59.0309 8152  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:16:59.0317 8152  Disk - ok
15:16:59.0350 8152  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
15:16:59.0360 8152  DNE - ok
15:16:59.0383 8152  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:16:59.0461 8152  Dnscache - ok
15:16:59.0495 8152  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:16:59.0543 8152  dot3svc - ok
15:16:59.0584 8152  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
15:16:59.0602 8152  Dot4 - ok
15:16:59.0618 8152  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
15:16:59.0643 8152  Dot4Print - ok
15:16:59.0651 8152  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
15:16:59.0678 8152  dot4usb - ok
15:16:59.0694 8152  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:16:59.0735 8152  DPS - ok
15:16:59.0745 8152  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:16:59.0768 8152  drmkaud - ok
15:16:59.0801 8152  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:16:59.0881 8152  DXGKrnl - ok
15:16:59.0905 8152  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:16:59.0961 8152  EapHost - ok
15:17:00.0057 8152  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:17:00.0241 8152  ebdrv - ok
15:17:00.0264 8152  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:17:00.0311 8152  EFS - ok
15:17:00.0366 8152  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:17:00.0438 8152  ehRecvr - ok
15:17:00.0459 8152  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:17:00.0493 8152  ehSched - ok
15:17:00.0524 8152  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:17:00.0557 8152  elxstor - ok
15:17:00.0575 8152  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:17:00.0588 8152  ErrDev - ok
15:17:00.0610 8152  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:17:00.0651 8152  EventSystem - ok
15:17:00.0659 8152  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:17:00.0690 8152  exfat - ok
15:17:00.0702 8152  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:17:00.0750 8152  fastfat - ok
15:17:00.0791 8152  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:17:00.0834 8152  Fax - ok
15:17:00.0850 8152  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:17:00.0860 8152  fdc - ok
15:17:00.0875 8152  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:17:00.0907 8152  fdPHost - ok
15:17:00.0918 8152  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:17:00.0950 8152  FDResPub - ok
15:17:00.0959 8152  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:17:00.0967 8152  FileInfo - ok
15:17:00.0975 8152  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:17:01.0008 8152  Filetrace - ok
15:17:01.0016 8152  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:17:01.0024 8152  flpydisk - ok
15:17:01.0041 8152  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:17:01.0057 8152  FltMgr - ok
15:17:01.0110 8152  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:17:01.0159 8152  FontCache - ok
15:17:01.0192 8152  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:17:01.0202 8152  FontCache3.0.0.0 - ok
15:17:01.0217 8152  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:17:01.0227 8152  FsDepends - ok
15:17:01.0243 8152  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:17:01.0250 8152  Fs_Rec - ok
15:17:01.0286 8152  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:17:01.0301 8152  fvevol - ok
15:17:01.0319 8152  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:17:01.0329 8152  gagp30kx - ok
15:17:01.0377 8152  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:17:01.0471 8152  gpsvc - ok
15:17:01.0479 8152  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:17:01.0512 8152  hcw85cir - ok
15:17:01.0545 8152  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:17:01.0569 8152  HdAudAddService - ok
15:17:01.0596 8152  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:17:01.0627 8152  HDAudBus - ok
15:17:01.0635 8152  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:17:01.0653 8152  HidBatt - ok
15:17:01.0661 8152  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:17:01.0668 8152  HidBth - ok
15:17:01.0686 8152  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:17:01.0706 8152  HidIr - ok
15:17:01.0719 8152  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:17:01.0758 8152  hidserv - ok
15:17:01.0784 8152  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
15:17:01.0799 8152  HidUsb - ok
15:17:01.0807 8152  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:17:01.0850 8152  hkmsvc - ok
15:17:01.0883 8152  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:17:01.0916 8152  HomeGroupListener - ok
15:17:01.0934 8152  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:17:01.0959 8152  HomeGroupProvider - ok
15:17:01.0983 8152  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:17:01.0999 8152  HpSAMD - ok
15:17:02.0043 8152  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:17:02.0092 8152  HTTP - ok
15:17:02.0110 8152  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:17:02.0122 8152  hwpolicy - ok
15:17:02.0153 8152  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:17:02.0161 8152  i8042prt - ok
15:17:02.0202 8152  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:17:02.0217 8152  iaStorV - ok
15:17:02.0270 8152  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:17:02.0290 8152  idsvc - ok
15:17:02.0305 8152  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:17:02.0313 8152  iirsp - ok
15:17:02.0346 8152  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:17:02.0397 8152  IKEEXT - ok
15:17:02.0479 8152  [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:17:02.0553 8152  IntcAzAudAddService - ok
15:17:02.0569 8152  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:17:02.0584 8152  intelide - ok
15:17:02.0602 8152  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:17:02.0618 8152  intelppm - ok
15:17:02.0645 8152  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:17:02.0678 8152  IPBusEnum - ok
15:17:02.0690 8152  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:17:02.0731 8152  IpFilterDriver - ok
15:17:02.0762 8152  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:17:02.0834 8152  iphlpsvc - ok
15:17:02.0864 8152  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:17:02.0895 8152  IPMIDRV - ok
15:17:02.0903 8152  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:17:02.0963 8152  IPNAT - ok
15:17:02.0981 8152  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:17:03.0047 8152  IRENUM - ok
15:17:03.0063 8152  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:17:03.0079 8152  isapnp - ok
15:17:03.0106 8152  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:17:03.0131 8152  iScsiPrt - ok
15:17:03.0163 8152  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:17:03.0172 8152  kbdclass - ok
15:17:03.0192 8152  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:17:03.0206 8152  kbdhid - ok
15:17:03.0215 8152  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:17:03.0231 8152  KeyIso - ok
15:17:03.0249 8152  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:17:03.0256 8152  KSecDD - ok
15:17:03.0272 8152  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:17:03.0282 8152  KSecPkg - ok
15:17:03.0297 8152  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:17:03.0327 8152  ksthunk - ok
15:17:03.0350 8152  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:17:03.0395 8152  KtmRm - ok
15:17:03.0420 8152  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:17:03.0456 8152  LanmanServer - ok
15:17:03.0483 8152  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:17:03.0530 8152  LanmanWorkstation - ok
15:17:03.0555 8152  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:17:03.0579 8152  lltdio - ok
15:17:03.0612 8152  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:17:03.0649 8152  lltdsvc - ok
15:17:03.0659 8152  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:17:03.0690 8152  lmhosts - ok
15:17:03.0704 8152  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:17:03.0719 8152  LSI_FC - ok
15:17:03.0719 8152  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:17:03.0737 8152  LSI_SAS - ok
15:17:03.0737 8152  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:17:03.0745 8152  LSI_SAS2 - ok
15:17:03.0762 8152  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:17:03.0770 8152  LSI_SCSI - ok
15:17:03.0788 8152  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:17:03.0819 8152  luafv - ok
15:17:03.0844 8152  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:17:03.0852 8152  MBAMProtector - ok
15:17:03.0911 8152  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:17:03.0950 8152  MBAMScheduler - ok
15:17:04.0002 8152  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:17:04.0034 8152  MBAMService - ok
15:17:04.0051 8152  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:17:04.0077 8152  Mcx2Svc - ok
15:17:04.0084 8152  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:17:04.0094 8152  megasas - ok
15:17:04.0110 8152  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:17:04.0127 8152  MegaSR - ok
15:17:04.0153 8152  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:17:04.0188 8152  MMCSS - ok
15:17:04.0209 8152  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:17:04.0247 8152  Modem - ok
15:17:04.0272 8152  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:17:04.0295 8152  monitor - ok
15:17:04.0311 8152  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
15:17:04.0319 8152  mouclass - ok
15:17:04.0340 8152  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:17:04.0350 8152  mouhid - ok
15:17:04.0374 8152  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:17:04.0387 8152  mountmgr - ok
15:17:04.0403 8152  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:17:04.0413 8152  mpio - ok
15:17:04.0428 8152  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:17:04.0463 8152  mpsdrv - ok
15:17:04.0504 8152  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:17:04.0561 8152  MpsSvc - ok
15:17:04.0594 8152  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:17:04.0610 8152  MRxDAV - ok
15:17:04.0635 8152  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:04.0668 8152  mrxsmb - ok
15:17:04.0676 8152  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:04.0700 8152  mrxsmb10 - ok
15:17:04.0715 8152  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:04.0735 8152  mrxsmb20 - ok
15:17:04.0750 8152  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:17:04.0758 8152  msahci - ok
15:17:04.0774 8152  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:17:04.0788 8152  msdsm - ok
15:17:04.0803 8152  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:17:04.0829 8152  MSDTC - ok
15:17:04.0844 8152  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:17:04.0877 8152  Msfs - ok
15:17:04.0877 8152  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:17:04.0913 8152  mshidkmdf - ok
15:17:04.0936 8152  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:17:04.0944 8152  msisadrv - ok
15:17:04.0973 8152  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:17:05.0018 8152  MSiSCSI - ok
15:17:05.0018 8152  msiserver - ok
15:17:05.0034 8152  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:17:05.0075 8152  MSKSSRV - ok
15:17:05.0083 8152  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:05.0108 8152  MSPCLOCK - ok
15:17:05.0116 8152  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:17:05.0157 8152  MSPQM - ok
15:17:05.0182 8152  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:17:05.0190 8152  MsRPC - ok
15:17:05.0213 8152  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:17:05.0223 8152  mssmbios - ok
15:17:05.0239 8152  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:17:05.0262 8152  MSTEE - ok
15:17:05.0270 8152  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:17:05.0290 8152  MTConfig - ok
15:17:05.0305 8152  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:17:05.0313 8152  Mup - ok
15:17:05.0348 8152  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:17:05.0397 8152  napagent - ok
15:17:05.0420 8152  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:17:05.0448 8152  NativeWifiP - ok
15:17:05.0547 8152  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:17:05.0598 8152  NDIS - ok
15:17:05.0606 8152  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:17:05.0649 8152  NdisCap - ok
15:17:05.0657 8152  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:05.0698 8152  NdisTapi - ok
15:17:05.0721 8152  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:05.0749 8152  Ndisuio - ok
15:17:05.0774 8152  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:05.0813 8152  NdisWan - ok
15:17:05.0831 8152  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:17:05.0875 8152  NDProxy - ok
15:17:05.0916 8152  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:17:05.0932 8152  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:17:05.0932 8152  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:17:05.0958 8152  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:17:06.0004 8152  NetBIOS - ok
15:17:06.0022 8152  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:17:06.0055 8152  NetBT - ok
15:17:06.0071 8152  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:17:06.0079 8152  Netlogon - ok
15:17:06.0104 8152  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:17:06.0149 8152  Netman - ok
15:17:06.0165 8152  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:17:06.0213 8152  netprofm - ok
15:17:06.0229 8152  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:17:06.0245 8152  NetTcpPortSharing - ok
15:17:06.0252 8152  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:17:06.0260 8152  nfrd960 - ok
15:17:06.0293 8152  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:17:06.0309 8152  NlaSvc - ok
15:17:06.0317 8152  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:17:06.0350 8152  Npfs - ok
15:17:06.0368 8152  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:17:06.0399 8152  nsi - ok
15:17:06.0407 8152  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:17:06.0450 8152  nsiproxy - ok
15:17:06.0540 8152  [ B8965FB53551B5455630A4B804D0791F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:17:06.0624 8152  Ntfs - ok
15:17:06.0641 8152  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:17:06.0680 8152  Null - ok
15:17:06.0973 8152  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:17:07.0364 8152  nvlddmkm - ok
15:17:07.0395 8152  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:17:07.0403 8152  nvraid - ok
15:17:07.0420 8152  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:17:07.0436 8152  nvstor - ok
15:17:07.0477 8152  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:17:07.0506 8152  nvsvc - ok
15:17:07.0584 8152  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:17:07.0666 8152  nvUpdatusService - ok
15:17:07.0692 8152  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:17:07.0708 8152  nv_agp - ok
15:17:07.0733 8152  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:17:07.0743 8152  ohci1394 - ok
15:17:07.0766 8152  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:17:07.0815 8152  p2pimsvc - ok
15:17:07.0834 8152  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:17:07.0850 8152  p2psvc - ok
15:17:07.0868 8152  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:17:07.0885 8152  Parport - ok
15:17:07.0901 8152  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:17:07.0911 8152  partmgr - ok
15:17:07.0926 8152  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:17:07.0950 8152  PcaSvc - ok
15:17:07.0975 8152  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:17:07.0983 8152  pci - ok
15:17:08.0008 8152  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:17:08.0018 8152  pciide - ok
15:17:08.0036 8152  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:17:08.0051 8152  pcmcia - ok
15:17:08.0067 8152  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:17:08.0075 8152  pcw - ok
15:17:08.0100 8152  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:17:08.0151 8152  PEAUTH - ok
15:17:08.0200 8152  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:17:08.0223 8152  PerfHost - ok
15:17:08.0284 8152  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:17:08.0360 8152  pla - ok
15:17:08.0389 8152  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:17:08.0413 8152  PlugPlay - ok
15:17:08.0436 8152  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:17:08.0452 8152  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:17:08.0452 8152  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:17:08.0471 8152  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:17:08.0487 8152  PNRPAutoReg - ok
15:17:08.0512 8152  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:17:08.0528 8152  PNRPsvc - ok
15:17:08.0553 8152  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:17:08.0602 8152  PolicyAgent - ok
15:17:08.0625 8152  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:17:08.0670 8152  Power - ok
15:17:08.0690 8152  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:17:08.0731 8152  PptpMiniport - ok
15:17:08.0750 8152  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:17:08.0774 8152  Processor - ok
15:17:08.0805 8152  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:17:08.0846 8152  ProfSvc - ok
15:17:08.0854 8152  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:17:08.0872 8152  ProtectedStorage - ok
15:17:08.0895 8152  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:17:08.0961 8152  Psched - ok
15:17:09.0004 8152  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:17:09.0061 8152  ql2300 - ok
15:17:09.0069 8152  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:17:09.0084 8152  ql40xx - ok
15:17:09.0102 8152  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:17:09.0118 8152  QWAVE - ok
15:17:09.0135 8152  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:17:09.0155 8152  QWAVEdrv - ok
15:17:09.0170 8152  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:17:09.0211 8152  RasAcd - ok
15:17:09.0245 8152  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:17:09.0268 8152  RasAgileVpn - ok
15:17:09.0278 8152  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:17:09.0317 8152  RasAuto - ok
15:17:09.0336 8152  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:17:09.0368 8152  Rasl2tp - ok
15:17:09.0393 8152  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:17:09.0434 8152  RasMan - ok
15:17:09.0442 8152  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:17:09.0485 8152  RasPppoe - ok
15:17:09.0495 8152  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:17:09.0522 8152  RasSstp - ok
15:17:09.0545 8152  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:17:09.0579 8152  rdbss - ok
15:17:09.0586 8152  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:17:09.0604 8152  rdpbus - ok
15:17:09.0620 8152  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:17:09.0645 8152  RDPCDD - ok
15:17:09.0668 8152  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:17:09.0702 8152  RDPENCDD - ok
15:17:09.0717 8152  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:17:09.0743 8152  RDPREFMP - ok
15:17:09.0768 8152  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:17:09.0838 8152  RDPWD - ok
15:17:09.0864 8152  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:17:09.0893 8152  rdyboost - ok
15:17:09.0911 8152  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:17:09.0950 8152  RemoteAccess - ok
15:17:09.0973 8152  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:17:10.0006 8152  RemoteRegistry - ok
15:17:10.0020 8152  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:17:10.0061 8152  RpcEptMapper - ok
15:17:10.0077 8152  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:17:10.0110 8152  RpcLocator - ok
15:17:10.0127 8152  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:17:10.0163 8152  RpcSs - ok
15:17:10.0170 8152  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:17:10.0204 8152  rspndr - ok
15:17:10.0237 8152  [ F65F171165FBB613F7AA3CC78E8CAB42 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:17:10.0290 8152  RTL8167 - ok
15:17:10.0305 8152  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:17:10.0313 8152  SamSs - ok
15:17:10.0340 8152  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:17:10.0348 8152  sbp2port - ok
15:17:10.0383 8152  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:17:10.0424 8152  SCardSvr - ok
15:17:10.0442 8152  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:17:10.0475 8152  scfilter - ok
15:17:10.0526 8152  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:17:10.0616 8152  Schedule - ok
15:17:10.0635 8152  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:17:10.0666 8152  SCPolicySvc - ok
15:17:10.0684 8152  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:17:10.0715 8152  SDRSVC - ok
15:17:10.0733 8152  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:17:10.0778 8152  secdrv - ok
15:17:10.0793 8152  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:17:10.0825 8152  seclogon - ok
15:17:10.0834 8152  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:17:10.0877 8152  SENS - ok
15:17:10.0895 8152  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:17:10.0920 8152  SensrSvc - ok
15:17:10.0938 8152  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:17:10.0954 8152  Serenum - ok
15:17:10.0979 8152  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:17:10.0991 8152  Serial - ok
15:17:11.0006 8152  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:17:11.0022 8152  sermouse - ok
15:17:11.0045 8152  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:17:11.0084 8152  SessionEnv - ok
15:17:11.0104 8152  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:17:11.0135 8152  sffdisk - ok
15:17:11.0153 8152  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:17:11.0168 8152  sffp_mmc - ok
15:17:11.0188 8152  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:17:11.0204 8152  sffp_sd - ok
15:17:11.0219 8152  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:17:11.0229 8152  sfloppy - ok
15:17:11.0252 8152  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:17:11.0297 8152  SharedAccess - ok
15:17:11.0333 8152  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:17:11.0374 8152  ShellHWDetection - ok
15:17:11.0381 8152  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:17:11.0389 8152  SiSRaid2 - ok
15:17:11.0407 8152  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:17:11.0416 8152  SiSRaid4 - ok
15:17:11.0432 8152  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:17:11.0465 8152  Smb - ok
15:17:11.0500 8152  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:17:11.0541 8152  SNMPTRAP - ok
15:17:11.0557 8152  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:17:11.0573 8152  spldr - ok
15:17:11.0610 8152  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:17:11.0661 8152  Spooler - ok
15:17:11.0788 8152  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:17:11.0961 8152  sppsvc - ok
15:17:11.0977 8152  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:17:12.0014 8152  sppuinotify - ok
15:17:12.0047 8152  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:17:12.0086 8152  srv - ok
15:17:12.0108 8152  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:17:12.0133 8152  srv2 - ok
15:17:12.0151 8152  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:17:12.0166 8152  srvnet - ok
15:17:12.0200 8152  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:17:12.0243 8152  SSDPSRV - ok
15:17:12.0258 8152  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:17:12.0293 8152  SstpSvc - ok
15:17:12.0350 8152  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:17:12.0368 8152  Stereo Service - ok
15:17:12.0385 8152  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:17:12.0393 8152  stexstor - ok
15:17:12.0434 8152  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:17:12.0469 8152  stisvc - ok
15:17:12.0493 8152  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:17:12.0502 8152  swenum - ok
15:17:12.0528 8152  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:17:12.0573 8152  swprv - ok
15:17:12.0653 8152  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:17:12.0766 8152  SysMain - ok
15:17:12.0782 8152  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:17:12.0801 8152  TabletInputService - ok
15:17:12.0817 8152  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:17:12.0858 8152  TapiSrv - ok
15:17:12.0881 8152  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:17:12.0905 8152  TBS - ok
15:17:12.0999 8152  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:17:13.0079 8152  Tcpip - ok
15:17:13.0120 8152  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:17:13.0153 8152  TCPIP6 - ok
15:17:13.0178 8152  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:17:13.0194 8152  tcpipreg - ok
15:17:13.0202 8152  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:17:13.0270 8152  TDPIPE - ok
15:17:13.0295 8152  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:17:13.0311 8152  TDTCP - ok
15:17:13.0340 8152  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:17:13.0377 8152  tdx - ok
15:17:13.0393 8152  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:17:13.0401 8152  TermDD - ok
15:17:13.0440 8152  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:17:13.0495 8152  TermService - ok
15:17:13.0510 8152  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:17:13.0526 8152  Themes - ok
15:17:13.0541 8152  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:17:13.0573 8152  THREADORDER - ok
15:17:13.0581 8152  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:17:13.0618 8152  TrkWks - ok
15:17:13.0645 8152  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:17:13.0692 8152  TrustedInstaller - ok
15:17:13.0708 8152  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:17:13.0733 8152  tssecsrv - ok
15:17:13.0760 8152  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:17:13.0791 8152  TsUsbFlt - ok
15:17:13.0815 8152  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:17:13.0848 8152  tunnel - ok
15:17:13.0856 8152  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:17:13.0872 8152  uagp35 - ok
15:17:13.0887 8152  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:17:13.0928 8152  udfs - ok
15:17:13.0954 8152  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:17:13.0975 8152  UI0Detect - ok
15:17:13.0991 8152  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:17:13.0999 8152  uliagpkx - ok
15:17:14.0022 8152  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
15:17:14.0038 8152  umbus - ok
15:17:14.0045 8152  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:17:14.0053 8152  UmPass - ok
15:17:14.0075 8152  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:17:14.0122 8152  upnphost - ok
15:17:14.0141 8152  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:17:14.0165 8152  usbccgp - ok
15:17:14.0190 8152  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:17:14.0206 8152  usbcir - ok
15:17:14.0221 8152  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:17:14.0239 8152  usbehci - ok
15:17:14.0254 8152  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:17:14.0284 8152  usbhub - ok
15:17:14.0299 8152  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:17:14.0325 8152  usbohci - ok
15:17:14.0333 8152  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:17:14.0358 8152  usbprint - ok
15:17:14.0383 8152  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:17:14.0399 8152  usbscan - ok
15:17:14.0434 8152  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
15:17:14.0475 8152  USBSTOR - ok
15:17:14.0500 8152  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:17:14.0508 8152  usbuhci - ok
15:17:14.0524 8152  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:17:14.0571 8152  UxSms - ok
15:17:14.0584 8152  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:17:14.0596 8152  VaultSvc - ok
15:17:14.0616 8152  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:17:14.0624 8152  vdrvroot - ok
15:17:14.0672 8152  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:17:14.0733 8152  vds - ok
15:17:14.0741 8152  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:17:14.0756 8152  vga - ok
15:17:14.0764 8152  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:17:14.0793 8152  VgaSave - ok
15:17:14.0819 8152  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:17:14.0829 8152  vhdmp - ok
15:17:14.0852 8152  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:17:14.0862 8152  viaide - ok
15:17:14.0877 8152  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:17:14.0885 8152  volmgr - ok
15:17:14.0907 8152  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:17:14.0922 8152  volmgrx - ok
15:17:14.0946 8152  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:17:14.0954 8152  volsnap - ok
15:17:14.0971 8152  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:17:14.0983 8152  vsmraid - ok
15:17:15.0047 8152  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:17:15.0147 8152  VSS - ok
15:17:15.0151 8152  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:17:15.0180 8152  vwifibus - ok
15:17:15.0204 8152  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:17:15.0229 8152  vwififlt - ok
15:17:15.0252 8152  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:17:15.0323 8152  W32Time - ok
15:17:15.0336 8152  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:17:15.0354 8152  WacomPen - ok
15:17:15.0372 8152  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:17:15.0403 8152  WANARP - ok
15:17:15.0403 8152  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:17:15.0434 8152  Wanarpv6 - ok
15:17:15.0502 8152  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:17:15.0584 8152  wbengine - ok
15:17:15.0610 8152  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:17:15.0633 8152  WbioSrvc - ok
15:17:15.0659 8152  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:17:15.0692 8152  wcncsvc - ok
15:17:15.0708 8152  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:17:15.0733 8152  WcsPlugInService - ok
15:17:15.0741 8152  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:17:15.0749 8152  Wd - ok
15:17:15.0790 8152  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:17:15.0817 8152  Wdf01000 - ok
15:17:15.0833 8152  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:17:15.0889 8152  WdiServiceHost - ok
15:17:15.0889 8152  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:17:15.0905 8152  WdiSystemHost - ok
15:17:15.0920 8152  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:17:15.0954 8152  WebClient - ok
15:17:15.0973 8152  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:17:16.0022 8152  Wecsvc - ok
15:17:16.0038 8152  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:17:16.0077 8152  wercplsupport - ok
15:17:16.0104 8152  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:17:16.0145 8152  WerSvc - ok
15:17:16.0161 8152  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:17:16.0194 8152  WfpLwf - ok
15:17:16.0202 8152  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:17:16.0209 8152  WIMMount - ok
15:17:16.0235 8152  WinDefend - ok
15:17:16.0243 8152  WinHttpAutoProxySvc - ok
15:17:16.0291 8152  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:17:16.0348 8152  Winmgmt - ok
15:17:16.0428 8152  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:17:16.0528 8152  WinRM - ok
15:17:16.0569 8152  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:17:16.0584 8152  WinUsb - ok
15:17:16.0620 8152  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:17:16.0651 8152  Wlansvc - ok
15:17:16.0836 8152  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:17:16.0952 8152  wlidsvc - ok
15:17:16.0967 8152  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:17:16.0985 8152  WmiAcpi - ok
15:17:17.0002 8152  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:17:17.0094 8152  wmiApSrv - ok
15:17:17.0168 8152  WMPNetworkSvc - ok
15:17:17.0182 8152  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:17:17.0219 8152  WPCSvc - ok
15:17:17.0237 8152  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:17:17.0268 8152  WPDBusEnum - ok
15:17:17.0293 8152  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:17:17.0342 8152  ws2ifsl - ok
15:17:17.0350 8152  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:17:17.0383 8152  wscsvc - ok
15:17:17.0383 8152  WSearch - ok
15:17:17.0483 8152  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:17:17.0579 8152  wuauserv - ok
15:17:17.0600 8152  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:17:17.0620 8152  WudfPf - ok
15:17:17.0645 8152  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:17:17.0661 8152  WUDFRd - ok
15:17:17.0678 8152  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:17:17.0698 8152  wudfsvc - ok
15:17:17.0725 8152  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:17:17.0750 8152  WwanSvc - ok
15:17:17.0766 8152  ================ Scan global ===============================
15:17:17.0782 8152  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:17:17.0799 8152  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:17:17.0807 8152  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:17:17.0833 8152  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:17:17.0848 8152  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:17:17.0848 8152  [Global] - ok
15:17:17.0848 8152  ================ Scan MBR ==================================
15:17:17.0916 8152  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:17:20.0360 8152  \Device\Harddisk0\DR0 - ok
15:17:20.0372 8152  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:17:20.0514 8152  \Device\Harddisk1\DR1 - ok
15:17:20.0514 8152  ================ Scan VBR ==================================
15:17:20.0514 8152  [ 98B1B206D9F423B6159D55E8159CEF98 ] \Device\Harddisk0\DR0\Partition1
15:17:20.0624 8152  \Device\Harddisk0\DR0\Partition1 - ok
15:17:20.0670 8152  [ B93975F3DAFD61C08C74C201F06F473A ] \Device\Harddisk0\DR0\Partition2
15:17:20.0698 8152  \Device\Harddisk0\DR0\Partition2 - ok
15:17:20.0706 8152  [ A67E14F1ED6D3E90998A18800EF0AAC9 ] \Device\Harddisk1\DR1\Partition1
15:17:20.0706 8152  \Device\Harddisk1\DR1\Partition1 - ok
15:17:20.0713 8152  [ A4B202F076340C40A34FCAB55401EE5B ] \Device\Harddisk1\DR1\Partition2
15:17:20.0713 8152  \Device\Harddisk1\DR1\Partition2 - ok
15:17:20.0713 8152  ============================================================
15:17:20.0713 8152  Scan finished
15:17:20.0713 8152  ============================================================
15:17:20.0729 7916  Detected object count: 2
15:17:20.0729 7916  Actual detected object count: 2
15:17:50.0810 7916  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:17:50.0810 7916  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:17:50.0810 7916  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:17:50.0810 7916  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:18:33.0621 2464  Deinitialize success
         

Alt 13.04.2013, 00:55   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2013, 16:14   #11
Xychor
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Hier die log.txt von Combofix:

Code:
ATTFilter
ComboFix 13-04-12.02 - Xychor 13.04.2013  15:40:57.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2366 [GMT 2:00]
ausgeführt von:: c:\users\Xychor\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dapeton.pad
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\auth.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\burnlib.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\dsp_sps.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\enc_fhgaac.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\enc_flac.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\enc_lame.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\enc_vorbis.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\enc_wav.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\enc_wma.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_classicart.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_crasher.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_ff.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_find_on_disk.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_hotkeys.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_jumpex.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_ml.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_nopro.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_orgler.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_skinmanager.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_timerestore.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_tray.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\gen_undo.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_avi.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_cdda.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_dshow.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_flac.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_flv.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_linein.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_midi.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_mkv.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_mod.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_mp3.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_mp4.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_nsv.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_swf.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_vorbis.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_wav.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_wave.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_wm.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\in_wv.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_addons.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_autotag.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_bookmarks.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_devices.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_disc.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_downloads.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_enqplay.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_history.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_impex.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_local.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_nowplaying.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_online.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_orb.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_playlists.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_plg.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_pmp.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_rg.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_transcode.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ml_wire.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\ombrowser.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\out_disk.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\out_ds.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\out_wave.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\playlist.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\pmp_activesync.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\pmp_android.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\pmp_ipod.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\pmp_njb.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\pmp_p4s.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\pmp_usb.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\pmp_wifi.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\tagz.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\vis_avs.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\vis_milk2.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\vis_nsfs.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\winamp.lng
c:\users\Xychor\AppData\Local\Temp\WLZ902B.tmp\winampa.lng
c:\windows\SysWow64\SETACCE.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-13 bis 2013-04-13  ))))))))))))))))))))))))))))))
.
.
2013-04-11 13:26 . 2013-04-11 13:26	--------	d-----w-	c:\users\Xychor\AppData\Roaming\Malwarebytes
2013-04-11 13:25 . 2013-04-11 13:25	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-11 13:25 . 2013-04-11 13:25	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-11 13:25 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-11 13:25 . 2013-04-11 13:25	--------	d-----w-	c:\users\Xychor\AppData\Local\Programs
2013-04-10 10:15 . 2013-02-15 06:06	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 10:15 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-04-10 10:15 . 2013-02-15 06:08	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-10 10:15 . 2013-02-15 06:02	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-04-10 10:15 . 2013-02-15 04:34	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-04-10 10:15 . 2013-02-15 03:25	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-04-10 10:15 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 10:14 . 2013-03-02 06:04	1655656	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 10:14 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-10 10:14 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 10:14 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 10:14 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 10:14 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 10:14 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 10:14 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-20 22:49 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 01:02 . 2012-01-02 17:56	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-02-25 22:32 . 2013-02-25 22:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2012-10-10 20:22	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32	6262608	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2012-01-02 17:34	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2012-01-02 17:34	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2720544	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	26929440	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32	7932256	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	11036448	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-10-10 20:23	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2904352	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	20449056	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2009-07-13 21:59	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	7564040	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	1985824	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32	9390760	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-12 05:45 . 2013-03-16 17:18	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-16 17:18	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-16 17:18	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-16 17:18	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-16 17:18	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-16 17:18	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-19 16:58 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-01-19 16:58 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-01-18 15:00 . 2012-01-02 17:35	6390048	----a-w-	c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2012-01-02 17:35	3460896	----a-w-	c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2012-01-02 17:35	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2012-01-02 17:35	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2012-01-02 17:35	2558240	----a-w-	c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2012-01-02 17:35	118560	----a-w-	c:\windows\system32\nvmctray.dll
2013-01-18 06:15 . 2013-01-18 06:15	550176	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-01-13 21:17 . 2013-02-28 02:01	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-28 02:01	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-28 02:01	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-28 02:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 02:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 02:01	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 02:01	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-28 02:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-28 02:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 02:01	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 02:01	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-28 02:01	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-28 02:01	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 02:01	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 02:01	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 02:01	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-28 02:01	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 02:01	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-28 02:01	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-28 02:01	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-28 02:01	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-28 02:01	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-28 02:01	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-28 02:01	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-28 02:01	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-28 02:01	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-28 02:01	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-28 02:01	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-28 02:01	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-28 02:01	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-28 02:01	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-28 02:01	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-28 02:01	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-28 02:01	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-28 02:01	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-28 02:01	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-28 02:01	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-28 02:01	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-28 02:01	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-28 02:01	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-28 02:01	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-28 02:01	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-28 02:01	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-28 02:01	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-28 02:01	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-28 02:01	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-28 02:01	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-28 02:01	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-28 02:01	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-28 02:01	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-28 02:01	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Xychor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Xychor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Xychor\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"StereoLinksInstall"="c:\program files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" [2013-01-18 1041696]
.
c:\users\Xychor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Xychor\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-02 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Xychor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Xychor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Xychor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Xychor\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{BB25779E-744C-48F3-94DE-CD6F60A5AC55}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}\Service Center Setup PC.exe
AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{5E267FB6-2CB9-4677-A53F-58B022B7B66D}\Traktor Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1214052748-636940894-3971663584-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1214052748-636940894-3971663584-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-13  16:10:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-13 14:10
.
Vor Suchlauf: 7.512.190.976 Bytes frei
Nach Suchlauf: 7.987.273.728 Bytes frei
.
- - End Of File - - BAAA082116D9F10B7A84274D2717F0E9
         

Alt 13.04.2013, 17:15   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2013, 18:38   #13
Xychor
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



JRT.txt:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Xychor on 13.04.2013 at 18:24:43,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" 
Successfully deleted: [Registry Key] "hkey_current_user\software\pip" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" 



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Xychor\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{00C18AAB-417C-48BD-90B4-FFD84A6839C6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{00DA43B0-C644-4843-A8C7-14BDEA815DFA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{01FAE1AE-913A-4BCF-AA8A-AD52A1C366E9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0213B933-D090-4741-A91E-522ACCEC2AB4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{02BC793F-93A2-4376-ABE4-C3A545BD540A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0300FCB2-A674-4322-8365-7E317385003D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{031FF947-9676-4C6F-A16A-3874A41287BF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{032A2DE8-7676-426E-957C-C361AB3C5AFB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{032D1E81-3AD6-4548-8C94-CA5D7207001E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{033ED9E6-87B5-4BD0-B130-329E1A347F63}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{03711C17-A138-4EF0-93A9-846C4B307939}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0499CF37-AC5E-49E8-B9D0-93B34D8EBE13}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{04AE1F58-0390-4A62-A808-21047228DE6C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{04DBB8B8-75E8-4AA9-81CC-2FECE270F55C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{04E3A02D-9C04-464D-9032-38593BC7D89F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{05600FE2-47AA-4791-9488-3F409848FEAB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{05A38D40-FBC6-4C88-B2B1-2C802A95A677}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{061C667F-C548-4B8D-B41F-DD685A9BFD23}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{06375542-A23D-4C54-BFBE-EBB859476D31}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{06488DC9-C95B-4449-B214-24921CA183A8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{06A6E8F6-3A04-4630-8D37-78374459DD5A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0790A60F-A582-4DE4-91E4-D520F68B5F34}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{07CE4DE4-57EB-4DFA-A3B7-69AF1DBA87B8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{082810EC-30D5-40E4-8ABA-C5B3A946CF0C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0885479A-E2BF-42C7-B98B-4D2F4A161BD5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0918ABDF-11A2-4409-91CC-7F1656A7F4B9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0924F5A0-4F91-4781-8C38-6F20BCB0DF4F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{09802CB4-D908-46C8-A906-9967F8E1CA79}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{09AC6E72-AFB9-4FB3-9ED4-8153112345FE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0A23CA3C-4417-478A-ADDB-0AFDA40B501B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0A24A713-1F57-48AB-B2A1-90E234BF9DBD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0A261948-16DD-4616-8C5F-705884BAFB21}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0A5D9438-8387-4898-8537-372D0B583E69}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0A7A5B49-6769-4E89-A150-105CE7F6B5B7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0AA49A56-1B82-449B-A4C5-A9D7108D6455}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0B744374-9482-4D13-8011-3377A02D448D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0B7A03E8-2328-414C-9207-842CF70AB9BE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0B92467A-95B6-4794-8501-C4AA91BFA4EE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0C4244C7-6EAE-44B3-82E4-9C8BAA98268B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0C898A96-C127-44C8-826A-730415B1F299}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0CA82E9D-B451-4B63-AB9E-6CE6654C8A38}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0CD3D050-DE29-4183-A26D-C02D59BAAE3E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0D7F6F6D-A365-4716-9D2C-55EB0C435016}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0E209466-A812-420F-B7D1-DAFB19307B9E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0E83A931-B885-4C3E-A6D8-FD05EECF7058}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0E867DC0-5F25-4079-8CE8-8E5286E4A4D3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0E9030AE-528A-45D3-87C4-E6D7A54F7A9B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0E9E9287-252D-4E34-922B-FCF9228C622E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0EC604D8-5A48-4616-8C22-92B94F2ED36C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0EED4E32-9560-4579-ACE5-FB8A93FF4EE7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{0FC844FA-F1ED-4C90-82F1-1246ED2CC41E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{10533759-9494-4481-A0A9-38DD4CE9ABC0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{105D2900-B8A6-45A4-A322-7D795EE8E841}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{107F8878-1E8A-4481-B0D3-53E69483C965}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{10C181E2-F0F8-439E-A26C-04EF20A1FC20}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1160601C-FCBF-47A0-A79D-3CB0EA599120}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{11B4372F-9388-4CD2-97CC-AB6FAEC11AB7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{11E1A52C-C896-449E-A8F0-2A3C96D425F1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{12710110-7BFD-4F35-9021-1533EF5E86BC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{128FC3DF-998D-4759-A65B-919816795C1E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{12A8AD04-F28A-4D8A-9B5F-7E959FD2A86D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{12E22BCE-4D02-4AD9-BEE2-B9F0419BA9F2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{13E731EB-A926-4E8C-9660-29E53854E891}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{14CC84D1-CC5D-4562-92A1-BEB61F18C376}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{14E91373-73FB-475E-B01F-EC08A2434114}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1502454A-0898-4EB2-BD80-E8769A108374}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{156754B6-B2FB-431E-A286-905128E2AA6D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{15E3C094-BF96-4397-B2F1-19E117AE1EEB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{15E54439-A535-44CE-B6E0-9C4F718D5088}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1667CE39-26FA-475D-A167-2A046D0A7E23}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{16B4032A-7F29-41E0-8DFD-FC6BE53400AA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{17827547-7E44-4BAC-809B-0766FB540DDB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{18399853-2ED1-4E58-98DF-CFE2723A59A4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1841B1EE-1963-46D4-896E-3FD82D8CF48A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1870C5E5-63E9-4ABD-9CCE-35B5684DFBD7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{19C44B9E-B850-44A0-BA87-B60781AB8B6E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{19E53423-B711-45EE-A0A2-025A33F6FCAB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{19F4EB17-2400-4031-BE81-6418ABAB5F62}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{19F7A144-C6D1-4092-A80D-7486CD35D959}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1AD572B9-6C49-4CD0-9842-FF4C91393BD8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1B0793F9-1CAD-49EE-A203-7A52C48E8610}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1B640989-E499-4B6F-A7A7-2E947D1774EE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1B8AE4DA-A10B-46D6-AFFE-BFCC8A26258F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1BF39D24-3EE9-4CA4-ABCF-9483D9D51FEC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1C2A9E81-F0D0-41C8-AC5A-CB812EED3801}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1C4FAC17-FDFB-4570-A3A8-EAB6EDC686B7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1C793E8C-62FE-4B6D-A71A-1F9969305723}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1C82B0ED-B649-412C-A96C-8DA7BB22C249}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1CA85C93-1B19-478E-9C1D-94BAEC683BD3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1CB81F62-F3EF-44EB-9366-0910FD451068}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1CF78511-937C-4614-864F-28737D80BACB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1D712A20-E4CD-4122-BC1A-8A84384C0227}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1D7B1303-1E73-456C-8DE5-2F10BEFA717E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1D8F126B-8783-4EAB-806A-484468729852}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1D9279EC-6883-45C3-9B48-A1540D5D2E46}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1E0479AF-2A25-4E8E-B952-984B490C032C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1E8483DA-FB2A-4D5B-841F-0E47322D3463}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1EB70703-720F-4DD6-81F1-A02B6FBA222F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1FBE0396-C14C-4A92-8C7A-1F474A73F1D8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{1FE94156-0D47-415C-9464-3B8A5AABE353}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{200A7651-82DD-4E2A-9B18-5C1A3DE1DB68}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{200AF364-F825-4967-BDD8-39FB98558E9C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2026C873-9B0E-4663-A976-432B3C17E6F4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{20406EF4-B15D-44EB-8728-1427D8E654A9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{217D38BF-896D-45E9-9115-38F6F475F181}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2185A77C-8FA9-4ED2-8B99-03FAFC3D9B99}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2209C4CE-17CE-4BE6-A5A6-5358BA619DEB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{221FF95F-A8F7-450B-9152-419B144011FE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2267C16A-D345-4895-9123-2BF3D03A5A9B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{22DD7EC0-E262-4B22-AF6B-EF733BCF50B6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2390DB97-39A9-4996-8D53-CCFC1A26FDC1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{24A275C7-D90A-40D7-B681-6A6437AC7548}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{24C852F1-65A3-49D2-92B6-DD987B504AEB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{24F1577B-9DC8-4CAA-85EE-C9740736D105}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{25448C84-F583-4888-BC18-5F01ACB3BACE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{258DFC43-89B7-4028-978E-EFB736756CBF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{25A7E4CA-E277-42A6-A112-34F774D19938}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{25E431DD-8A22-4FB4-8F63-73D054FA0161}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{25E903E4-816D-4FA6-8A38-36BBFBC2DF4E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{263B9465-A890-454F-9515-D9D30B1315D2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2668562F-2A1B-461F-9991-BCD36CDEE328}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{26F4202F-875F-4D7C-8C11-15353B5DF8A3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{26F443F3-9341-4A20-88ED-4C4F9B33D13C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{271A8324-C42A-4467-8C09-094DF921DEE7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{27686C3A-70B6-447A-9F23-0F1C439D0113}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{27C862B8-BBDB-488A-91E2-1377B50EEF9F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2844C70F-12D7-4929-98EA-D141CB9D971C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{284A7577-4841-495B-BD02-0A1B54AADB2D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{28A26FDE-B014-41B9-B8F7-047634892111}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{28A6343B-4100-4ED7-9B08-88AA735CCC47}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{28D5C49F-0A05-4445-888D-A9B9E5B460FC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2900EEB2-7344-45FC-94F4-A252A03D88B8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2914397A-7C41-4C87-8285-6C849014C08B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{29416585-9C81-4883-8022-3AE9D588F3AA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{29ACE925-E914-4DA7-B6A1-4BE9C1831BA4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{29FF2D27-B793-425D-9A63-418C9751616D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2A3E1648-CA26-4A06-86D7-DEF6A7696281}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2AC1E704-2BC7-4542-B4FE-404C22F8219B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2ADD979F-A6B3-40B1-89C5-86F5C73ADF9A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2AE22264-0EB5-4723-B3CF-F5BAC174083B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2AE38E09-65EA-40EB-B5C3-EDBE08674BBD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2B271289-01E2-4323-83BC-AF34AC0033D2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2B491528-8AA0-4D24-9581-21D3A8A3F5A9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2BC50E52-9B20-4FF0-B0ED-698A49A5F1E4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2BDB4646-47BA-4C66-AED5-3B1AFB0B63A9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2BF759A1-E757-4A3C-9B3A-C6AFE6F33327}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2C4BF22A-1B85-4816-B0DD-18DDD547ED96}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2C98B0E5-7130-4224-8C6A-0DEACF0F6C91}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2DD7ACC9-46D9-48B6-B9B3-E961AB285170}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2E171D71-CB2C-4C18-AC2F-AC2480BE1BC1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2E651E22-97A9-4FD7-A04A-F29E023D64FC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2E7FD20C-1EE6-4F6D-AA2A-E85CEE8D9472}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2F108698-DB03-4794-902A-729BEB990351}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2FC1542F-6B23-4AFA-BE3E-D880077A076F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{2FDFAD2F-1E3A-4F8A-A500-267B76EEB1EC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3007A1CD-0761-4F69-B1EB-1DC98147645C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3029500A-D641-4E2B-B86A-B00A18BA985A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{30A802BF-CF56-40B1-97AD-E51FF8AAA950}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{30C01365-A6B9-417B-9760-DE5ADA39E094}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{30CC38B5-58BC-478F-AC87-131A2D17DD9B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{30ECF19C-50B9-4DD7-AB4B-BF6C69B16B8B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{30FB5188-04DD-47E1-AEB9-B3D65981282F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{317343F1-2F10-4DD5-8E72-4F9F7CDCF024}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{317F345F-4A02-4EEA-BB48-46EA24633286}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{319B813C-9D90-40AA-8AA4-611605CD2DF9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{32965AB2-934A-4889-A077-D55D35D4C297}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{331E5C98-791B-4687-86B8-17DFF8E00E8A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{33ECBD32-9082-4156-98E4-2667B9FF4137}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{33FD8349-69F2-49A5-A57E-5D58143DBA16}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{34007997-FF4D-492E-B258-938A5A830B0D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{34C75458-78E1-405F-A3F8-34E52B972B0A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{34FAB1EE-A182-4264-A64A-2FEEC0EE90E3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{34FF7425-6037-4934-A662-BE2BE5E715A9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3522DA66-D0FF-4A16-9830-DEDFC3F77CD5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{358494A0-D8C6-4F11-A4DA-125F47EC27CA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{361FC393-C0F3-4B3A-897D-1E96D5870765}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{36434DC3-5FD0-4405-BE96-C89D51697616}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{369BEC5E-4A4B-4D42-9035-C7169BD23CD6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{36AD99F7-E011-454C-8E7B-731ABFA15EC4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{370465B3-A6CC-435C-AF8E-0623BC0CD8B9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{376826BF-72B1-43B6-A106-82A9DEC9F00C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{37E1C22A-E9BF-4CAF-8260-52113F038021}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{37F9EB3D-5FE6-446B-86FC-A89681DF8348}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{380A2776-8B66-4F6D-B2B4-F2B4127711F8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{382562A5-598E-4205-B015-20F0535009A7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3942B5CC-CF21-4376-83EC-DE3599F56255}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{39557786-EC19-4C79-8795-DC9246632C25}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{399912AC-5413-4717-9C72-E542727BB989}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{39E4EB2F-A8A2-4357-81C5-C350719D5337}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3A471106-CA4C-4C6C-AFAA-B7167DA81830}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3A848C0C-B6D2-4B2B-8D16-20599F54A1DB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3A85A81A-7CCE-49DF-BA81-926960543C50}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3AFBCDA7-C244-4782-B5A1-0BD37B66529C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3B24FB81-58F9-4C30-8D6D-A02B5249251F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3B702D62-50C3-4867-847E-BBC7F82D33A2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3BE083A6-B977-4800-87BD-CEC60A5E0916}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3C56D807-624C-4080-9018-CCFEE8086684}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3C6403B2-6A08-4B11-82E3-6567CB6AC79D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3C8F76B4-347B-4A9E-A905-741D2FC0DB2B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3E0851B2-5C8E-42E5-9825-098D195EB000}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3E2D2EAE-6D53-446A-8FDC-237D31022F1F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3E72B3F9-1255-4677-91B8-2BE1042D7C8C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3E9A6CA5-23E6-4240-BDCB-F2A556AE216C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3EA7F097-D2A9-47B8-80AF-7EC0235EFF4E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3F311116-E8CA-4CD6-8820-1FBE862F2F36}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3F50A559-D740-4472-B2C7-1DC338195A9D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{3F59454D-5FCD-47E6-BF40-FF0060994CDF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4005C93A-8412-42C3-A52F-54F6F43C1122}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{40482B72-4CEF-4E27-B783-038292322AE8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{405EA47E-705B-40B1-8065-C1D8B3247772}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{40AEA0CE-CA6A-4B78-AB5B-F98BC9E45C6D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{40CB2F42-6A70-426E-ABE9-CBDA1CC88FF3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{41733D8B-4A12-4447-B293-60C99F7C7B1C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{41884B03-0D00-47ED-88B3-1712E3D991D2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{41E15F49-4985-487D-B6B2-7FAEDD7CBA45}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{421A5AAF-FC74-4D4C-AF45-D840F391A194}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{421E44A1-118C-470A-B8E8-760F35D0B858}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4270427C-9682-4306-878A-82B234994359}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{42998214-54DC-4EB7-8480-A0F8DC1AF0B1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{42CEE6F8-095C-4910-8740-DFF3F089AD7E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{42E336A9-7CF2-471F-B84C-80BF0CD402D3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{43304A58-F33C-4514-824C-3DCFBB25821C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{43A71555-6782-4F65-9231-E4D0713A6DE1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{43AD3F33-B9B3-4650-94AD-96C2A498836B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{43E9083C-AF9A-4152-8A3A-1E9A9A01F6A7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{441D988D-0F75-4ED5-93B8-00EF3D14BB79}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4438424E-BE49-4FC9-BBF1-26998FCDD4BF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4457FCEC-B92B-4BDF-8E28-705190712213}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4488173A-BA02-4820-9519-E9031CAB618A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{44B8AA86-C259-42A8-A6DE-8F7E7066BFA1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4518C2DB-97F3-4C97-A835-F1E4DE5927DA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{45241651-7FDE-44D9-9EA1-F525B1FD0F01}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4591C039-18C6-45A8-B113-019B35DD9C01}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{46BA8985-813F-4882-9915-7D7ED03EDC11}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{47520CD5-11CC-440D-A88F-195DD17D3862}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4757A887-78A0-42E8-BA2E-A6C909741011}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{47597434-58C2-48F8-9E73-81A90BB883D8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{48644440-ED1C-4B86-8F5E-EA106AE8D175}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{48AB6701-6D21-404E-A678-C901A3A4C084}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{493D16A1-94F9-40CD-9455-45C830F50031}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{495B3329-01FC-446F-A7D8-CA255E892543}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4A87C110-63AE-40C0-BFE2-087526B7A119}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4ACB9C5C-F75B-44DC-A360-4A8D63424A2F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4B10A77D-F8BD-4AFF-88A0-342B3D05CFDB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4B5F77F0-4C0E-4FF0-91BE-EC639B2B6AA8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4B86362A-67F8-4D1E-80BE-CFD4964B6C9A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4C577686-97CB-4CDD-ADD0-340DD4893A16}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4C588928-5E2A-4AF8-BF3B-F6D014077636}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4CCA9453-01C5-4D25-A6D0-A9DEDBD44E3A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4CD13F40-03BC-4745-85CC-FF86E6F29B91}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4D5045BA-AC08-4F68-AECF-5C66232633B2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4D578D7E-480D-4162-B15E-C36776BC86D3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4D631DAA-E6AF-4C15-97E4-83E91F88B94D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4DF1CDD0-DED8-446B-A202-88403692F835}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4E425BF2-A508-4BB9-9861-AFDC5828082C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4EC91941-F0E4-4F3C-A5AE-9FE152C310B2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4F85F2F9-8148-4B37-BACD-385D334C338F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{4FC3B414-B97B-4993-A283-F0AA87E2B532}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5043B967-F7A1-44F8-9248-073A20965A4C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5046327D-5B33-4E36-8C47-35B2DC926A05}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5082CB67-BA36-40E9-911D-D8835EBBDDC9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{508AF26A-3415-42B0-9491-B47FB686D3EE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{50C4548D-003A-4469-BBED-9C90EFECA149}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{515ABEEB-D029-4E71-9D73-036E14051A96}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{517B6E67-3145-4023-8E11-1FF223777025}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5216681A-773A-41A8-8379-8FD3EF4BA572}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{523F677D-CE25-4514-9C52-BABB0A9BD1A2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{52EA941D-1040-45CC-9FDC-4DB13FBDE8AD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{534FDD77-1B15-4C3B-8940-7648596D0785}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{540D9F5E-F55B-41DC-B914-4A5BDD6EAAA5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{54117943-4386-4C27-8077-DD5AC00CEAD5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{547EEBFD-5EB4-4D0F-B1DF-D1016A076DF1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5505B212-656C-4BD8-BD8E-8007CBD04844}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5550BC31-720E-4E4D-9BEC-AFEF4DDE9357}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{55998C91-426F-4A89-A108-AFC4389D5F46}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{55DD65C8-CD85-437B-B610-7539BB249B71}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{56BBE558-E7D6-4813-B2BF-FEA20559C244}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{56F62617-9747-4F05-9D6F-25B142E872B1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{570188BC-3330-4CC0-B6E4-EAA9AB21E579}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{575EECA6-AB5C-4892-A5CF-7B9BE5027CE0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{578B05ED-50DF-4728-A2F8-80140CBC71A0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{582E85C1-622F-4F88-A541-D3C5A7C5C9F8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{58B024FC-19C5-4FBD-A481-DE6117C4E429}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5906BCF4-EF5C-4269-A2BD-C2F7E617D3D9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{590E3B68-E66B-4825-BF17-0E715176592F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5976C7F6-11C5-42D1-871E-40E77AE2B0C0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5A0E8D26-FBA0-4179-B52C-B5720C93A1C2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5A37BA1F-077E-471F-8EDA-201726496D62}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5ACC953F-E4F3-446A-97BD-76CBD100F52D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5B752C74-FCA8-4832-A828-1C40091C0F84}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5C0E3A9E-2155-474A-A455-FE6A583503DE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5C289DA0-2BC6-4E84-BB88-68223869FF13}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5C2B596C-2136-41C4-93F3-F4FBA45708B5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5C35B4AA-8B82-4A25-B040-1C099A7A72CE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5CC324AC-D12A-41E8-9B77-096A6036CAD6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5D4D8728-24FE-470B-A9EA-AA27E27FBB62}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5D6E72A9-1D66-450A-820C-810668C5AB89}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5D775067-4783-4E18-B4BD-E6E1B0B01645}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5DB89185-E7B7-49E3-ACB0-82BB97AD8E59}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5DD1F072-D3FD-4D47-99AB-ACCFFB5130BB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5DDB1DF7-62AE-429E-8D32-C67502B9D537}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5E822A3F-3688-4FF7-856F-0237CBCDC749}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5E9FB0B4-6130-40A3-858A-88140D4A016F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5EF0A78A-A2F2-4015-B8A6-52554CB791B5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{5F2E4DAB-9A2A-468D-B450-A76C14671AD9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6106A42F-FE87-49C7-BA3E-5FB1BAAA4C91}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6212DCC2-FA01-4B1C-A6AE-815F3E73325F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{62707DFC-22B0-4BFE-87B3-B9A265A91DEA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6277498B-6835-4D62-B73A-30264944C861}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6324ACFB-A364-42DD-86CB-6FD622AE50DE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{632C3DD3-5EF7-407B-9C4B-C72B318E8820}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{63779810-D9F8-40F2-8A9D-26F8F373D4B9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{638C7B8B-F833-4A63-B7EC-30F2C556205B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{639DC56C-EE40-44A3-A6DB-48BB2C8DD6CF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{63C322B7-75B6-42EA-ACBE-EA1703ECBC26}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{64C6759B-3096-4D10-A9A5-C200CB249B12}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{650D05E0-3687-4158-BAC0-9334E3956217}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{659E5C07-5C81-422E-982F-76F0C6C76D1E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{65D55836-A0DB-46A5-A240-E6113CABA914}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{661545D1-E925-462D-9560-560C8D50B40A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{66540D99-E993-4C2D-BA73-769D07E49E15}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{666F7D52-C06C-4EB8-9475-FF0BDAC7277F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{67676AEE-3F94-481A-950E-925CD2D8EEE0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{67C5BC93-294A-4E8C-AC4B-E5E6D5C83F7B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{67C9734F-2597-4E92-81A9-FF46852A7FD8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{67E99194-9654-46FD-9FF8-3A8EF15CED4F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{67FA5660-6262-448A-AF11-3806B21A0D04}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6808C353-4089-4C70-8A13-879860EE4DB5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6857F17F-524E-4F72-AA0C-167D90479ED2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{68806340-CC99-4588-878F-655DEE88F4B3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{68911087-D8C9-4FD1-8176-7FB3C005667D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{690DEC24-DD0F-431F-AC3B-885DECE7FF81}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{69252517-1DEA-400F-8A3C-3F7A1835B784}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{69A1E622-4C95-4C17-BEE5-695CD55F2BE2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{69F19B4B-331E-4F5F-84C5-C53DCF96A956}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6A108AE6-6D3C-4ABA-9365-A5F8E044CDB5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6A5021CC-05ED-477B-9AAB-EF9EBFE888C1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6A6FC6C7-ABAB-4D97-B73F-8699C57FA03C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6AE3DA27-4673-407F-BB55-0D28F04F25A9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6B9E2290-53D3-40FB-B701-3FC59293E90B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6BAA8D6B-24E7-455A-ADB2-33EC4DCDE747}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6BD716AE-5830-4E9A-87F4-270F294B2227}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6BE5F363-6789-4B20-BD3B-491A4D635045}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6C148E6C-DC93-4CA5-84D5-445898D3BEE5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6C4238D1-4CAC-4840-9692-E339D43C2A18}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6C58DC0C-2C1B-4771-BE91-AB4E9E5DAC82}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6C7C1AF5-1113-4EBB-8811-50F98B85B30C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6CA8F7C7-5340-42E4-AC5F-EBD61A719E6B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6CCED6A0-B2C9-450E-8011-70FD7025015B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6D9A14AF-EF5C-4A00-8646-B9B7759553B9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6E6F6835-0DA0-498F-8158-6BCFF44FA87A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6E8FBA16-FF87-42C9-93E6-0C941D8DD665}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6F20DE9A-8603-48E6-BF70-064A7323E9CD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{6F3D0D9B-F9D6-49A4-B9C4-24E25497AD23}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{70086CBC-3391-4EBC-AA6D-1919E92E9A1A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{700BFF87-C148-4909-BCD5-9B11F62726B4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{701ABBDE-69E1-438E-985B-C39ED9CCF11A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{70635E2E-3AC9-42D3-8300-1ECA0609D1FE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{713D0932-9AE3-468C-8306-C7A425CFF72C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{71943708-5ED6-4391-A8BE-B215F35E104C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{71AAC8F7-4882-4757-83E5-90F10A2AF923}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{71C109E2-A418-4BEE-B413-15D02083B347}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{72154209-B80A-4C0A-BB71-762A442CFCA5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{726CD78B-EFA7-442F-B034-056011373901}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{729AADCF-1775-40D4-BBBE-7C2E6A5CBBBA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7310E0D8-FA01-4A5A-B7F8-3717FC09A9F0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{734BD171-1EC9-48CE-A88A-518D99DDAAFF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{736111D8-C526-4C93-8AA6-23B0056CEB2A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{73C86FF1-4649-4153-929F-729C4A828835}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{741BDBD1-2FE1-4CAF-AA0D-146C5F161DC0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7426E6F6-5BAA-43B1-BE15-C9EC99D6000A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{74717F6D-B55D-40C4-9E7E-D64FB8480BD8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{75229BC8-3715-4FFF-9B14-E263A0945C09}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{754965B8-6473-468F-8C75-5D2F8FF17937}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7559CF24-3668-4371-83B3-970DBB909130}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{757F9C8A-655C-4DFB-A240-1523B10D61F2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{75A4F196-B1D5-418D-8C26-6502C611AD4F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{75F06620-212C-4347-8912-A5AE9A7AFD76}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{76187244-F489-482B-AAE9-77DDABDE9B3B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7634103E-BC17-44EE-B936-FA2E47A0E9CF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{763856C6-F3CB-4C91-BFBC-85C6DD10B3CC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7682024C-18F7-4384-9279-0E9F722E81CE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{768690D4-1B4D-457A-8142-2A591BC7CD9E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{76C22769-2993-44FB-8F2D-B5D0A5AE937B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7701E32D-5FFE-4674-A8B7-96E59207552F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{77503A08-EF01-4F4F-939E-2DC9D5A957CB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{778D38F8-6ED0-4F35-A6A4-8813DE0E6509}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{779BD112-74C0-47A5-AB50-6C20B5D836A3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{77B41D72-8435-454C-B5EF-5CB9164F5AE3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{77E1E3C8-47AB-4D71-8999-BD9DDDCC4E5F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7802A612-01DF-4F27-8632-F7A80D5FB01B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{787FFA82-5444-4425-8118-FCC377F62B78}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{78B3D24A-E2C0-4373-B1CB-0A344EE622E7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{79EA3FCD-1BE8-4E2C-BDFE-6042BC2DFD5D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7A61E4E3-5D66-42CB-A767-2B928CBF05C6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7A9FEA45-3192-444A-A382-E33F9BACA2C2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7AD609F6-CCB1-4ADD-8FF8-6E0329C1A699}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7B7A6789-5DD3-4D99-A792-DEB13C85CC95}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7B7A693F-7D36-411E-A2DA-DF9DEEBBBFB7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7C165032-425A-417C-8ACA-CE867FC1403D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7C67C31E-4935-48DF-B7C3-870D18C0E8D9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7CB0095B-6212-47D3-B81F-E76DDC75AEB0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7CB3CD24-E16F-4AEC-A401-3FAB295922BC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7CF3875A-371D-4368-BF77-17F3F4219409}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7CFD64BD-1E98-42BA-915E-F18F3088DE94}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7D2983B5-CBEF-4F66-97E8-D9B8874E4D06}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7D7A45F5-CFEE-40BF-85E9-C022B40AE274}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7D9CCCAF-2FD0-4DBA-BD2D-29DE2C082F61}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7DFDDDF2-BF81-43D0-B99C-67BF9C99F4F2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7E08872D-7373-4258-8F97-636511BA5581}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7E2A72A7-13D2-47F8-83D9-982755E516D6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{7E3FB026-7DC3-4233-8AEB-4287DFDEEE41}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8002865B-0D3E-45E9-9C01-72BCF76FBF09}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{80122364-EB38-411E-87B6-DD0AC3A1F10B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{806CDC56-4779-4DCC-9BD4-884B323E4DF7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{807C06CD-A71E-436E-B7AE-DC98D00FE36C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{80E461BA-40FC-4CCE-9584-D5E47645C880}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8109271B-2708-461E-A4E1-68C5FC01FE14}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{810A1F70-4394-431D-AEE3-C346E2144885}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{814381ED-9E50-49C5-B7A5-D4037E7ABF69}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{817C13E1-21D0-47D0-8483-2E97556B7DC2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{818D50A3-02AC-4177-99F0-1CA775F7C2C9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{81A983C8-19CB-4403-82C8-163EFEE618A4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{81D1DAB0-61D1-4D67-8D93-BE43115C5887}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{81DD6869-830D-4E0D-B5AA-C429ED537228}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{81F147A7-343D-412B-BD80-C81791C78657}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8222B8E0-DD7E-456F-B621-4641C09E7CBE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{82D96C4E-61F0-4CB2-9333-E96F703CF2EB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{834EEBF2-AACA-46E0-A8A9-C15A9B416197}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{83FEBF0B-6A24-4BC8-880A-8A4B2FED855C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{842CDB28-93F1-4CAF-960D-76A222D54D3C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8450748A-1817-44F7-BB04-66AFF0979CCE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{84525B37-68A8-4AB5-B013-1B8BB37C008C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{84D833F1-5C1D-4625-8CE3-D4F523120B3C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{84FFD680-F4F9-4766-8B38-AC106993C061}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{850B3473-234B-4C22-AF11-552508C9952E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8522EEC9-B1AD-4A31-9068-40CB5C0E3EFE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{855EB1ED-EE6C-4B24-9707-AEC7CDBFF466}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8581154F-4ED3-4CDC-B733-B3BF40FB6EA3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{85916747-FD26-4AF5-96B0-21D8C8F468A3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{85EA437F-CF9C-47A3-9965-D4D6FDB0B26F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8610150F-7D4B-4A9F-A477-2869019D9403}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{862265F0-690A-4E9F-A809-28A87A7D48AC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8642F33D-D3CF-400D-832F-C6A1EFF841CD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{868C1327-03C9-4B9E-8A8D-8A440454CFC9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{86ACF132-E8B9-4ADE-9816-D2B7F0BB2853}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{876AA544-70F1-4427-B36C-81AEC5443202}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8A44C821-96C4-4DAD-B2F3-9A1C449D9F1D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8A65C481-A9D9-49BF-A34A-D9D86A9FC607}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8AE10E25-A340-4683-8E49-58B2FA39846D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8B2CB58B-462C-475D-8B16-53453CCC9E16}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8B3A1BFC-FB40-492F-8744-0BE08C6A723A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8B750D22-46AB-4BE7-AD92-A7966A508B0C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8B75ECA3-F666-4324-AEC1-3D229227E2D6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8B7626E3-1CF9-4C5B-A7AE-D4268C956E14}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8B81401F-F4E5-4E35-85D7-F0E4185EAC2B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8BC8A812-6080-4EBF-89E3-FC0D35B66C9E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8C0E143C-3F1F-45AD-98BE-30580BFED75D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8C88E408-B06F-4117-9C6B-5F625084851F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8C9629E4-B9EA-4F59-B670-5089C5514C0B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8CC21BD5-6225-48BA-AF2D-C5D79C143CFC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8D2FE5E7-492C-4334-819D-D8845DB22122}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8D3D1F64-1A31-4F84-B8FF-1B67409F80FA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8D8DA816-DC1C-4ABC-9B22-8CFA80BE5473}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8E1F43AC-FE60-4D79-9391-8F24D02719C1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8E742759-B37B-4763-8109-B8622D9298CB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8E951C32-5017-4567-AE71-97BC64A22C5A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8F71E00F-E4F5-483E-BA42-90032CC4A060}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8F7BD6A0-2BF1-4B3C-BC58-2ACFBCECF3C2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8FB2C667-96F4-4527-BAFB-DFBD3A6EB601}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{8FFBCB3A-3D12-4E77-B185-6EC1ED1C45B2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9007ABBC-6FF2-4BB8-8487-88376619B501}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{90B95132-942D-4F2F-A24E-D1CDD04CAE6E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{91965562-8262-4C30-AD11-52B38F4E271A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{91A1C7A0-245A-4EA5-924D-6E70818CECBE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{91DE2FEF-76ED-4FD5-A67A-E7F87463D246}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{91EA818B-37ED-4832-85EB-1A5694A5ECDC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{934C1EC9-E2B4-4D36-A798-2454FE838E54}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{93E76B23-DC98-4200-9D40-7A0F22505105}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{942C997A-8D66-4D3C-B3EE-D545E82287B8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9431AA7B-5C84-4B36-8E1F-87950B3539EF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{943676B0-0AF6-413F-A24B-3CCEF4C1633E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9439FFEA-E4A7-48DF-B16D-032C6B0FF26B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{947ED6C5-A521-49F4-BBF8-9A01C34062BD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9487A901-F23A-4C39-839E-656714C86E31}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{95187D3B-DAA8-4D14-9786-09ADC87BB364}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{95551082-0E3A-4CBD-B4A4-9DFEB8C7B4DD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9556538A-B5BC-4FFB-A0E8-52467D22C98E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{95758236-1362-4ABE-A1D3-4940DBB86E1E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{958CAE67-AB58-4A0B-AFED-D42876946A27}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{95A1B195-4A81-44B2-8328-A13853A340DE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{95DAEB6F-28AB-4011-A29A-4844F8E5CC5A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{964C8E5D-5469-466B-8028-7DD9AC7263D8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{966D530F-BEB1-4812-9D13-83F31478F0E0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{96DFB8FE-AA74-4A5C-877D-61CC31FA56EB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{96EE9500-2110-406C-8B29-1812C8DAD7E8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{970F6A7C-9EBC-4FD6-AFBB-3548C7FF9496}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9737109A-E14C-4621-B542-86BD496D692D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9738D988-6195-49BB-B316-C4C781908988}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{978CC28D-7487-4968-8681-4C6854078B0A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{97BFD76B-FF63-4280-97A1-FA00FDB739B2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{98A8A1E8-F8B4-4E4B-998B-2F7D079C4B0F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{98FF33D2-2FE3-4DA5-B678-7950F2C73555}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9916EA97-FCDC-49E8-A29B-9F6744509E9F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{992B16C8-F7CC-4491-9AFF-D99EC023C4F4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{995C80D4-9632-4E33-B926-015267CEA2E2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{99754FF3-1924-4CB8-B63B-6627CF43105D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{99A9A9CD-27AC-4758-94E7-591E803F4A43}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9A09CCC9-4B22-47B7-9C59-930BF34CD040}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9B10870E-3097-46B3-974C-95346391CC04}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9C2AE8F1-7F5B-450D-BC25-1796F309C5B1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9C5E5615-3B77-4366-B126-E4AA9CFE694C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9CC8D174-FF6B-45BE-84E9-556A8E263CF9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9CF748DB-ABAE-4DB5-B0B4-F6614715F433}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9D61E619-38C3-49A7-9D0E-3347F6774256}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9D8736D8-2D70-4C4A-AFDA-6FE83BFE9B96}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9DACBCED-2303-4800-B666-CBD1DBCAC1B5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9DCC058B-E39E-4AC7-8157-2927926AA49C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9DF0206B-89CB-45A4-86A8-B83EEB213D18}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9EE27B0A-A682-4176-8859-0E31E5711C9F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9EE8E482-9583-47D0-A87C-2F302A30C042}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{9F2E8FE3-8C24-41DE-ABB8-DF2E115BC965}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A07EDCB4-568A-4267-A437-944687B93220}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A140B0AD-04BA-4AB0-B925-F57D1B1076D4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A18AC677-8FE5-4E8A-9A4F-2C9E98CB347A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A197F194-AEF8-4665-808C-7A851A6FFEC4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A2533175-D46A-448A-B8D5-494A1A40D8C7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A25FF71E-DA38-4585-9F15-19670F3C6AAE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A2693348-2415-4D4F-9321-A9AB56A15B10}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A2E574CA-2A2D-4469-B6EC-976983B6FA35}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A2F9B42C-F467-4948-A6A3-8D752D40672A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A35BEA2C-D34E-47D7-B444-8D8980169AF2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A3A44427-8AE4-4995-8567-F1761F00B90C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A408AFFA-0C45-4F6B-9010-5A68AD3E5E1E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A45F6516-2005-485B-B7E5-067659FC296C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A47937C7-461D-4573-8278-D0DEF9044FF6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A4A5EB63-126C-41E9-8246-8A9AB277FD7A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A4B410D9-7EE5-41A0-8F68-8B0F2D7B5A50}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A56FDD0F-0337-4318-AB9E-4B63C20420EC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A58D5851-0399-4C3C-AC9B-9E5CF6AD4DE9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A606B227-AE1D-492C-ACFA-C4FA09DC3720}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A60C0397-0D52-4558-8D9C-08FC4F13D622}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A633535A-9C75-4EA8-9A8E-2F95E51E5425}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A648234A-FEBC-40A7-BC07-84578867D732}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A6894798-E224-4727-9A7D-96DA69B08998}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A6D27031-B41C-4330-AE1A-7B9B152D4ECF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A700E4E5-9BAB-48F7-91CF-14103DDA2DF6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A70FF2CF-1E68-4F10-92F0-8F92FD660EBE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A7522B5A-C14C-467F-ABBB-61735F457B3B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A7C1974D-A6FB-46AD-8B71-FCBF8DCBAD24}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A84D33C6-57E0-49B6-8EEF-67F34A932DCA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A86ED54A-CAAD-42A9-A068-5D1E711E715B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A89A52DF-1B94-4524-AD4E-4C4CC0BDF458}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A8ABE749-5B86-4CE9-A3F8-07B8AEBA06F1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A8FF416E-D3C1-441B-A134-58E9C162CBEB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A94EF875-DCC0-400A-A43D-605A43C82A45}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A95B1DDB-1F00-41A6-8EAC-659A063D81F1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{A9B816F4-3B84-4781-9C29-F021091A4294}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AB370D30-931C-4531-A33E-185B398FF430}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AB6D6707-83D2-4F13-B504-6CF8FAB282A3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AB750317-EB85-408B-AD4D-A594A9E37B0A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AB968AFB-3EF5-46C7-B267-5627AEB7A4D1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{ABC0F377-1146-4F8D-A2F7-4F1EA8907A42}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{ABCB4670-D52C-49BD-8381-B9EB0FFAA250}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{ABEC21EE-0E9A-48C1-94B5-207584CA0272}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{ABF3B88E-B444-43EB-AF87-67DA5C10A880}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AC2DD14E-CBD4-4C21-B136-184C92FE2694}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AC6D7004-D7A5-48AF-BB74-6216D8411500}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AD257CCE-C103-4F79-A58F-57DCAC87BCF1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{ADF08929-7312-4E82-8C54-FC48A200C253}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AE85BC34-F252-46C9-B02A-5772B3E5EEE6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AEEECE6F-217C-4801-B111-9645330ED1C6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AEF345D9-519A-4541-9319-7726A6CBA1B5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AF2194C0-BAB3-4356-9980-83680204EF24}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AF2C3F94-3244-48DC-A951-7C2994C08BCF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AF2E35F9-2288-433F-915A-22673D139F29}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{AFDE84AC-659D-4CFE-A0E6-78FBD2B528D5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B0C268E3-96B4-46CB-8A5F-7887CAEB893C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B0D69EDE-8465-4B83-92A8-0C11F3C03EA2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B13BCB00-EF40-4324-8910-14A0B5EE3586}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B16C7C7C-44AB-45AA-A8F4-CF0BCEDB6AE2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B1A989F0-A6D2-4FC9-A5CD-059C37B8C384}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B1DD525B-BFD2-4376-BB52-B78C73696794}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B1E075F8-2DA2-4441-9EB6-275A6807C139}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B1F08D0B-94CC-45CA-ACB6-A72B3C52BAE0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B21E4800-ED45-4421-9D57-0BE9475D6FDD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B22498D1-77B9-42CE-980E-2F15127A28A8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B2359CB3-6E03-4CC4-BE85-5F7DA9C21478}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B34DE5CA-1893-4C86-929A-7A35CC083687}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B37E4713-32CA-4706-8DDD-E54740C4CBE9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B3FB30B7-6FA5-4C7A-90FE-AA41336ECDFC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B40E7E4C-C7C3-45B5-A2F4-FE650579812B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B438527B-B7E8-4C7D-8AD0-713C7FAFF444}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B4E8D77E-C9FD-4963-9126-B0714625A2EC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B546E3FE-2A48-49F8-A68A-559CF4EB2C55}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B5981EF4-9FCF-45D2-911B-2E19A3B9A48D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B60A4899-09D9-4301-8F44-8CF20F971564}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B650BFF6-1EE9-421F-A37A-9893E6BB1BBA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B65BC451-A80B-44E3-BC09-48009FA5DDA3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B6E1F121-745B-4FA6-BCD1-D9F10F3066A3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B79FE621-77E2-4C6C-A60F-1B782CFFBA45}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B7B4F1B8-A4A2-46C6-A9C3-8FBF34EDC473}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B7C5253E-FD22-4843-8969-9B9E66E85F46}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B80956DA-8621-4C2E-B8DC-F4C5EAC2100D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B80AF208-2248-4823-85BF-D4BF46CE309C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B80E08C5-76AA-4C59-BAF3-2972B64F92F5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B81FF2C6-FE0F-478E-9040-DF8A390DA446}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B8667179-5A35-42C7-9710-D597844216F5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B8885F2D-FB4C-4518-83E0-A5D8DF8A6318}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B8AED3A1-6AA4-47B5-8474-8E4F4E5E5419}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B8EEC9A6-0B8C-45C6-BC91-F14071A77B80}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B9081EE2-EF35-4F21-8A0E-456F65DF2781}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{B90B072A-ABFF-4526-A9D6-9CE546CD41CD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BA7E0727-8DE6-4D46-AA12-4572DFC6CD97}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BAB763B3-CBF4-4913-A7D5-6BCE312B6FF5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BAD4B816-1963-4BEE-83EA-6208F2658F36}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BBF2BFF7-FC3D-40E6-A70D-352BE3090854}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BC295DD9-3E91-425F-B2F4-3F2B6F1FCACE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BD0C3F25-DD55-4AD0-AB08-1422BD937ED8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BD6C5D1B-09A2-43B6-AC6C-512191A4AC5D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BD7FD897-6AD1-42FF-B32D-5BE1C590F904}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BDA08EC0-AC0B-45CF-B4DE-A1241066BF55}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BE0A87EC-D7F7-47E2-8E38-4A322071E03C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BE3E2DCB-07D3-4419-BB6F-E5794581F5A8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BE529BCF-BC26-48A3-BE07-7570D0BAEB7E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BEAF6313-3C1F-4D0C-89EA-9FC0F2CB97B8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BEC33A55-6EAE-4F18-8AAD-8EFD2CAD2986}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BF1EE9E6-24FA-4269-91BA-7898DA76805D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BF217971-E6AC-4CBD-96BE-A36A3B1EB903}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{BF7B6A22-FC8A-400E-8F03-BBC92B8671DD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C0A14A3B-3530-46E8-8576-AA074D2854DF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C114A51F-636A-4087-B17E-CBBBC461755F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C1415099-B8DC-4687-BB31-15A9F3B67E1E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C148C44C-0245-4AFF-9DE0-B4D4DAB1FD83}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C1839F3A-B0D5-447F-A69E-CC9824344D1E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C1CE6638-BE4B-480E-9AC3-DE5DACC575B2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C1D7A628-5973-4F27-821F-5CF443B26B7A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C205A233-143F-48A3-88C6-40E5E380187F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C20DBE69-AD72-4B7E-8B6F-34297CA4C084}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C23C410F-E7C3-4644-B19A-DD7E1B2DF4D1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C2A954C5-A631-45FE-98DE-D3F56EFC5688}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C3512884-5D3C-4AB4-ABC1-76AB55C5E0F9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C41A9D36-3A0B-49E8-AF9D-AFC87F778F31}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C4758262-444A-4461-B42B-B6313FEAEE08}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C4CF8D83-1A53-4E01-AF82-C7930EBB4EF1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C575623F-1C54-4B3E-BB71-C4EA0278A80D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C5AA7CF1-ED57-452F-91BE-AC3707F7F0B3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C5BBB235-323F-4F0D-B46C-80141A8B2947}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C5BFDB15-3D4D-467C-A6BB-4E4137F1AFD5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C5C2646E-0867-4757-A648-477D0C5B2CF0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C5E3F6A9-149E-4A88-BA41-B579D54586C6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C605B3C8-6160-4E0E-9575-CE8E76041A41}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C6473A82-25E0-4CBF-A927-15B42EB108EE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C69BFDFC-0AFC-41F6-B839-CE444649024D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C6C14027-A4ED-4C81-9F07-5A8057A5E97D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C6E93D7A-E68B-49BE-AE22-5DA1945276A4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C6EDBFC6-899C-4FFA-8345-A17CFFF98EBE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C71E00F8-9921-4C8C-B806-123DF132DC1A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C74197C4-737A-4C5D-B666-87D07940B2E5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C7C3E42F-CD75-4DBC-86F5-DE619827E221}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C8209FF8-63D3-48D9-A208-5265850AFBEF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C82B7710-7E89-45C5-A180-CED28F172BA2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C861E396-8F6F-40C7-B353-3EF7FFF8380C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C870FC91-80E0-4260-8862-C17B871737D9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C8F2D82C-2D14-48DC-9661-9FA2FE7D9F6C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C972A1F4-225F-4C48-ABE8-46D548F26EA6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{C9E95AB9-F595-4C15-972B-CCEE5294D214}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CA0DF3A0-8F71-4589-8635-723CC5096327}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CA369210-391A-47C4-91D4-723022B89372}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CA9F63D4-17B0-436C-BD3B-6CD1A0231934}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CABE1C12-D6AE-4A3B-A302-ACAF0C99FB87}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CAFE79EF-4E8C-4CFC-ACD0-5612FF67D80E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CB21C18B-0D76-44DB-B224-FFD708EA6559}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CB270704-91F5-4C12-B1D9-4606DD77C48D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CB2BCFCB-5468-4D1E-85F2-A922E5A3FB33}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CB2F4564-75D7-4EBA-B8FF-19451BAF37C3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CB55F36C-8886-4E6F-A4B6-27266EF271BA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CC03FDBF-6CFD-40A4-B23F-5F5CDF79D93B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CC30C688-C46B-4444-93BB-F18A0BCCDBB2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CC3102F5-1C4C-4B4E-A1A8-572AB51AB3F8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CC962543-F294-4023-925B-3539B4C9E357}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CCA15864-23C4-4430-B699-6FBE69BCB503}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CD104C9D-B7D3-4D2D-8294-8680757AAB42}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CF40967F-9586-43AF-93A3-6D1F2DCEBB2C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CF8501E5-2F98-40BD-97DE-9E167224A444}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CF8D6B01-99EB-4538-954D-8F22E2BE9F6A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CFBF96B6-11C1-4BA9-9FD1-120E53D0A5A4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{CFCE658D-6252-4004-94DE-C28C33D1C3A4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D0287969-8BEB-4056-9771-145F6D64A50A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D0733EC3-2DCD-4496-8C5B-25C0B35A339B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D1B9C389-3D88-438E-BEF9-CC580901CF37}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D1BB3843-27B1-4C1B-A1C1-6C9A2CAA626A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D1E2EE53-6D0B-4EA7-A030-75B576852EE7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D239D9FF-D75A-4CED-9113-3B2727116447}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D2835197-A303-4A58-868E-061924262F20}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D31B0FFF-E90B-482F-9431-134DA8F57E15}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D347FB0D-02A8-46B6-8D89-07C493A845DE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D3E14E60-7A5D-4DAD-A3F1-D1AE1CBD5128}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D3E40CEB-F7FF-4A30-8894-264568B96E96}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D4EE98CD-712A-4993-B025-029D3D64B1B1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D5819C11-A0A5-45D5-8379-5F72B6ED870C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D61FE4EE-7D05-48CE-8349-1A76E5D3BDAB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D682BE71-EBFE-4B04-9316-70D66E9571C6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D68426E9-3230-4920-BF05-61CA1BF9BD5D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D69EED4C-ECE6-4BBE-BB1B-0A5865E4CE90}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D70AA77F-0756-4CC8-9982-E526B3AD70BD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D743E688-E4F3-4981-8F18-6AF239883C39}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D74EE0A1-CF2D-4B66-8E17-1623522B4C2F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D7D546DC-4CC2-4F6E-BBE6-54158E0E912E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D7EB438E-1CBB-471F-BEB6-1A2928E49D18}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D8325BCE-213C-423D-9E11-2E420BC6CAF2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D99D9B94-49F4-4873-B4CE-FF9E85F80D67}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D9C092C1-E497-4090-8801-3D6FC86DA435}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{D9D6FC9A-AD93-42BF-A443-4A751737FB4E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DA24D66D-E4E1-45FE-B503-2CD9A660F483}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DACC2AFC-015D-46CC-9243-C4CBE6B7CD6C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DACCD880-1588-45FA-AA14-559DF9F6289C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DB7457AC-6169-4325-B369-BFB474A42FA5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DBB3A81A-0A2A-4B9A-8EE8-F1017238BDCA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DBB45B6A-ED92-4E45-A82C-1F55CBB0FAC7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DBE343D6-BDB1-44F1-B8D9-FB58ADDABEF3}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DCAA623A-57BE-45C6-8E13-4BD7C695BB1A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DCDC78A5-D4C6-4260-9D3B-C323A988C546}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DD0A8BAB-40F4-4399-9EF6-EF8E1ECFF3B9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DD177F72-AA28-4580-B099-E4F1C8DBEB35}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DD36A7B6-E6D9-48B7-9F72-61DBFFACFBB9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DD81EC80-DF07-49F0-915E-9FB68B252990}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DD9363ED-AA04-4B22-820E-CE86706D7543}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DDBA7187-960E-4678-9C82-7F1058527804}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DDCE21C5-D760-4603-9AF6-FAFA16F68FF9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DE347EE0-3B3E-4788-8D51-2217522ACF35}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DE4DAAC8-559D-4ED9-A6B5-507482846760}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DE7A41BA-BE9E-4A4A-A8BD-9163F9FC93CE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DF34FF09-6EFD-4DAD-8BCF-368E07BEC214}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DF448996-1241-4261-9A08-526820A5F5E5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DF6782F3-DC04-40F9-880F-3D5070E376EE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DF6DDD00-04EB-441D-8CEE-ABA15F540E33}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DF74D9AF-B17C-4F2B-A71C-A1857D074439}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DF7B7B4C-E326-4806-95A4-E0367A4913FF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DFA55ADF-D4C2-4F81-9196-CEBEF78D4116}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DFB34C57-5EFE-471E-B24B-D2B37D5D77C6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{DFFB53D0-77C2-49AD-8629-34FA4BF8ED33}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E0077A66-1D39-485A-893C-2A4CD8CB9CA2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E081612B-328A-4E37-A55E-AF1B35934180}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E0BC2A9C-523A-49C1-BC8A-7E5348672ADF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E0DB0163-79CA-481C-AA0E-499C61C18433}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E15C5258-356D-40D2-B06F-B3104DCC5CB2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E1A00AC8-D49F-4AAD-A2A1-601F3DC2AF31}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E1E366E4-EA86-41F8-9B0D-CA9B17B8EBDD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E210D78D-4FB0-4DE1-A151-15E49D2A08A7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E2D8BAEE-6261-435D-ACEE-AF51E8DB6A20}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E2FE4F43-4D1B-404B-837F-8BEFC3E91C12}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E325AFE3-28E5-42A8-BC4F-8D87572382FE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E392E359-9ACE-443E-9285-48DF76C7690B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E3F65324-EFC9-40C7-93DA-0945E3B2BC2D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E405F666-BB49-43DC-8619-2624DDEBFC69}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E40CC29F-AB5E-4B07-812E-999230EDB5A1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E4C5FFC7-14FE-4EA7-B1C4-480CFDEA716A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E4CD579D-624E-40C0-A917-B32E91DEC3A5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E4CF910E-9563-4A40-BD4B-7CA04BE72701}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E513FE32-DDA5-4E69-8684-A6CDD7FA75A2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E59D2A76-6E67-4AC3-87C4-FABF4ABCEF70}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E5B6023B-3AFD-4963-B1A3-9834B1C80067}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E6530C19-E940-4FB6-BD53-30145A894E8A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E6CB473B-3E77-4730-BAF9-D122824B45BC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E7190D37-AA3F-4D71-A38E-C98922454B2A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E753E86F-A331-42CD-BA9B-9BCA51FE5D36}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E77E32F0-84CC-4A80-83F7-8A2C7594041F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E792B155-F66B-4FD0-9B15-8F71B5830976}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E7BB2F77-56FA-405A-BC8E-DFE7DCB6706D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E7E5CC8F-8250-402A-B3EF-29024D236B8C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E8046BDF-D29E-4834-8B33-F1CD7521973E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E84B8E86-7B4C-44D1-8D73-A40D598BD9F4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E896AAE5-7268-41EC-9BB1-3B7A888CA20A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E89E021D-EC14-4385-B61B-7C770F37281D}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E8B35BDF-384E-4680-A5DC-35E2EB17276A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E8C7C372-F582-4F32-8C5F-3EE645B9B805}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E8F35104-EF83-41D8-8A44-C7AC5DD1B600}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E93F4F6E-5EFD-412F-92E6-A9564311E795}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E945A6A2-A42D-4A6C-9DAD-3188D1F2EB45}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{E99C06BF-B703-4BD0-A36A-6B0902F8C70F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EA13F108-6653-4EC4-94B3-623FF2413817}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EA5DE00C-B7B6-4925-941C-739B291371ED}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EA6F2BB1-F817-4E88-B741-7466C3D54887}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EAA2A6FA-27D9-4E5A-B948-8FAB32602C65}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EB147284-F4D7-4303-B456-2FF7771B98CA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EB58D718-5375-43A6-A69C-BDA28ED83468}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EB58ECDA-1DDB-4283-859B-5A2335620FF0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EB9EB09E-513A-4B02-87FB-DCF0D6C78C08}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EBAF749B-17A7-4D4E-A890-E3E8857FE795}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EBE38F69-730D-436E-BE24-52810A8034F8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EC41B880-5FCD-4822-A819-F9ACE7526955}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EC456F80-1225-4E51-88EC-A51D51E94252}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EC9A1720-E563-4EFE-BF89-A40733D473FD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{ED76A74B-7EB0-463D-80A0-CCD8CB1B24C4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{ED9D50FA-ED45-4C2D-A97C-25E71CFFC206}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EDBAECF7-B04E-4F02-9A05-DDC52CD4B7CD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EE75FB14-031C-4CF9-8F0B-2CD94F183929}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EEBD5628-DB17-4CDC-9706-1B3F8C92E747}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{EF917151-85F1-4D0F-846B-D66CAD44681C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F0EC0EE1-CF47-4800-B521-901B8D2249F4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F1069E2A-4AF5-470F-A7FC-A639B286B56A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F18C7DB9-027B-45CC-9292-1FA72BB3680A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F26C7B34-CC39-44C0-AB60-4F9B0FE11195}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F2AD2A6A-9A5F-4432-AB1C-253FC8AC7EE6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F3226CC0-43EA-47FD-ACF0-B481FCA8E253}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F342D198-ED60-4BE7-B0A5-C6C4C645ECAD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F3B65156-E903-4D24-8BAA-0426B3D68D39}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F3D0EF72-9CC1-4399-8D3A-886E801C784E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F421E764-7ED4-4F2E-9040-FAA4CF5F9863}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F4886988-5698-4D8C-8C9F-E1CBEBC127F9}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F48FA3B6-9CC5-486C-8A09-FD2ED11140B6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F4B1A908-FD68-4973-A6F1-00F3E1C70CA2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F547E637-C6ED-454F-A00E-5A086AD36553}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F5851EBB-0903-4162-B5F7-72AA6F57AB69}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F5B4F5DA-6682-45DC-9434-CB285049611E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F5D39D0A-EB45-4E81-AB05-89B999CAF0DE}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F5FF12FF-B37D-4A17-8306-6D3297A659B1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F60A1179-F19E-446F-8663-7A4D52FA9BCD}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F60A3625-38C7-4DF3-B2F3-536263D97D47}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F6FA1A60-1E32-4B76-BAF7-39FA48AFBE22}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F7B0A7E7-3DE7-4ED7-A85F-ABED7CFF3222}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F7BF7642-18DB-49D1-88E1-85A0C95FA4F1}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F7FE825D-08BC-45A5-B5C3-85C6FD8B2718}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F8A575B5-C14A-475E-89AD-57AFC6616A97}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F8C9973B-1670-4C6E-8138-A1BC02ABA248}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F8D32DA2-4F17-4777-846F-A75C12DF4BA0}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F901CB2B-6A65-4ED5-B1CA-F25BBC6C29D4}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F912A682-2BF3-4975-89EF-D11633DEAF58}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F938050A-EFC1-4B9C-B5E8-7CF3DECD8AA6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{F9EDFF30-631F-4E2F-A7C4-8E6810007B6B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FA0F11D9-E53F-4B23-B972-8584658F637C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FA538ACD-3029-40D9-A608-D5764D3F7706}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FA71626C-52DA-439F-9AD3-F5301E2C5678}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FA724837-2CAA-433A-B551-1FC8FB627B74}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FA7E4208-46FF-458D-9C6E-79F1F16C8F1A}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FA80A51C-F036-4F0A-B8FA-CD6350D9928C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FA87AD7C-7625-4D4F-9ED2-DC1E507C96E6}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FAC8AF76-86E4-4AB7-8893-AAE87662DAFA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FAF3B359-1928-460D-A560-E6D33714C96C}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FB276938-F627-407B-9BDE-11DBA1F2745B}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FB29CD29-5BC8-463D-A444-50296FB3E626}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FBA59107-2D95-4B6A-A0E9-CC117A28A7FC}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FBC055FF-01D7-4E5C-A990-CB80E69A0D04}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FBFC0A47-E36F-4C2C-812B-8BAE91B9D885}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FC1567AE-A454-43B2-9F73-4195F91DF746}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FC26BAFC-6119-483E-81A0-C3092D2D65EF}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FC42EEEE-AB55-49AC-B764-35978CA8FE87}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FC47D298-BA46-4286-8FAE-8375923777D8}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FC6775C7-46CC-4C10-B65A-ABBEC139D999}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FCC6F4BA-5B05-4A69-92CC-345B05887EE5}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FCD05000-5AD9-4761-A829-94F2FE7859CB}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FD337632-64EA-4A59-AC23-0B9AD0230F5E}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FD614FAB-429D-469C-A643-D608238315A2}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FD8A9C18-9E7B-4A4C-8E09-0DABD478F898}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FDD5361A-87A2-4303-B039-1DBFBB67EEDA}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FE32DAE2-EEC0-4630-AA72-4CD13D49F98F}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FF855C66-58BC-4340-A155-A34BF8947DF7}
Successfully deleted: [Empty Folder] C:\Users\Xychor\appdata\local\{FFA5EEE8-1DBE-42E6-889C-3890068B575B}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.04.2013 at 18:29:57,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner[S1].txt:

Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 13/04/2013 um 18:31:51 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Xychor - PC-JAN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Xychor\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v12.13.1734.0

Datei : C:\Users\Xychor\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1474 octets] - [13/04/2013 18:31:51]

########## EOF - C:\AdwCleaner[S1].txt - [1534 octets] ##########
         
OTL lässt sich leider nicht mehr ausführen (auch nicht nach neudownload). Meldung hierbei:

"Exception EOLesSysError in module OTL.exe at 000584A5. Das angegebene Modul wurde nicht gefunden"

Alt 14.04.2013, 16:27   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Hast du Windows nochmal neugestartet? Obwohl adwCleaner das für dich tun sollte.
Starte Windows nochmal neu und probier OTL bitte nochmal
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.04.2013, 19:24   #15
Xychor
 
ZeuS/ZBot Telekom Warnung OTL Log files - Standard

ZeuS/ZBot Telekom Warnung OTL Log files



Hallo Cosinus,

Neustart ändert leider nichts an der Problematik. Derselbe Fehler mit Verweis auf das fehlende Modul.

Antwort

Themen zu ZeuS/ZBot Telekom Warnung OTL Log files
autorun, battle.net, bho, e-mail, error, firefox, flash player, format, homepage, iexplore.exe, install.exe, log file, logfile, netzwerk, ntdll.dll, pando media booster, pum.userwload, realtek, registry, scan, security, svchost.exe, teamspeak, telekom warnung, trojan.agent, udp, visual studio, warnung, windows, zeus/zbot warnung von der telekom



Ähnliche Themen: ZeuS/ZBot Telekom Warnung OTL Log files


  1. Telekom Brief Zeus/Zbot
    Log-Analyse und Auswertung - 26.05.2015 (32)
  2. Telekom E-Mail 'zeuS' 'Zbot'
    Log-Analyse und Auswertung - 01.02.2014 (3)
  3. Telekom e-mail Zeus/ZBot
    Log-Analyse und Auswertung - 26.11.2013 (7)
  4. Telekom Brief - ZeuS/ZBot Infektion
    Log-Analyse und Auswertung - 26.11.2013 (9)
  5. Sicherheitswarnung Telekom ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (9)
  6. Deutsche Telekom Brief - Warnung vor "ZeuS/ZBot"
    Log-Analyse und Auswertung - 30.09.2013 (17)
  7. Zeus/ZBot Telekom email
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (29)
  8. Des Dramas zweiter Teil: Warnung der Telekom vor Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (8)
  9. ZeuS/ZBot Warnung von der Telekom
    Log-Analyse und Auswertung - 30.05.2013 (23)
  10. Des Dramas dritter Teil: Warnung der Telekom vor Zeus/ZBot
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (2)
  11. Telekom Brief Zeus/Zbot
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (22)
  12. Telekom Warnung vor ZeuS/ZBot
    Log-Analyse und Auswertung - 05.03.2013 (15)
  13. Telekom Brief, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (16)
  14. Telekom-Hinweis auf ZeuS/ZBot
    Log-Analyse und Auswertung - 18.02.2013 (7)
  15. Brief von der Telekom, Trojaner, ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (13)
  16. Post von der Telekom (ZeuS/ZBot)
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (4)
  17. Telekom verweist auf ZeuS/ZBot
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (11)

Zum Thema ZeuS/ZBot Telekom Warnung OTL Log files - Hallo, ich habe, wie anscheinend einige in den letzten Tagen, eine E-Mail der dt. Telekom bekommen, dass es Hinweise darauf gibt, dass unter unserem Anschluss ein ZeuS/Zbot agiert. Im Netzwerk - ZeuS/ZBot Telekom Warnung OTL Log files...
Archiv
Du betrachtest: ZeuS/ZBot Telekom Warnung OTL Log files auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.