Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: erneuter GVU Angriff!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.06.2013, 21:33   #1
Patros1001
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



Hallo zusammen,

ich bin neu hier und hoffe hier Hilfe zu bekommen.
Ich hatte vor ca. 1 Jahr schonmal einen GVU Trojaner, welchen ich mit dem Abgesicherten Modus und Wiederherstellung irgendwie los wurde?!. Jetzt hatte ich leider erneut das Problem, diesmal sogar mit Bild von meiner Webcam und alles. Auf den Abgesicherten Modus bin ich erst garnicht hingekommen, er ist dann immer wieder gleich runtergefahren. Mit Eingabeaufforderung ging es dann doch und ich konnte mit dem Kürzel die Wiederherstellung erreichen, was aber überhaupt nichts gebracht hat. Immer noch das blöde GVU Bild. Dann hab ich nach Anleitung von chip.de via eines zweiten PCs die Windowsunlocker Version von Kaspersky runtergeladen und konnte es so nach dieser Anleitung schaffen, dass ich das GVU autorun Bild nach hochfahren löschen konnte. Ich befürchte nur diesmal das mein System leider immer noch belastet ist und möchte das ungern nochmal durchmachen. Somal der GVU Trojaner scheinbar immer komplexer wird. Deshalb bitte ich um Hilfe um mein System sauber zu bekommen.
Danke.
Lg
Patros1001

PS: Die Log Dateien Folgen.

Alt 21.06.2013, 21:42   #2
M-K-D-B
/// TB-Ausbilder
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Poste alle Logdateien, die du zur Verfügung hast. Danach sehen wir weiter.
__________________

__________________

Alt 21.06.2013, 22:53   #3
Patros1001
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



Hallo Matthias,
danke das du dich meinem Problem annimmst!

Gmer:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-21 22:57:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400BEVT-80A0RT0 rev.01.01A01 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Basti\AppData\Local\Temp\pgloqpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                       fffff80002ff3000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                       fffff80002ff302f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69              0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2752] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155             0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Samsung\Kies\Kies.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\Samsung\Kies\Kies.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4016] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint               000000007749000c 1 byte [C3]
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4016] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin          000000007751f85a 5 bytes JMP 00000001774cd571
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                      * 2
.text     C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075ef1465 2 bytes [EF, 75]
.text     C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     0000000075ef14bb 2 bytes [EF, 75]
.text     ...                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [2008:4028]                                                                                              000007feeea29688

---- Registry - GMER 2.1 ----

Reg       HKCU\Software\Microsoft\Windows Live\Companion\sebafried91@yahoo.de@5b0c6e22da15cbf1c6ec4fda9acf8021\r\n                                 0x65 0x9D 0x2B 0x0F ...

---- EOF - GMER 2.1 ----
         




otl:

Code:
ATTFilter
OTL logfile created on: 21.06.2013 22:58:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Basti\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,64% Memory free
7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 69,84 Gb Free Space | 46,86% Space Free | Partition Type: NTFS
Drive D: | 427,59 Gb Total Space | 346,38 Gb Free Space | 81,01% Space Free | Partition Type: NTFS
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.21 21:57:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
PRC - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.05.03 14:24:46 | 000,755,080 | ---- | M] (Samsung) -- C:\Programme\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe
PRC - [2013.04.23 06:48:20 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.04.23 06:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.04.23 06:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.04.06 12:29:45 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.08.08 21:52:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.09 07:00:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 07:00:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.09 07:00:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.12 21:10:17 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013.05.15 22:19:11 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013.05.15 22:18:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013.05.15 22:18:42 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013.05.15 22:18:33 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013.05.15 22:18:29 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013.02.16 16:16:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.01.10 14:52:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 14:51:59 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.09 22:19:58 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.09 22:19:53 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.09 22:19:44 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 03:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.12 21:10:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:34:46 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.09 20:12:12 | 000,605,768 | ---- | M] (Copyright 2013 SAMSUNG) [Auto | Running] -- C:\Programme\Samsung\Samsung Link\Samsung Link Service.exe -- (Samsung Link Service)
SRV - [2013.05.03 14:25:36 | 000,405,896 | ---- | M] (Samsung) [Auto | Running] -- C:\Programme\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS)
SRV - [2012.09.19 12:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.09 07:00:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 07:00:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.09 07:00:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.28 04:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 03:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.05.09 07:00:07 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 07:00:07 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006.12.13 13:13:00 | 000,124,856 | ---- | M] (Eutron) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eusk3usb-amd64.sys -- (eusk3usb)
DRV:64bit: - [2006.12.13 13:10:00 | 000,042,816 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eusk2par-amd64.sys -- (eusk2par)
DRV - [2013.04.18 12:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2012.09.19 11:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {EDCCE97D-5347-471B-B6E1-9F8A0CA542AC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 DC DD 16 5C A2 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {EDCCE97D-5347-471B-B6E1-9F8A0CA542AC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=120518&tt=gc_&babsrc=SP_ss&mntrId=92953E4BD6F7B3E7
IE - HKCU\..\SearchScopes\{1ECEC699-83A8-41A3-8984-FE428572C7C1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcphp?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{8144EBF8-1C93-499E-BF47-177B9057D007}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110000&babsrc=SP_ss&mntrId=9295ba85000000000000485b39e8b0a3
IE - HKCU\..\SearchScopes\{89258519-8216-478F-A05C-99A820C7128C}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://www.ask.com/web?l=dis&o=APN10234&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A8B&apn_uid=8251684443204565&p2=^A8B^YYYYYY^YY^US&q={searchTerms}
IE - HKCU\..\SearchScopes\{EDCCE97D-5347-471B-B6E1-9F8A0CA542AC}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\samsung.com/AllSharePlayPCPlugin: C:\Program Files\Samsung\AllShare Play\utils\npAllSharePlayPCPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com
 
[2013.05.08 19:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2012.07.11 22:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions
[2012.07.11 22:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f}
[2013.05.18 22:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yrdsoke5.default\extensions
[2013.05.11 23:11:32 | 000,006,505 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\yrdsoke5.default\searchplugins\babylon.xml
[2013.05.11 23:11:46 | 000,001,294 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\yrdsoke5.default\searchplugins\delta.xml
[2013.05.27 22:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.27 22:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.27 22:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2013.05.27 22:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.27 22:47:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.05.05 17:41:03 | 000,002,275 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
[2012.05.05 18:12:33 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Samsung Link] C:\Programme\Samsung\Samsung Link\utils\Samsung Link Launcher.exe (Samsung Electronics)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [EADM] D:\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71A4FB85-D5F7-4553-BA6B-0F5DC230FCB9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB2E411D-6F89-4A3A-A607-EB9CDD0FC578}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{83d609a8-0ee4-11e1-ab1f-485b39e8b0a3}\Shell - "" = AutoRun
O33 - MountPoints2\{83d609a8-0ee4-11e1-ab1f-485b39e8b0a3}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.21 21:57:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2013.06.19 19:34:02 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\techland
[2013.06.07 00:04:51 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\The Creative Assembly
[2013.05.27 22:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.27 06:44:08 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meister-Trainer
[2013.05.27 06:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Meister
[2013.05.27 06:43:47 | 000,294,912 | ---- | C] (rpwSoft) -- C:\Windows\Setup1.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.21 22:44:19 | 000,000,000 | ---- | M] () -- C:\Users\Basti\defogger_reenable
[2013.06.21 22:10:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.21 22:04:11 | 000,377,856 | ---- | M] () -- C:\Users\Basti\Desktop\gmer_2.1.19163.exe
[2013.06.21 21:57:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2013.06.21 21:55:58 | 000,050,477 | ---- | M] () -- C:\Users\Basti\Desktop\Defogger.exe
[2013.06.21 21:34:33 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.21 21:34:33 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.21 21:24:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.21 21:24:17 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.21 20:50:51 | 000,000,004 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\skype.ini
[2013.06.21 20:46:53 | 017,371,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.21 20:46:53 | 000,735,468 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.06.21 20:46:53 | 000,735,312 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013.06.21 20:46:53 | 000,733,182 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013.06.21 20:46:53 | 000,730,006 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013.06.21 20:46:53 | 000,730,004 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013.06.21 20:46:53 | 000,719,004 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013.06.21 20:46:53 | 000,714,536 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013.06.21 20:46:53 | 000,703,792 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013.06.21 20:46:53 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.21 20:46:53 | 000,673,490 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013.06.21 20:46:53 | 000,658,508 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.06.21 20:46:53 | 000,653,752 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013.06.21 20:46:53 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.21 20:46:53 | 000,646,766 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013.06.21 20:46:53 | 000,596,688 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013.06.21 20:46:53 | 000,499,310 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013.06.21 20:46:53 | 000,484,586 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013.06.21 20:46:53 | 000,471,450 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2013.06.21 20:46:53 | 000,469,230 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013.06.21 20:46:53 | 000,419,388 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013.06.21 20:46:53 | 000,407,794 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013.06.21 20:46:53 | 000,392,220 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013.06.21 20:46:53 | 000,382,796 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013.06.21 20:46:53 | 000,375,118 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2013.06.21 20:46:53 | 000,170,082 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013.06.21 20:46:53 | 000,157,422 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013.06.21 20:46:53 | 000,154,698 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013.06.21 20:46:53 | 000,152,014 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013.06.21 20:46:53 | 000,151,986 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013.06.21 20:46:53 | 000,149,578 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013.06.21 20:46:53 | 000,148,390 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.06.21 20:46:53 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.21 20:46:53 | 000,146,578 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013.06.21 20:46:53 | 000,145,886 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013.06.21 20:46:53 | 000,141,572 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013.06.21 20:46:53 | 000,140,194 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.06.21 20:46:53 | 000,138,976 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013.06.21 20:46:53 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013.06.21 20:46:53 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.21 20:46:53 | 000,119,580 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013.06.21 20:46:53 | 000,119,152 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2013.06.21 20:46:53 | 000,114,238 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013.06.21 20:46:53 | 000,110,090 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013.06.21 20:46:53 | 000,100,230 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2013.06.21 20:46:53 | 000,097,570 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013.06.21 20:46:53 | 000,094,380 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013.06.21 20:46:53 | 000,093,888 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013.06.21 20:46:53 | 000,083,998 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013.05.27 06:45:00 | 000,294,912 | ---- | M] (rpwSoft) -- C:\Windows\Setup1.exe
 
========== Files Created - No Company Name ==========
 
[2013.06.21 22:44:19 | 000,000,000 | ---- | C] () -- C:\Users\Basti\defogger_reenable
[2013.06.21 22:04:11 | 000,377,856 | ---- | C] () -- C:\Users\Basti\Desktop\gmer_2.1.19163.exe
[2013.06.21 21:55:58 | 000,050,477 | ---- | C] () -- C:\Users\Basti\Desktop\Defogger.exe
[2013.06.20 18:42:26 | 000,000,004 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\skype.ini
[2013.05.17 23:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2013.05.04 13:27:28 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.05.04 13:27:28 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.04.19 16:38:54 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll
[2013.04.19 16:37:54 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013.04.15 18:53:12 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll
[2013.04.15 18:53:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
[2013.04.15 18:52:44 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
[2013.04.15 18:52:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll
[2013.04.15 18:52:40 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll
[2013.04.15 18:52:24 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
[2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.09 23:20:37 | 000,000,839 | ---- | C] () -- C:\Windows\wininit.ini
[2012.07.09 20:20:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.04.19 21:49:45 | 017,032,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.12 20:48:12 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\LCNIMP6.DLL
[2012.02.12 20:43:20 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2012.02.12 20:43:12 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\c1sizerppg.dll
[2012.02.02 19:44:09 | 000,032,529 | ---- | C] () -- C:\Users\Basti\rift_gamecard_30_days_89235554_Q4SKHBGD.jpg
[2012.01.11 20:50:11 | 000,059,904 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\skype.dat
[2011.11.14 19:17:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.07 22:57:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\.mono
[2012.12.30 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Audacity
[2013.03.11 20:53:13 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Awesomium
[2013.05.18 22:40:03 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\BabSolution
[2012.06.04 22:38:24 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Canon
[2012.07.09 22:45:56 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DAEMON Tools Lite
[2013.01.03 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoft
[2012.08.29 21:28:33 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Epweod
[2012.05.05 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\eType
[2013.06.20 18:52:03 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICQ
[2011.11.29 18:53:17 | 000,000,000 | RHSD | M] -- C:\Users\Basti\AppData\Roaming\InstallDir
[2012.08.30 20:03:42 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ivoqq
[2012.08.31 06:53:37 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Kubas
[2012.12.30 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\OpenCandy
[2011.11.14 19:35:28 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Opera
[2013.06.13 22:04:27 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Origin
[2013.03.07 22:22:57 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Pokémon Trading Card Game Online
[2013.05.18 22:28:09 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\RIFT
[2013.05.04 13:24:56 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Samsung
[2012.10.26 18:07:21 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Sports Interactive
[2012.09.13 15:02:08 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Systweak
[2013.01.21 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TeamViewer
[2013.06.07 00:04:51 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\The Creative Assembly
[2012.07.09 22:45:51 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TS3Client
[2012.03.28 19:42:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ts3overlay
[2012.11.30 21:29:49 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TuneUp Software
[2011.11.29 19:33:25 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ubisoft
[2012.02.25 14:41:19 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Unity
[2012.09.04 12:20:55 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\uTorrent
[2012.04.05 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         



Extras:


Code:
ATTFilter
OTL Extras logfile created on: 21.06.2013 22:58:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Basti\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,64% Memory free
7,99 Gb Paging File | 6,04 Gb Available in Paging File | 75,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 69,84 Gb Free Space | 46,86% Space Free | Partition Type: NTFS
Drive D: | 427,59 Gb Total Space | 346,38 Gb Free Space | 81,01% Space Free | Partition Type: NTFS
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F0EA29-9510-4CA2-8382-9CD823CA1514}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{02DB26D9-5E3D-40F2-8628-BA263E2A14F0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{15784D43-2D99-474D-A58F-70F67BEECAF2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2068548F-E532-4857-A5C3-8419C4A34AC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{326F3941-637B-4175-818F-7B578D366336}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{355D832D-C922-4BDF-84CE-87AC4D057A93}" = lport=33333 | protocol=6 | dir=in | name=war thunder | 
"{36A754C3-55D8-4F9A-BC48-455AD0068EB2}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 | 
"{47C306F7-BAFC-4688-B9B7-3BB11480328C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{526FF5A6-E03A-4565-8D07-56599CEEC6BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{54A5E772-7EA7-4C06-84CB-D4B2F255539B}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port | 
"{5802DD25-4C88-47AC-A1D0-3D2842E4A41E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A897827-F6AC-4ABB-ABD6-61D3E6CB2E73}" = lport=8090 | protocol=6 | dir=in | name=war thunder | 
"{6CC5ABA7-BD1B-44DC-A116-F0C5F44163F0}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 | 
"{6D08A87D-32A6-49E7-A99C-4BD7B8272CDF}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port | 
"{6F6AB699-F242-481D-B11C-4386AAE45460}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{79C3BA46-AD5F-4DD8-9CFD-12330675CFE0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7CB8FFC2-EAA9-4753-82E5-786BC5F9D8B6}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port | 
"{7D703E36-6015-4242-AC25-68D3742C15FB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{830A121B-683A-4352-BBC1-6922ED36A465}" = lport=20010 | protocol=17 | dir=in | name=war thunder | 
"{8AA3A1F8-70ED-4C76-816D-C2387A7304BF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{983A55EF-4C69-4DDD-AFA0-3D7A8DA57136}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{98FAA00E-0587-4AD5-BF5F-A4642E16565D}" = lport=7850 | protocol=6 | dir=in | name=war thunder | 
"{A3B521D6-6923-4566-94B7-5151142CD3D2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A71A766C-57F3-462A-8C5A-B2F395B2F215}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AEF8E0B1-8928-4860-9824-AC75D77FA557}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B8D22E9F-F447-451A-8F4A-A5B658DD80DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C064C3DB-DBCF-4643-A053-EED4B284583A}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 | 
"{C2F882FA-4B38-4436-B85B-482F1EAAD9D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CBEC543C-C9EB-442C-9251-3B652A3DD92E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D078CBFF-6B1B-4709-999A-7BCD7EA7CAB8}" = lport=20443 | protocol=6 | dir=in | name=war thunder | 
"{D2C983A4-296E-4BC7-B9EE-36D523450329}" = lport=27022 | protocol=6 | dir=in | name=war thunder | 
"{D5972AE7-8AC2-4BBE-995D-85321D75ACB6}" = lport=443 | protocol=6 | dir=in | name=war thunder | 
"{D6D967AC-531E-4B94-8804-7631934B8489}" = lport=3478 | protocol=17 | dir=in | name=war thunder | 
"{D71E4286-536E-41A5-B2D5-03E768EEA175}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D743EA0F-C136-4ADA-9720-E4E35CB4F40D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ECEC916C-E69F-41B9-8EC1-D68C1C3ADA4E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EE14011A-0715-4121-93D6-D0037BC97B9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EEAC7889-DE8D-4E43-861F-5BB6DD9994A9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EF27124B-06C0-43FF-AE78-381931831D48}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 | 
"{F1CC925D-5B99-41A9-A5CD-8AC8DC89C58E}" = lport=6881 | protocol=6 | dir=in | name=war thunder | 
"{F4A26989-82B2-4CB1-AB5D-737B3682ADC5}" = lport=80 | protocol=6 | dir=in | name=war thunder | 
"{F91CD776-0D39-461D-976A-42FD1E2AF376}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053DF62B-EC37-49DE-A760-442DAB2F04F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{06D74078-3FD4-4FAB-B9B2-B9B3FE70B0BB}" = dir=in | app=c:\users\basti\appdata\local\microsoft\skydrive\skydrive.exe | 
"{0D8FD0CA-E603-44E5-87BA-D980BDAACED8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{0EB67770-FE02-4A60-9CF0-D0AC90719937}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1A8B66DA-7FEE-4744-BFEA-C6F2F5142197}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{200B203B-1AE0-4CA8-95BB-233D728D2BEF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe | 
"{212A55B1-8751-44FE-8914-99FC9CD089E3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{22156B6D-76FB-46A2-9826-EB7622F3A83A}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe | 
"{318F3DDC-5981-46AD-8183-E61E3368C837}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\rocksmith\rocksmith.exe | 
"{381A89D6-F878-4CD3-8976-FDCDF5D68D08}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe | 
"{3CD7EC67-7C06-4E08-8453-491315FCAE35}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{3E964430-6C7C-4E8D-85FB-007B45471C95}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{3FB0005E-D477-4729-BEE9-CCE967914582}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe | 
"{409B6526-CB6E-43F8-BC94-3CFD77B49439}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{4D53CF9D-1A82-46E6-9481-37295D0C9887}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E9777CE-0A94-4CE9-A1B8-149D1117AE84}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{4FAE43CA-B470-4AD5-BEA6-E419476100E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{539B7E34-93C5-4C36-8E60-F37B5D816975}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\rocksmith\rocksmith.exe | 
"{58CCA3B6-8ADF-4D8B-8815-3F7F97CAAD1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5B216E94-4B1A-4DA5-9310-D99FFF94B327}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{631E5A75-4282-4F39-A218-429E2AD99314}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{635C1FBE-2EE0-44AF-9FB6-649001F64A20}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{6A9916DF-0D74-4E29-821E-1DFA1D67FE1B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{80FD4542-6BA3-466F-875D-9E6A59422A2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83964453-05DC-4E97-B0FB-EFCCC1786C03}" = protocol=6 | dir=out | app=system | 
"{88725923-1B49-4270-8A36-9CAE7CBA2195}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C2C335D-E484-4454-9C78-93D34E92671E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FBEA6EC-DF63-4052-BB76-FAFC32D2FC29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9446C022-AB19-4358-807D-077500B27B01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{945DBD58-489F-48A1-A512-6A64CD8CC04F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{961D3570-B770-43C6-8975-A1A3E70F3D4B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe | 
"{96867691-CDB2-4EFE-BF91-8C1E4BA2CBB5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{9A576023-0A25-42E8-A0A1-22327DD9063A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9E599731-4FB4-4A82-A07A-0A8C52DF1597}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe | 
"{A33E2E6E-335E-4E88-B1C0-C43C5D67F226}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe | 
"{A645803C-63D4-4BAF-9266-89736561AEB4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{AE6A74AE-5B04-4BEA-B5C1-B6674395F8CF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe | 
"{B1D058C0-69AA-43EE-A045-9C61C47BE12B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{B31E57E3-B793-43CC-9C14-6819B7963E7F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B44D7052-2BC9-4DCA-9A48-AD2A3313402C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{B824FFB1-0800-41AA-863A-FE80216C9C0E}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe | 
"{BEC7A533-5244-473B-8053-71D0D43F0658}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C34ADF70-5ECB-4B40-92F9-5D60FF9E4CF9}" = protocol=58 | dir=in | app=system | 
"{C8F642A1-BC45-4482-B6FB-D9D0AB5BF721}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C9227157-9F7F-498D-9A53-9ED6987281C9}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe | 
"{D3094B04-D60D-4D7E-98EB-B8A9FF4DFC1F}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe | 
"{D75EE4E1-7E6D-401C-8B42-E44D4CD50F46}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E50B5288-B57A-4A57-99C2-B323E38002D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E7E0B179-5592-488B-84A8-67AD21C77A1E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{EF96C670-F0C1-44FA-BF72-69F617E87C8A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{EFF7E4B4-D33A-49A8-847D-8FAD675FF8F2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{F17331D5-BD70-4B47-B115-BFB3A91CD8A8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{FB991AB3-1D6E-443D-AECB-322B05219B72}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe | 
"TCP Query User{A06DD0BA-C5B3-4523-8030-58D9916EC636}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"TCP Query User{C3AD5C19-9C06-44C3-A3DD-8122D47CFA4C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{CDA60A4F-5E6B-4523-9A5B-2B74B24A9269}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"UDP Query User{070D247C-2BAF-4F16-85BB-FA87BC84668D}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"UDP Query User{9D24AAFF-712A-4007-A518-FF9A140AB370}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{BC37443F-608A-41DF-BCC8-73C51B575769}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BA8381A-F47A-0A1A-8CDC-9EED42CBF73A}" = AMD Media Foundation Decoders
"{328EAC95-9299-BF47-BDBE-83F94AE07D71}" = AMD Drag and Drop Transcoding
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A762DDE6-D6AC-ECDC-DFBE-E35A0FCFB0AD}" = AMD Fuel
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5CFDA3B-64EC-21EE-6652-0E9AFC41FF8F}" = ccc-utility64
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FC655E43-0E90-4FAC-AF88-7CF8635C6ADC}" = AllShare Framework DMS
"8474-7877-9059-0204" = Samsung Link 1.5.0.1305092012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B9D184-F3C5-48B2-6DBA-56D5DCD85E97}" = CCC Help Chinese Traditional
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{062BC4B4-891A-C58D-B335-7A6358BB438C}" = CCC Help English
"{0E4545D7-2B4B-1EF1-505E-1B9E512980F1}" = CCC Help Portuguese
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{15DA32B6-4726-AABE-E3BD-761DA0DE4132}" = CCC Help Norwegian
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2764C49D-4BFD-A240-F64D-E11AF855C714}" = CCC Help Swedish
"{29E21CFC-5DEE-6441-AD4A-C15655BFC146}" = CCC Help Chinese Standard
"{2C03DD9D-D28B-9D33-22DA-AB1C007B8412}" = CCC Help Spanish
"{2DE1BCDB-48F7-723F-1DF0-FAB7B4184CE4}" = CCC Help Danish
"{2FF505C2-318E-7B51-FA77-51B9E6F0677D}" = CCC Help Czech
"{30E02033-8A23-ABF8-474C-1CD0C7504659}" = CCC Help French
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{43BAB72A-5430-FD3B-ADBD-02105E4AEE03}" = CCC Help Thai
"{492B292A-8A5E-EE0D-5EAA-B303CCB1F14D}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B487EAF-EC47-EDEF-599B-CA45F17DD5D0}" = Catalyst Control Center Graphics Previews Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{59FB5F5C-B127-D725-72CF-D8ECEF40163D}" = CCC Help Finnish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFCEE0F-17DA-93D0-65EE-C280DA539FFD}" = CCC Help Korean
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{78482808-3AE8-5650-52AD-2E73D0C6BB43}" = Catalyst Control Center Localization All
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A60C5BE1-9644-01E7-5E8A-5F0318D268C6}" = AMD VISION Engine Control Center
"{A9674831-B5FC-32DA-D7F7-067DB3FC36C8}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B24A294A-5BA2-E73D-2064-80BB7A940102}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BECC92A2-F74A-9003-214D-7F2B059B61D1}" = CCC Help Turkish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1953F1B-F323-B5BC-4513-BC82EFED21DD}" = CCC Help Dutch
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{DDB9AF26-1CA1-99F6-A3E5-3D76D6D45BE7}" = CCC Help Greek
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA217A-9661-02A8-E259-A2702CBD8C40}" = CCC Help German
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EBD2E918-2C91-A25B-DFA8-E9E96673061D}" = CCC Help Russian
"{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F950EC87-8370-F6BC-4996-1C2A0B486E5F}" = CCC Help Hungarian
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DomaIQ Uninstaller" = DomaIQ
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FormatFactory" = FormatFactory 3.0.1
"Free Audio Converter_is1" = Free Audio Converter version 5.0.21.1212
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"ST6UNST #1" = Meister-Trainer
"ST6UNST #2" = Meister-Trainer (C:\Program Files (x86)\Meister\)
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 205190" = Rocksmith
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kies Air Discovery Service" = Kies Air Discovery Service
"MyFreeCodec" = MyFreeCodec
"RIFT" = RIFT
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.06.2013 14:24:46 | Computer Name = Basti-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der Computer wird heruntergefahren.  .
 
Error - 21.06.2013 14:31:54 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description = 
 
Error - 21.06.2013 14:31:54 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description = 
 
Error - 21.06.2013 14:32:26 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.06.2013 14:39:04 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description = 
 
Error - 21.06.2013 14:39:04 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description = 
 
Error - 21.06.2013 14:39:22 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.06.2013 15:24:28 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description = 
 
Error - 21.06.2013 15:24:28 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description = 
 
Error - 21.06.2013 15:24:54 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.06.2013 14:22:57 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  avkmgr  CSC  DfsC  discache  eusk2par  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  vwififlt
Wanarpv6
WfpLwf
ws2ifsl
 
Error - 21.06.2013 14:23:55 | Computer Name = Basti-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 21.06.2013 14:35:36 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 21.06.2013 14:38:30 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
 
< End of report >
         
__________________

Alt 22.06.2013, 10:17   #4
M-K-D-B
/// TB-Ausbilder
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



Servus,




Schritt 1
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 22.06.2013, 21:33   #5
Patros1001
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



moin moin, ich kann jetzt bei Avira den Browserschutz nicht mehr auf aktiv stellen?

combofix:

Code:
ATTFilter
ComboFix 13-06-22.01 - Basti 22.06.2013  11:55:12.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4094.2177 [GMT 2:00]
ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\go_0molg.pad
c:\users\Basti\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\users\Basti\AppData\Roaming\Epweod
c:\users\Basti\AppData\Roaming\Epweod\axex.yvi
c:\users\Basti\AppData\Roaming\InstallDir
c:\users\Basti\AppData\Roaming\Microsoft\Windows\ujTwPP.dat
c:\users\Basti\AppData\Roaming\skype.dat
c:\users\Public\sdelevURL.tmp
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-22 bis 2013-06-22  ))))))))))))))))))))))))))))))
.
.
2013-06-22 10:05 . 2013-06-22 10:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-21 20:35 . 2013-06-22 09:45	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2019EB60-C73B-4D64-9D7B-46D9276F7A6B}\offreg.dll
2013-06-21 18:47 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2019EB60-C73B-4D64-9D7B-46D9276F7A6B}\mpengine.dll
2013-06-19 17:34 . 2013-06-19 17:34	--------	d-----w-	c:\users\Basti\AppData\Local\techland
2013-06-12 19:36 . 2013-05-17 01:25	257536	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 18:50 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 18:49 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-12 18:49 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-06-06 22:04 . 2013-06-06 22:04	--------	d-----w-	c:\users\Basti\AppData\Roaming\The Creative Assembly
2013-05-27 04:44 . 2013-05-27 04:45	--------	d-----w-	c:\program files (x86)\Meister
2013-05-27 04:43 . 2013-05-27 04:45	294912	------w-	c:\windows\Setup1.exe
2013-05-27 04:43 . 2013-05-27 04:44	74752	----a-w-	c:\windows\ST6UNST.EXE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 19:36 . 2011-12-27 17:20	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-12 19:10 . 2012-06-16 11:47	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 19:10 . 2011-11-14 17:01	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 16:04 . 2012-07-17 12:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 11:12 . 2013-05-01 11:12	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-05-01 11:12 . 2013-05-01 11:12	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-05-01 11:12 . 2013-05-01 11:12	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-05-01 11:12 . 2013-05-01 11:12	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-05-01 11:12 . 2013-05-01 11:12	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-05-01 11:12 . 2013-05-01 11:12	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-05-01 11:12 . 2013-05-01 11:12	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-05-01 11:12 . 2013-05-01 11:12	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-05-01 11:12 . 2013-05-01 11:12	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-05-01 11:12 . 2013-05-01 11:12	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-05-01 11:12 . 2013-05-01 11:12	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-01 11:12 . 2013-05-01 11:12	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-05-01 11:12 . 2013-05-01 11:12	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-05-01 11:12 . 2013-05-01 11:12	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-05-01 11:12 . 2013-05-01 11:12	81408	----a-w-	c:\windows\system32\icardie.dll
2013-05-01 11:12 . 2013-05-01 11:12	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-05-01 11:12 . 2013-05-01 11:12	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 11:12 . 2013-05-01 11:12	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-05-01 11:12 . 2013-05-01 11:12	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-05-01 11:12 . 2013-05-01 11:12	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-05-01 11:12 . 2013-05-01 11:12	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-05-01 11:12 . 2013-05-01 11:12	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-05-01 11:12 . 2013-05-01 11:12	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-05-01 11:12 . 2013-05-01 11:12	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-05-01 11:12 . 2013-05-01 11:12	441856	----a-w-	c:\windows\system32\html.iec
2013-05-01 11:12 . 2013-05-01 11:12	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-05-01 11:12 . 2013-05-01 11:12	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-05-01 11:12 . 2013-05-01 11:12	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-01 11:12 . 2013-05-01 11:12	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-05-01 11:12 . 2013-05-01 11:12	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-05-01 11:12 . 2013-05-01 11:12	235008	----a-w-	c:\windows\system32\url.dll
2013-05-01 11:12 . 2013-05-01 11:12	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-05-01 11:12 . 2013-05-01 11:12	216064	----a-w-	c:\windows\system32\msls31.dll
2013-05-01 11:12 . 2013-05-01 11:12	197120	----a-w-	c:\windows\system32\msrating.dll
2013-05-01 11:12 . 2013-05-01 11:12	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-05-01 11:12 . 2013-05-01 11:12	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-05-01 11:12 . 2013-05-01 11:12	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-01 11:12 . 2013-05-01 11:12	149504	----a-w-	c:\windows\system32\occache.dll
2013-05-01 11:12 . 2013-05-01 11:12	144896	----a-w-	c:\windows\system32\wextract.exe
2013-05-01 11:12 . 2013-05-01 11:12	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-05-01 11:12 . 2013-05-01 11:12	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-05-01 11:12 . 2013-05-01 11:12	13824	----a-w-	c:\windows\system32\mshta.exe
2013-05-01 11:12 . 2013-05-01 11:12	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-05-01 11:12 . 2013-05-01 11:12	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-05-01 11:12 . 2013-05-01 11:12	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-05-01 11:12 . 2013-05-01 11:12	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-05-01 11:12 . 2013-05-01 11:12	102912	----a-w-	c:\windows\system32\inseng.dll
2013-05-01 11:12 . 2013-05-01 11:12	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-05-01 11:12 . 2013-05-01 11:12	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-19 14:38 . 2013-04-19 14:38	25600	----a-w-	c:\windows\SysWow64\MediaDB.dll
2013-04-19 14:37 . 2013-04-19 14:37	704000	----a-w-	c:\windows\SysWow64\ContentDirectoryPresenter.dll
2013-04-18 10:09 . 2013-05-04 11:27	37344	----a-w-	c:\windows\SysWow64\FsUsbExDisk.Sys
2013-04-18 10:09 . 2013-05-04 11:27	233472	----a-w-	c:\windows\SysWow64\FsUsbExService.Exe
2013-04-15 16:53 . 2013-04-15 16:53	46592	----a-w-	c:\windows\SysWow64\boost_thread-vc90-mt-1_47.dll
2013-04-15 16:53 . 2013-04-15 16:53	38912	----a-w-	c:\windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52	227840	----a-w-	c:\windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52	704000	----a-w-	c:\windows\SysWow64\boost_regex-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52	12800	----a-w-	c:\windows\SysWow64\boost_system-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52	130048	----a-w-	c:\windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52	918016	----a-w-	c:\windows\system32\boost_regex-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52	158720	----a-w-	c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52	58880	----a-w-	c:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52	49152	----a-w-	c:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52	299520	----a-w-	c:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52	16896	----a-w-	c:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-04-13 05:49 . 2013-05-15 16:54	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 16:54	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 16:54	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 16:54	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 16:54	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 16:54	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 17:26	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 16:54	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 16:54	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 16:54	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-01 20:07 . 2013-04-01 20:15	447752	----a-w-	c:\windows\SysWow64\vp6vfw.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-12-22 19:24	1514152	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EC136321-1AE5-4A7F-B01C-5380D666175B}]
2011-10-30 13:44	126880	----a-w-	c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-22 1514152]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-15 16:13	222808	----a-w-	c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-15 16:13	222808	----a-w-	c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-15 16:13	222808	----a-w-	c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"EADM"="d:\origin\Origin.exe" [2013-06-05 3456080]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb-amd64.sys;c:\windows\SYSNATIVE\Drivers\eusk3usb-amd64.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par-amd64.sys;c:\windows\SYSNATIVE\Drivers\eusk2par-amd64.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link Service.exe;c:\program files\Samsung\Samsung Link\Samsung Link Service.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 19:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-15 16:13	261704	----a-w-	c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-15 16:13	261704	----a-w-	c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-15 16:13	261704	----a-w-	c:\users\Basti\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
"Samsung Link"="c:\program files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe" [2013-05-09 407384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = 
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3014745140-1638939913-3744448183-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3014745140-1638939913-3744448183-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-22  12:09:54
ComboFix-quarantined-files.txt  2013-06-22 10:09
.
Vor Suchlauf: 14 Verzeichnis(se), 74.169.192.448 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 73.193.574.400 Bytes frei
.
- - End Of File - - 2ACFC0FBBC5718C6D81D5DA9EAE57035
A36C5E4F47E84449FF07ED3517B43A31
         


ADW Cleaner:


Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 22/06/2013 um 22:15:28 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Basti - BASTI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Basti\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yrdsoke5.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yrdsoke5.default\searchplugins\delta.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Basti\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Basti\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Basti\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Basti\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Basti\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Basti\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Basti\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Basti\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Basti\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\Basti\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\uTorrentBar_DEAutoUpdateHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\uTorrentBar_DEToolbarHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\uTorrentBar_DEToolbarHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{231B4211-0F25-4C89-9034-13828D2A472D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CB073F3-BE3C-4E8F-942D-8A747B54486F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68D19556-22C9-406B-80D8-27190514436B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yrdsoke5.default\prefs.js

C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yrdsoke5.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "9295ba850000000000003e4bd6f7b3e7");
Gelöscht : user_pref("extensions.delta.instlDay", "15836");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1623:11:42");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");

-\\ Opera v12.15.1748.0

Datei : C:\Users\Basti\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

*************************

AdwCleaner[S1].txt - [26991 octets] - [22/06/2013 22:15:28]

########## EOF - C:\AdwCleaner[S1].txt - [27052 octets] ##########
         


JRT:


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Basti on 22.06.2013 at 22:25:22,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-3014745140-1638939913-3744448183-1001\software\web assistant"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext\web-suche
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8144EBF8-1C93-499E-BF47-177B9057D007}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{89258519-8216-478F-A05C-99A820C7128C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EDCCE97D-5347-471B-B6E1-9F8A0CA542AC}



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\APNSTUB.EXE-967FFF60.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Basti\AppData\Roaming\systweak"
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{001579BB-AE56-4860-8ADB-3489C341D197}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{00522CBC-B414-44EA-B803-BC80ED54F264}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0229E3A2-A404-426A-9EA1-4AF40A1F6F15}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{02E8C919-8776-42F3-A9EF-C53988D62A64}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{032A7115-B733-4580-A04A-2BE82CF03E6F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0335DE6A-8EDF-49D7-9ABF-19C5131800FE}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{037DFB56-DE2B-4655-AEB4-F70924502E59}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{05144C64-A1B8-48E7-A13F-B7EB3E20210B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{051CB7B3-B4F2-43DF-BCDF-914F8A59A174}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{05957048-5854-42E9-BFDF-9F321C4AB085}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{05F79F09-6522-4366-8AC6-F17823408022}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{06774802-0151-41F5-B340-5731F592A43A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{07CE5BB1-39FD-4FDA-B1DA-6C105D830D5A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{07E5DCA5-71D7-4DA3-ABA5-59206C99A04C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{081F0BAC-F4C0-4EF1-A37A-88E940349BDC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0820EC23-320F-428B-AAD0-AFCB8FB952FC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{08505E29-F529-4FC3-92DB-348DFB48F5DA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{08791E2C-7F1E-438B-81EF-FDC32D68F798}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{094BBD82-1187-495A-9560-FCA7A0045993}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{09795D41-4EC8-419B-8B66-62150489FC20}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0B6755EC-87EB-4F59-920D-477C2F508509}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0C072D3E-C35E-403F-A129-503B2ECE9CBD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0C940B5F-11D9-4BF9-BA3B-DC0A0B54C6F7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0D95DE28-F883-444D-970C-C1681F8D11AF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0E47759A-06EC-40A9-8FC1-34B4A0BE421D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0E98485B-0551-46FD-95D3-649D6E6883CB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0EBE1FC5-DA7D-418C-86AC-0E4D114858FE}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0F4F86C3-48E3-41EB-A3EC-B40D74B186A4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0FCE2B41-47C9-4D7D-A3E9-2DE64B14895F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{0FE729B6-A8E7-4D7D-9EE0-1402408B68E3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{10666675-C698-4B27-8EEB-12FE8B5A71C7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{10A863B8-1483-498D-96C2-7A0C4A3EF47A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{129615E6-B463-48D9-8D0F-DD838AD3C799}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{130A7D6A-6312-415B-A592-44BE06491C8D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{145AC960-F0FA-4CA5-9682-C388E58B58A6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1540AAF4-D01E-4284-AFF7-FE8217C3BE21}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{157B7CF7-D6B2-4F46-AD53-912B3BAD2941}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{165BC6F0-01D7-4C34-A6C1-40A36EF37915}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{17122F3A-77D8-4253-96A3-B5AD1891C2FF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{17B7300A-E945-47E8-B510-AEBED0B6242C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1854793C-B024-4402-99E7-31649F05FEB0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1A1ED0B0-6F44-4388-A16A-E6D0F6471B78}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1AEA87D5-C6D1-4F1B-B10D-B4EC1B38B7E3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1B5977CB-88DB-4C7A-AF8F-DF260F7D7AE5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1E2BD514-C60C-4AE5-B6A9-8E454595F2D2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1E7FD853-6885-4658-97FF-4279C3DD121B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1ECFD836-D718-4545-BB4C-21932409D476}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1F2D8A7F-9592-4E74-A9CB-73AC920E96A5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{1FDBC253-3230-4A50-9111-4C83676383BC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2081974A-F04E-4728-9A28-78FA23BE4C19}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{22AEB7D9-5151-4776-94BD-1C9443BB1B7B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{22E3BE37-2771-4A08-BDD5-0EC3AF97D538}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{23CD07FE-A2D8-4AB7-A968-DF11B5810079}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2567B0BB-6DA9-4DD9-86D1-01DE525D7944}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{267D0E69-5F05-413C-B544-B4B0BB63ED19}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{269F21FB-5E8E-4B42-875E-687A7C2FE422}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{26B50F53-9183-4962-8077-BA8D686DE6A6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{26EEC4D9-B4D8-41D9-8628-49286AB2B025}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{27261CC3-F569-4F89-82AC-DE874C9B43E2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{275F092A-3D4C-4FE6-8A9E-2D0D41D49665}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{293CB594-401E-483B-87FD-BD0AABCDB08E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2956051F-EE98-4307-BC9B-C0B851A42E3C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2964E5CF-9388-40AA-B133-6310F5C3D362}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{296BDCE8-88FB-42B6-B51B-A6D4C1C52909}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{29B1BE11-18B8-4892-B251-54B2DFBBE486}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2A3C73D2-348D-4882-B724-AD51B803837C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2A51E10A-C5DC-450B-A777-37508ECCF0DD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2A8451DA-315F-438D-966B-8E6F27C9FE69}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2A9C5F85-5A0D-4BFC-951B-04B2BEDD85DF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2C683BA4-5EEA-49C9-BD35-D5B1DB55D22E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2CAD78E1-6AE9-40C3-9CEA-28AC48F6316D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2D66BB8C-DC36-4DAA-979E-88C4FEC9203D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2E26F7D2-9B3E-4E9E-A8BE-1465E20A5890}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2ED0DD95-43F0-4554-A4BB-215D2FB85DEB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2EFFDCE6-011B-4B1F-84D8-28A4FD3682A1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{2FB310C6-11F5-4D6F-A542-E637E2FF92D6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{30503952-F075-4CBB-911C-08DF066BCF4E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{30EF0ACB-C6BC-46C6-8D63-6ECF996A96BA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3127C01F-E8E9-4B29-9361-5F3E8263DAB1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{31E6156B-8B66-4997-8C49-86F2D75BCEE4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{336B46E9-4324-4A3B-A6D5-7D51B1989804}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{33895015-417C-4857-A974-37505C57566C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{33EA418C-2AD3-4B5A-9B4C-7D25AD4D5E19}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{35020DB6-2277-463D-9B90-4FF06CD03635}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{367A53D3-80E5-4DD1-9A58-78E75F8D70E3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{36A3BF25-7FA6-47B9-9330-91DB4716AF81}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{374AECBD-A3E9-4B9E-94BF-DEA30B9A1926}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3886E295-0D43-4C3E-AE07-52BDC6B47339}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{38B9E32D-C63D-4C9B-8226-51F980F007DF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{38E5ED13-A1F9-4F61-AFC0-E051B53A0DC8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{39070DBD-3461-4DF6-9FD1-AC9D8F406ED6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{390FA823-DC07-4107-BF85-0A4CEB762D25}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{39C16D38-215A-4E7E-BCA9-9754B525AE33}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3A297982-69F2-435F-97B6-F3C67E68C874}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3AA94DEF-5A81-4174-BAFC-6F7A570C5B9D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3B393001-56BB-4C96-98FD-91BA7FAA5356}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3CE59E44-FBED-458B-8714-8D87D78BE61C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3DAF1E4C-9D73-4B5E-A9FD-59C2D8982495}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3E48A6D9-003D-4E89-8D53-8DB193A1F879}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3EB1D112-60CE-4EB5-8CED-801E2EE2CB6D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3EC4A80C-273C-4186-98BE-DDEAD6360539}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{3EEF6588-8F5F-4490-AE86-9DBEF65D8EE9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4146F891-A685-472C-8E9F-36B5A17C02B4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{42AD0487-3863-4823-81D0-485118075464}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{42B4401D-D5BA-4CD7-92FC-D18612602619}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{42D0304D-8CAB-4F76-91A0-55BA06E5C998}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{43170815-D1A7-45C5-AF42-52D5E4C05991}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{44A26143-753D-41D3-B63A-5C4C2C0152CD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4510B84C-7A1E-42F2-95BC-0961FEA52FCB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{454419E8-20B7-4F54-9CE5-06DAC3A30E5F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4560AC67-E77D-45D6-B2B0-B64D27177F49}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{45A473AB-7216-458B-9BAC-2C06BCEFF79D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{45D0418B-0F7A-4E83-9CAB-6E71014A6092}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{45EAB62F-C353-4843-817C-AB52C739344A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4660D778-AA65-4C5C-A6B1-1C68965A8A05}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{47522CFE-AF9D-4172-845D-C7F7DB254E99}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{47568F2C-3138-4132-A922-7CE9C2FED7B0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4893DEA3-3ACC-40AB-B685-B3894C1FB05C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{48C1EBC5-9B3A-4768-8A55-C6EFEA7D3E13}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{48D4F142-C887-4EEA-8F28-0DE0B99F0C10}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{48F16085-E1E2-478E-A5CD-2AEE6C523ADD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4914E549-8C59-4D3A-BEF1-D64BE9E57478}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4A5120F6-F846-4FD2-9367-D4359F727AEB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4A958760-1D45-4DB3-86AA-A266F08A884E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4AF3D8B4-042E-468A-A867-1A863EF8DB79}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4C26E0A9-C2E5-45DA-8992-D01FF5066D4A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4C5E0E03-4D6B-4DDD-8A72-2A36F237E1E0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4CF576CA-B6BA-4EBA-BA6E-9512255291E2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4D1723BD-1747-40C1-A379-4F5188D51642}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4E003A42-70AC-4CC4-8EBF-3E2810BBC73B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{4F176C1A-3F1A-4912-BA21-0ADCA37539E5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{50685878-B71A-4472-84E2-D17997C9712A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{509D11AC-4533-46B2-B820-10F53158A896}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{514D3111-996A-44E1-B985-C9DC90F8A26B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{52226A66-01CF-4108-846D-5FA07E17D360}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{534AD632-4474-4863-ACB1-CFBC4CD12C8B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{53C005E4-1861-4154-A3B6-E9DBE6056C23}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5432C403-6E80-4685-801A-31B22F5B3FF8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5479A8F5-078E-45A2-8CDB-1E1A70B97BDB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5513FB05-AD91-415F-B7FC-52FE3BB084BD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{569FF2C8-89B9-4412-97B5-E095DB2291A7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5707864A-CBBF-4454-9A73-B4021D15BB9E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{57641B94-BEC5-4753-B8ED-66EC46E66CDB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{57CDCF6A-4DE1-49FF-BD16-8F9299310EB4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5848B466-A8CF-4DDB-BFBA-93D88802ABF0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5926587C-34A7-4DB1-BCF8-78CC1273C5B9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{59BBB271-740C-4973-A4DC-0EB780C61706}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{59CCB7F1-25A1-468D-9B85-5ADDB1010F3C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5A37A915-E977-4480-B64C-B0FA350A0722}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5B88A7E1-8224-43F7-8830-42B7F4A5BC83}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5E17B768-8C23-438A-ACDD-D552ADF1D041}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5EBF1B8D-FDE5-4133-B915-1D1E7E19D80D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{5F06C7AD-30F8-4F19-94DD-C47197A49E6E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{619F2166-9545-4494-AD76-2CA43DC56271}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6289F52C-7545-469A-9F7D-90F7F94EF03E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{63791756-F8D9-4E0C-A37B-C2857EDC0BC2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{63C869DC-7E0A-4865-9057-E5CBC687250C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6423788A-00EB-47C2-9C52-B94ADAD66383}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{644F7DAB-ADFE-4024-8720-FDFA94CED96A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{64ECA841-0A09-4B1A-B8DC-FBC549885C17}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{65C59A10-7EB0-45DA-ADD7-8D840432C9C2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{65DE50AB-E1E6-4E39-81B6-B6D22B0C6E0E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{66941F0E-26AD-49D7-A8B8-3491A953C585}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{689ACC6C-5666-40A1-9B8D-BAD9B03424DB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{68E5A9E1-9D97-451B-9F8F-D8D034628CC9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{691A0C6F-92F0-4528-9708-250C28C73CB6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{69AE5D73-FED8-4E16-8CD3-41E1832FFF19}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6A194116-BA45-422B-B262-4AD8A018B2B2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6BE28DA8-8067-4CA6-90D3-EE9305AF259C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6C1F2D57-28AB-4D2D-993D-2D8B28CA30A5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6C45317E-347B-4303-8A5C-AF2010CA0F72}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6C7E5B6F-9512-4F3A-A22F-143631D5B845}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6C8EACFD-B122-4830-B307-CB818E673210}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6D4A139F-7C0A-42F1-BCB9-EDB9CD5791D8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6E40B2E7-2A5D-42CE-B202-127C09876A73}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6E8CC8BA-14B2-4A40-AC1C-2B0BBF52A06A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6E94D848-50EE-4F3A-B630-51C7317626A3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6F997247-57C5-4A98-BA37-DA75AF7FB3B0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{6FC2E67B-18E7-4EE9-BFC9-B5A6A3CC1074}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{705A5548-98E6-4CF1-8B71-26D8A94E6B43}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{718D57EE-9E7B-43A0-BE1C-6D202004DEAB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{72912A57-C213-44D4-89B0-00F6A157A89A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{73BE8BAC-476A-4238-A214-2C13E8DFEC1F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{752D0BF5-3391-4A07-91B1-246F8BE0D608}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{76F0AD7C-8E67-48D7-B516-2B0A4D75ED3B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{779AFAF4-A093-409D-B729-6A13DB2DE96C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{787077F7-C9C9-4F6F-B6FF-369E1C65DB8A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7884ACE6-FF3A-4FC0-9929-CF05C0B80E5E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7B300164-C5C6-4E0F-821B-BCAA7940B242}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7B45B07C-B8C0-4617-8ED8-6C3302D024BB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7BCD52CA-38AC-4B52-B358-324295D1032A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7CEEF331-8BBC-4351-B89F-D263216C08C3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7CF454C8-0C96-4EE5-BC8C-6A35072E7CFB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7D1D87B8-A480-44B0-8125-C0A897BE9AC1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{7D4A0772-6CAB-4041-BB2C-5FA9896C4CE6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{801EBFFB-F5E0-4773-B54A-E692B928F72F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8025793A-D61C-43CB-A277-EAA137C2D6E3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{809D07C0-B98C-42D4-AD19-06552AAFBC9C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{822DAC1F-6B76-408D-A141-ACA343C09E6D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{82739E09-D498-417C-8767-3F1A50D6CF0F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{831210EE-89F0-45F8-AF88-4CC8797A14FD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8370FFB1-7EE8-4353-A437-99A31E4FE034}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{84222D7F-6E3E-4E8D-BAD3-505533ECF006}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8474FFC3-36C9-4F8B-808E-B5B9CA3A8D55}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{864C05AA-1541-44E5-8F87-4B720F878A1E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{867BBF09-E9E7-4780-B135-DA89A5B1463D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{86D53014-2F08-4B47-9B61-10DE7F63295D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{87D37693-4EA6-49B6-A569-23BF6AA00A7C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{894F29BE-B0AA-4851-99D1-A1EC30288A99}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{895B7269-AE10-4248-9558-BF4081FD638B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{89F79485-9C31-4F9B-8734-9DD8126056B2}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8A0B7E8E-1664-4599-AA3E-729AD1B6ED38}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8A0DB975-E190-4A3E-82FB-0AA83EC07FA8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8AD68158-2E23-4857-A632-21FD607D94F3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8B20DADD-BAC2-45A7-949D-A7FA57E0717F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8D652270-320D-46E9-8D18-0BFB62324575}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{8E526098-E2AD-49DC-A370-7A73376DF6C4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{908BCB07-A3CC-460C-9C14-089A98F374D8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{91C53153-09AE-49B1-8E4D-F010CAAD029B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{92E05DA4-8364-4BF9-B9C1-1375532E9BE6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{931907CA-D175-416D-AFCC-BE21FD795B44}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9390D15D-C4C2-4C0C-9983-A144774941AB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{94435368-C824-4E35-90BA-E63A6B133EBF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9517E262-EBF5-4EA6-BC36-865ABCA32326}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9588FCF3-B150-413E-A7F4-7B60DF63145A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{95FB4280-1B5A-4EC2-9553-24AB321BAA40}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9649E269-ADFD-467C-8AE0-9AC4EF5714BA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{96FFC1D1-6AFB-4A71-B325-FEA3616BE886}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{980F92EB-D2B1-4216-81C5-8BD5D28272F0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{98C6601B-6018-4EF3-B28A-2D413E4A419E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{99CF1A98-E420-437A-893D-B0FE616D8464}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{99D1FB3E-67A5-4486-97D7-AE671EB090C9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9A01104D-C3E0-411A-8B0C-75436EDD8C55}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9A48A63E-60ED-47A1-BB38-8351D9FDA4F8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9A494246-D5E8-4875-B15A-6E76DFC5E116}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9AC47F4C-F84A-4743-8BA4-CB9505C8C41F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9B33E7DC-76B0-4411-AA5B-468D74FC150B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9B38FF58-C0BC-4CC4-BB06-5178F9DB3AC9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9B730778-5C90-46DB-AD02-508A0E3A4A43}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9BC26843-9D2C-4D42-8E94-06E603D473E9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9C10A756-EC16-4728-A726-44E9A6CBCDFF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9D720952-BE06-40B7-9549-3366D97B2019}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9FA3EA5D-C43B-4BED-834B-B1B53FCF5F08}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{9FBFF7A1-AC29-492D-9BD3-C41396C0A4FF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A0AFD515-31DE-43D5-B8DD-143B398C0AC3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A26A6B2F-E60B-4ABD-B019-6B69BDA05589}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A3432AE1-B713-40B9-806B-91380FD57711}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A3647825-3507-438B-855C-233931BD454F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A44EA38A-4E77-407F-BCB2-ECC531C6EBDB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A469D1DD-1D9F-4751-9495-2ED2785598CC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A4B0FDAA-409F-415F-BB1E-B3A59124ABB9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A518BBBC-CEC3-4B0C-B9FC-D20336294B75}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A54AA78A-FA41-4109-BC24-A4105E3922D8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A54E165B-12B6-4ED6-B3C8-783E7E38010B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A5893449-5C59-488A-BACF-61FCAEE64959}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A60CB99E-3DF5-4DBB-9E07-1AE53BBACAE9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A8C57CFC-4C8A-4F30-8EAA-2E426FA02327}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{A9BE291D-9459-4467-820C-AEF998BAB303}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{AA3B2D38-4ED9-4E13-8E14-A81330C4BE7B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{ACCF7C77-13EB-4BDC-BBE2-B2577094885F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{AD85CD96-0DBE-4755-9E45-50458C80630D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{AE6F39A4-C7F7-4644-ADFD-B7B35BAFA668}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{AEF00198-F486-4211-85E0-198F4146FC1C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{AEF93FBD-0D43-45FB-BE01-3CBF7172D3BC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B110AB94-1C8B-478D-8A30-3BD8FD5E8824}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B2FC333F-5A92-4297-BF3E-16652A659FBD}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B3B32F11-9621-47C9-A468-27DC513C3786}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B404F222-F559-4F20-A730-CB72791BC752}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B439FD65-615B-4E48-92DE-3C20FF531F5E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B4AA5F55-3FCB-485C-9471-5B662AE57C0E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B4B0C7AC-05EA-41D8-8355-653CF999564D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B577D383-CEE0-4F36-82C5-A1D9346B3381}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B62B1120-EA54-4AD4-8C6E-CA9510557C33}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B63E14B8-5546-49D7-92A0-BED519D217E7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B640741F-6D70-4AC4-BCCD-C4A5F95BFA9E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B64FDA21-74C6-4F87-BABC-00F04EC7C548}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B76CC7B6-BC35-4E53-9B2C-DF8123D0978A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B89909E7-D624-4B1E-A36D-53A27B29BDDA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{B9A34882-022B-4838-A6EE-22680699BDB1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BA056609-38CF-4AE2-9E4A-98066A1A688A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BD794170-C1C2-494B-9894-0732BEFA493F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BD79EE52-C3F2-470C-84C1-9D550FE35F97}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BD88951D-C1DA-45D2-B8FC-92475F946305}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BE8B5559-B6E9-4FA9-9E14-AEA08CC3CA69}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BEB1DE5C-B88C-4F68-B28D-FF74CB90FC48}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BED8C6DA-1B67-4D43-B14B-88754887CBA7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BF10D004-18C4-4EE4-B3D9-AAD208C420F3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BF37354F-8D2F-4239-98C3-8C12846CF9C6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BF7AB213-E9AA-4879-9191-DF6E75B78BE6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{BFAD6BA3-E1A8-46DA-9042-2E07F17DF459}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C1801CBA-6F1A-46BD-BC1F-1B159B38389C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C1FEBBC1-6439-431D-A08D-B153CC91F421}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C4AE1571-E60A-4542-9A11-D88B0B608E5D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C4CC1880-2E9B-4E43-B6E4-A57767FC15AA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C4F11CC0-46B9-4AC1-AD8D-9B0E1930B662}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{C55D06F4-2096-4D08-967A-8FBFBE648BC7}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CA3A1096-0FFC-4A2A-9CB8-54A8EA418A0C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CA601BFE-8067-4AED-BEE1-A9900F216604}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CBEC4B2A-31EA-48F4-8C40-E75608A1D438}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CCA32D18-F8AC-424F-87EF-69543DE66C6D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CD191F43-71BC-4706-9E99-F6FC0AAED8B4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{CF9B450E-975B-49BE-B7C4-1DE66D0C96CC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D0991EC6-8F70-4C07-BCD7-6A3A81935E1A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D122C154-3D04-4229-B0AB-2FA47D9AD770}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D21E0CC0-2B62-4BF1-9773-54CED2848D02}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D23CA2F2-F221-43D0-9E67-5FF101DE6E1B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D4561568-5084-4B57-8538-EFEF60DD0B9A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D4667B1A-AD06-4A24-A660-2356E6858167}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D4A5ED05-8363-408A-9581-6DB712C9D486}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D4FDC7EA-9B27-4EF6-91E1-09F20DBC4BB9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D50E1DFA-8636-48D2-BCA7-E22D0C6F11BB}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D5B688DF-2076-4652-AF2A-F32F89E17F04}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D6113808-9401-4C38-B1BF-37AEFFCA2F2B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D61A6987-9672-4003-B557-8E91BFA88289}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{D664550C-CBD9-42D8-B6BA-F10BB66C67AA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DA6AE00E-D6C2-4292-B72E-A82EA47A9BF3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DD8C60CD-693B-495E-8DCB-A1544FE27829}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DDAC1BC5-2C61-4296-8293-A20B1760BA68}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DDD9CE83-0445-4387-AC34-408CB0D2750D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DE1F4EF0-B7FB-4832-9153-D3EED242F4D6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DE3E7FE0-2EA7-46D2-A9CB-7CCD2CD33D79}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DF51D90E-E16D-4722-B5CE-EF3549EB7CE3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{DFF969EF-8297-43FD-B48B-BFBDEAE91BC1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E10CBA93-8DD0-482B-AABA-A66C6FABB30F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E23D19E6-9EB4-42DC-886C-2B6E053F8984}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E25D7A66-CD2D-4729-9EA4-92B8E67696B3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E2A7527C-32AB-43B9-97B2-C303B0F86237}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E2BF6164-B894-4F68-B755-2D72AE53641C}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E2DB38BB-9E3A-41C6-BFAC-9A07509C19A4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E32654EA-F5E7-4CC7-88AE-C30B2CB2B155}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E33FDD06-E0C4-4C77-AFE5-189CA20FBBFF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E373980E-DD6F-4A1B-985F-E0E7EE6F4E0A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E391C4E7-C843-415F-90B2-48A28B7A1595}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E4B76F12-3988-4E94-B9AA-A58EE8C74223}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E539D2A8-DCF1-4BB7-8E7D-F7E236D84CC9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E5404FA1-505B-46C5-B193-072C5C5C2AF3}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E6A9AF6A-11B3-4148-952C-6E72EE120E5A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E6D1C074-B76A-4824-883E-0461F3A7771F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E72ED880-AD02-4915-A45A-5249158AE0F0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E78F2208-74CA-4378-80F4-261E8298B71E}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E804FDED-2784-423B-976F-30AC57FFFB10}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E859644D-3ADE-413A-BFE3-7803A99F3271}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{E993DE14-E217-463E-924C-7F47AB57D852}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EA7D3E9A-7EE0-452A-AC8D-390905BF9A2A}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EA936B9E-ACB4-41C4-A870-81EE8B9B6B4F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EB3461E9-078B-472F-8BB3-E3B3904E95F4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EBBFB12C-EF4C-40A0-A195-64E8016CEA3F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EC7D29F1-C298-46C6-9D50-5454427384BA}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{ECACDF24-0EAA-429A-A32B-E900F98E6B4F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{ED3FE186-777E-4C4D-A7CC-CF6B249AD60F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EDE0ED81-C805-4D9F-8BC2-FAE945D416BF}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EDF2F1CF-6AFC-455D-844A-22748EC072A5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EE5D3661-CCEE-4867-85EE-677915B8F2E8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EEBD92DF-EBB8-4074-940A-BFEEEA0E4AA9}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{EFAFBFA8-E75E-4130-9120-0BC77D713CFE}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F114AE9C-30B6-4470-B833-79C6AEE8B8AC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F1D0FD9B-868B-45BE-84FE-988AAFA951F4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F308F03D-CE0A-4639-BDFC-7F95460BA5B4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F48845C2-0AD1-4C5A-983B-6D270414C48D}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F4951B0E-887E-4086-ADE8-2D3D209A1808}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F51B34CF-F26E-4D49-8500-BF05925D2BFC}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F52E5EC4-0743-4388-B8A8-B1204D939AE6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F7CD998C-6EF1-4FB8-B3D0-536482C520FE}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F89C813B-163D-4D76-8887-B3DDDF4D8F70}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F8B989BC-74F9-4A15-8673-66314418B00F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F8E9566D-DEFD-4C81-8430-EDB640DDF4ED}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F90D5720-3F5B-4158-897B-86A5C5BD528B}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{F93ED1AA-ED0A-4BB0-9A4F-5AA8F6A82DB5}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FA1F1EE5-C066-48AE-82FA-28DA2374D0F8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FA2314EC-5876-4AFF-8608-C590AA537373}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FB63394D-784C-4305-B866-731466A566E6}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FC3983CA-CC59-4439-9EB4-77EC4742004F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FD2919E8-3091-4402-AAE5-095D3F7C34A8}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FD4375DC-9E73-439A-8F06-AE66547D9CF4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FDA1A547-8FA1-4C7A-A5D7-3E991847367F}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FE09C8C9-714C-412C-964D-A151118D1FF0}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FE15F205-95D3-4299-BD03-1EC2136836E1}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FEC45A7B-BB57-44C3-A4E6-4501D8833E72}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FECD501D-4670-470C-B23F-2B6D176CEDDE}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FF262455-946B-4D60-A435-735640E3B699}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FF3C2A4E-9897-436F-B8AB-A595FFF9E4C4}
Successfully deleted: [Empty Folder] C:\Users\Basti\appdata\local\{FFD4A7BF-A20C-43F8-A7CF-7AAAAD528411}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.06.2013 at 22:29:43,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


Alt 23.06.2013, 11:58   #6
M-K-D-B
/// TB-Ausbilder
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



Servus,




Zitat:
Zitat von Patros1001 Beitrag anzeigen
moin moin, ich kann jetzt bei Avira den Browserschutz nicht mehr auf aktiv stellen?
Das liegt daran, dass die lästige Ask-Toolbar, welche Voraussetzung für Avira's Browserschutz ist, entfernt wurde.

Zwei Möglichkeiten:
Du installierst Avira am Ende der Bereinigung neu oder du installierst Avast bzw. MSE anstatt Avira (ich empfehle dir Letzteres).







sieht gut aus.
Wir spüren die letzten Reste auf, damit wie sie später entfernen können:





Schritt 1
  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List
  • Klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.






Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *babylon*
    *DVDVideoSoftTB*
    *Optimizer Pro*
    *DomaIQ*
    *Conduit*
    *facemoods*
    *PriceGong*
    *eType*
    *OpenCandy*
    
    :folderfind
    *babylon*
    *DVDVideoSoftTB*
    *Optimizer Pro*
    *DomaIQ*
    *Conduit*
    *facemoods*
    *PriceGong*
    *eType*
    *OpenCandy*
    
    :regfind
    babylon
    DVDVideoSoftTB
    Optimizer Pro
    DomaIQ
    Conduit
    facemoods
    PriceGong
    eType
    OpenCandy
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.
__________________
--> erneuter GVU Angriff!

Alt 23.06.2013, 13:49   #7
Patros1001
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



moin moin, also so läuft der Rechner eigentlich ganz normal. Er braucht vielleicht etwas sehr lange beim hochfahren aber sonst fällt mir nichts weiter auf.
Ich hoffe nur das ich mich jetzt vielleicht mehr davor schützen kann.


Extras:


Code:
ATTFilter
OTL Extras logfile created on: 23.06.2013 13:43:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Basti\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,11% Memory free
7,99 Gb Paging File | 6,01 Gb Available in Paging File | 75,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 67,77 Gb Free Space | 45,47% Space Free | Partition Type: NTFS
Drive D: | 427,59 Gb Total Space | 346,34 Gb Free Space | 81,00% Space Free | Partition Type: NTFS
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F0EA29-9510-4CA2-8382-9CD823CA1514}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{02DB26D9-5E3D-40F2-8628-BA263E2A14F0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{15784D43-2D99-474D-A58F-70F67BEECAF2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2068548F-E532-4857-A5C3-8419C4A34AC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{326F3941-637B-4175-818F-7B578D366336}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{355D832D-C922-4BDF-84CE-87AC4D057A93}" = lport=33333 | protocol=6 | dir=in | name=war thunder | 
"{36A754C3-55D8-4F9A-BC48-455AD0068EB2}" = lport=7676 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port1 | 
"{47C306F7-BAFC-4688-B9B7-3BB11480328C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{526FF5A6-E03A-4565-8D07-56599CEEC6BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{54A5E772-7EA7-4C06-84CB-D4B2F255539B}" = lport=8743 | protocol=6 | dir=in | name=allshareframeworkdms action tcp port | 
"{5802DD25-4C88-47AC-A1D0-3D2842E4A41E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A897827-F6AC-4ABB-ABD6-61D3E6CB2E73}" = lport=8090 | protocol=6 | dir=in | name=war thunder | 
"{6CC5ABA7-BD1B-44DC-A116-F0C5F44163F0}" = lport=24234 | protocol=6 | dir=in | name=allshareframework dms service udp port1 | 
"{6D08A87D-32A6-49E7-A99C-4BD7B8272CDF}" = lport=1900 | protocol=6 | dir=in | name=upnp multicast port | 
"{6F6AB699-F242-481D-B11C-4386AAE45460}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{79C3BA46-AD5F-4DD8-9CFD-12330675CFE0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7CB8FFC2-EAA9-4753-82E5-786BC5F9D8B6}" = lport=8643 | protocol=6 | dir=in | name=allshareframeworkdms event tcp port | 
"{7D703E36-6015-4242-AC25-68D3742C15FB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{830A121B-683A-4352-BBC1-6922ED36A465}" = lport=20010 | protocol=17 | dir=in | name=war thunder | 
"{8AA3A1F8-70ED-4C76-816D-C2387A7304BF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{983A55EF-4C69-4DDD-AFA0-3D7A8DA57136}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{98FAA00E-0587-4AD5-BF5F-A4642E16565D}" = lport=7850 | protocol=6 | dir=in | name=war thunder | 
"{A3B521D6-6923-4566-94B7-5151142CD3D2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A71A766C-57F3-462A-8C5A-B2F395B2F215}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AEF8E0B1-8928-4860-9824-AC75D77FA557}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B8D22E9F-F447-451A-8F4A-A5B658DD80DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C064C3DB-DBCF-4643-A053-EED4B284583A}" = lport=7900 | protocol=6 | dir=in | name=allshareframework dms service udp port2 | 
"{C2F882FA-4B38-4436-B85B-482F1EAAD9D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CBEC543C-C9EB-442C-9251-3B652A3DD92E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D078CBFF-6B1B-4709-999A-7BCD7EA7CAB8}" = lport=20443 | protocol=6 | dir=in | name=war thunder | 
"{D2C983A4-296E-4BC7-B9EE-36D523450329}" = lport=27022 | protocol=6 | dir=in | name=war thunder | 
"{D5972AE7-8AC2-4BBE-995D-85321D75ACB6}" = lport=443 | protocol=6 | dir=in | name=war thunder | 
"{D6D967AC-531E-4B94-8804-7631934B8489}" = lport=3478 | protocol=17 | dir=in | name=war thunder | 
"{D71E4286-536E-41A5-B2D5-03E768EEA175}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D743EA0F-C136-4ADA-9720-E4E35CB4F40D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ECEC916C-E69F-41B9-8EC1-D68C1C3ADA4E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EE14011A-0715-4121-93D6-D0037BC97B9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EEAC7889-DE8D-4E43-861F-5BB6DD9994A9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EF27124B-06C0-43FF-AE78-381931831D48}" = lport=7679 | protocol=6 | dir=in | name=allshareframeworkdms service tcp port2 | 
"{F1CC925D-5B99-41A9-A5CD-8AC8DC89C58E}" = lport=6881 | protocol=6 | dir=in | name=war thunder | 
"{F4A26989-82B2-4CB1-AB5D-737B3682ADC5}" = lport=80 | protocol=6 | dir=in | name=war thunder | 
"{F91CD776-0D39-461D-976A-42FD1E2AF376}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053DF62B-EC37-49DE-A760-442DAB2F04F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{06D74078-3FD4-4FAB-B9B2-B9B3FE70B0BB}" = dir=in | app=c:\users\basti\appdata\local\microsoft\skydrive\skydrive.exe | 
"{0D8FD0CA-E603-44E5-87BA-D980BDAACED8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{0EB67770-FE02-4A60-9CF0-D0AC90719937}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1A8B66DA-7FEE-4744-BFEA-C6F2F5142197}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{200B203B-1AE0-4CA8-95BB-233D728D2BEF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe | 
"{212A55B1-8751-44FE-8914-99FC9CD089E3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{22156B6D-76FB-46A2-9826-EB7622F3A83A}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe | 
"{318F3DDC-5981-46AD-8183-E61E3368C837}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\rocksmith\rocksmith.exe | 
"{381A89D6-F878-4CD3-8976-FDCDF5D68D08}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe | 
"{3CD7EC67-7C06-4E08-8453-491315FCAE35}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{3E964430-6C7C-4E8D-85FB-007B45471C95}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{3FB0005E-D477-4729-BEE9-CCE967914582}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe | 
"{409B6526-CB6E-43F8-BC94-3CFD77B49439}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{4D53CF9D-1A82-46E6-9481-37295D0C9887}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E9777CE-0A94-4CE9-A1B8-149D1117AE84}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{4FAE43CA-B470-4AD5-BEA6-E419476100E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{539B7E34-93C5-4C36-8E60-F37B5D816975}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\rocksmith\rocksmith.exe | 
"{58CCA3B6-8ADF-4D8B-8815-3F7F97CAAD1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5B216E94-4B1A-4DA5-9310-D99FFF94B327}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{631E5A75-4282-4F39-A218-429E2AD99314}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{635C1FBE-2EE0-44AF-9FB6-649001F64A20}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{6A9916DF-0D74-4E29-821E-1DFA1D67FE1B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{80FD4542-6BA3-466F-875D-9E6A59422A2D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83964453-05DC-4E97-B0FB-EFCCC1786C03}" = protocol=6 | dir=out | app=system | 
"{88725923-1B49-4270-8A36-9CAE7CBA2195}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C2C335D-E484-4454-9C78-93D34E92671E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FBEA6EC-DF63-4052-BB76-FAFC32D2FC29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9446C022-AB19-4358-807D-077500B27B01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{945DBD58-489F-48A1-A512-6A64CD8CC04F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{961D3570-B770-43C6-8975-A1A3E70F3D4B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe | 
"{96867691-CDB2-4EFE-BF91-8C1E4BA2CBB5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{9A576023-0A25-42E8-A0A1-22327DD9063A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9E599731-4FB4-4A82-A07A-0A8C52DF1597}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe | 
"{A33E2E6E-335E-4E88-B1C0-C43C5D67F226}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa manager 13\manager13.exe | 
"{A645803C-63D4-4BAF-9266-89736561AEB4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{AE6A74AE-5B04-4BEA-B5C1-B6674395F8CF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\coj gunslinger\cojgunslinger_demo.exe | 
"{B1D058C0-69AA-43EE-A045-9C61C47BE12B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{B31E57E3-B793-43CC-9C14-6819B7963E7F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B44D7052-2BC9-4DCA-9A48-AD2A3313402C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{B824FFB1-0800-41AA-863A-FE80216C9C0E}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe | 
"{BEC7A533-5244-473B-8053-71D0D43F0658}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C34ADF70-5ECB-4B40-92F9-5D60FF9E4CF9}" = protocol=58 | dir=in | app=system | 
"{C8F642A1-BC45-4482-B6FB-D9D0AB5BF721}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C9227157-9F7F-498D-9A53-9ED6987281C9}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe | 
"{D3094B04-D60D-4D7E-98EB-B8A9FF4DFC1F}" = dir=out | app=c:\program files\samsung\samsung link\samsung link.exe | 
"{D75EE4E1-7E6D-401C-8B42-E44D4CD50F46}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E50B5288-B57A-4A57-99C2-B323E38002D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E7E0B179-5592-488B-84A8-67AD21C77A1E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{EF96C670-F0C1-44FA-BF72-69F617E87C8A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{EFF7E4B4-D33A-49A8-847D-8FAD675FF8F2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{F17331D5-BD70-4B47-B115-BFB3A91CD8A8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{FB991AB3-1D6E-443D-AECB-322B05219B72}" = dir=in | app=c:\program files\samsung\samsung link\samsung link.exe | 
"TCP Query User{A06DD0BA-C5B3-4523-8030-58D9916EC636}C:\program files (x86)\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"TCP Query User{C3AD5C19-9C06-44C3-A3DD-8122D47CFA4C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{CDA60A4F-5E6B-4523-9A5B-2B74B24A9269}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"UDP Query User{070D247C-2BAF-4F16-85BB-FA87BC84668D}C:\program files (x86)\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"UDP Query User{9D24AAFF-712A-4007-A518-FF9A140AB370}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{BC37443F-608A-41DF-BCC8-73C51B575769}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BA8381A-F47A-0A1A-8CDC-9EED42CBF73A}" = AMD Media Foundation Decoders
"{328EAC95-9299-BF47-BDBE-83F94AE07D71}" = AMD Drag and Drop Transcoding
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A762DDE6-D6AC-ECDC-DFBE-E35A0FCFB0AD}" = AMD Fuel
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5CFDA3B-64EC-21EE-6652-0E9AFC41FF8F}" = ccc-utility64
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FC655E43-0E90-4FAC-AF88-7CF8635C6ADC}" = AllShare Framework DMS
"8474-7877-9059-0204" = Samsung Link 1.5.0.1305092012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B9D184-F3C5-48B2-6DBA-56D5DCD85E97}" = CCC Help Chinese Traditional
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{062BC4B4-891A-C58D-B335-7A6358BB438C}" = CCC Help English
"{0E4545D7-2B4B-1EF1-505E-1B9E512980F1}" = CCC Help Portuguese
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{15DA32B6-4726-AABE-E3BD-761DA0DE4132}" = CCC Help Norwegian
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1E728246-95D5-4E72-8A9A-AC62602F39D8}_is1" = ANSTOSS 3
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2764C49D-4BFD-A240-F64D-E11AF855C714}" = CCC Help Swedish
"{29E21CFC-5DEE-6441-AD4A-C15655BFC146}" = CCC Help Chinese Standard
"{2C03DD9D-D28B-9D33-22DA-AB1C007B8412}" = CCC Help Spanish
"{2DE1BCDB-48F7-723F-1DF0-FAB7B4184CE4}" = CCC Help Danish
"{2FF505C2-318E-7B51-FA77-51B9E6F0677D}" = CCC Help Czech
"{30E02033-8A23-ABF8-474C-1CD0C7504659}" = CCC Help French
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{43BAB72A-5430-FD3B-ADBD-02105E4AEE03}" = CCC Help Thai
"{492B292A-8A5E-EE0D-5EAA-B303CCB1F14D}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B487EAF-EC47-EDEF-599B-CA45F17DD5D0}" = Catalyst Control Center Graphics Previews Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{59FB5F5C-B127-D725-72CF-D8ECEF40163D}" = CCC Help Finnish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFCEE0F-17DA-93D0-65EE-C280DA539FFD}" = CCC Help Korean
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{78482808-3AE8-5650-52AD-2E73D0C6BB43}" = Catalyst Control Center Localization All
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A60C5BE1-9644-01E7-5E8A-5F0318D268C6}" = AMD VISION Engine Control Center
"{A9674831-B5FC-32DA-D7F7-067DB3FC36C8}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B24A294A-5BA2-E73D-2064-80BB7A940102}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BECC92A2-F74A-9003-214D-7F2B059B61D1}" = CCC Help Turkish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1953F1B-F323-B5BC-4513-BC82EFED21DD}" = CCC Help Dutch
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{DDB9AF26-1CA1-99F6-A3E5-3D76D6D45BE7}" = CCC Help Greek
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0FA217A-9661-02A8-E259-A2702CBD8C40}" = CCC Help German
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EBD2E918-2C91-A25B-DFA8-E9E96673061D}" = CCC Help Russian
"{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F950EC87-8370-F6BC-4996-1C2A0B486E5F}" = CCC Help Hungarian
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FormatFactory" = FormatFactory 3.0.1
"Free Audio Converter_is1" = Free Audio Converter version 5.0.21.1212
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Basic)
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"ST6UNST #1" = Meister-Trainer
"ST6UNST #2" = Meister-Trainer (C:\Program Files (x86)\Meister\)
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 205190" = Rocksmith
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"RIFT" = RIFT
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2013 05:47:53 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description = 
 
Error - 23.06.2013 05:47:53 | Computer Name = Basti-PC | Source = AllShare Framework DMS | ID = 131073
Description = 
 
Error - 23.06.2013 05:48:26 | Computer Name = Basti-PC | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >
         

OTL:


Code:
ATTFilter
OTL logfile created on: 23.06.2013 13:43:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Basti\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,11% Memory free
7,99 Gb Paging File | 6,01 Gb Available in Paging File | 75,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 67,77 Gb Free Space | 45,47% Space Free | Partition Type: NTFS
Drive D: | 427,59 Gb Total Space | 346,34 Gb Free Space | 81,00% Space Free | Partition Type: NTFS
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.21 21:57:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
PRC - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.03 14:24:46 | 000,755,080 | ---- | M] (Samsung) -- C:\Programme\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe
PRC - [2013.04.23 06:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.04.23 06:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013.04.06 12:29:45 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.08.08 21:52:34 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 07:00:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 07:00:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.09 07:00:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.12 21:10:17 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013.05.15 22:19:11 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013.05.15 22:18:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013.05.15 22:18:42 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013.05.15 22:18:33 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013.05.15 22:18:29 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013.04.06 12:29:55 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2013.04.06 12:29:55 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013.04.06 12:29:55 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2013.04.06 12:29:55 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013.04.06 12:29:55 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2013.04.06 12:29:55 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2013.04.06 12:29:55 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2013.04.06 12:29:55 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2013.04.06 12:29:55 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2013.04.06 12:29:54 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2013.04.06 12:29:54 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2013.04.06 12:29:54 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013.02.16 16:16:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.01.10 14:52:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 14:51:59 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.09 22:19:58 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.09 22:19:53 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.09 22:19:44 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 03:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.12 21:10:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 14:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:34:46 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 20:12:12 | 000,605,768 | ---- | M] (Copyright 2013 SAMSUNG) [Auto | Running] -- C:\Programme\Samsung\Samsung Link\Samsung Link Service.exe -- (Samsung Link Service)
SRV - [2013.05.03 14:25:36 | 000,405,896 | ---- | M] (Samsung) [Auto | Running] -- C:\Programme\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe -- (AllShare Framework DMS)
SRV - [2012.09.19 12:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.09 07:00:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 07:00:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.09 07:00:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.28 04:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 03:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.05.09 07:00:07 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 07:00:07 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2006.12.13 13:13:00 | 000,124,856 | ---- | M] (Eutron) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eusk3usb-amd64.sys -- (eusk3usb)
DRV:64bit: - [2006.12.13 13:10:00 | 000,042,816 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eusk2par-amd64.sys -- (eusk2par)
DRV - [2013.04.18 12:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2012.09.19 11:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 DC DD 16 5C A2 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{1ECEC699-83A8-41A3-8984-FE428572C7C1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\samsung.com/AllSharePlayPCPlugin: C:\Program Files\Samsung\AllShare Play\utils\npAllSharePlayPCPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
 
[2013.05.08 19:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2012.07.11 22:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions
[2012.07.11 22:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f}
[2013.05.18 22:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yrdsoke5.default\extensions
[2013.06.22 22:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.27 22:47:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.05.27 22:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.27 22:47:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.22 12:05:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Samsung Link] C:\Programme\Samsung\Samsung Link\utils\Samsung Link Launcher.exe (Samsung Electronics)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EADM] D:\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Web-Suche - Reg Error: Value error. File not found
O8 - Extra context menu item: Web-Suche - Reg Error: Value error. File not found
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71A4FB85-D5F7-4553-BA6B-0F5DC230FCB9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB2E411D-6F89-4A3A-A607-EB9CDD0FC578}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.23 13:41:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.22 22:25:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.22 22:25:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.22 22:23:52 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe
[2013.06.22 22:06:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.22 11:53:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.22 11:48:43 | 000,000,000 | --SD | C] -- C:\Users\Basti\Documents\ComboFix
[2013.06.22 11:43:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.22 11:43:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.22 11:43:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.22 11:43:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.22 11:42:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.22 11:39:24 | 005,082,201 | R--- | C] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe
[2013.06.21 21:57:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2013.06.19 19:34:02 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\techland
[2013.06.15 18:05:31 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.15 18:05:30 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.12 21:36:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 21:36:10 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.12 21:36:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 21:36:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 21:36:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 21:36:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 21:36:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 21:36:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 21:36:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 21:36:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 21:36:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 21:36:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 21:36:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 20:50:57 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 20:50:57 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 20:50:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 20:50:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 20:50:38 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 20:50:31 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 20:50:30 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 20:50:30 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 20:50:29 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 20:50:28 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 20:50:28 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 20:49:51 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 20:49:51 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.07 00:04:51 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\The Creative Assembly
[2013.05.27 22:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.27 06:44:08 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meister-Trainer
[2013.05.27 06:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Meister
[2013.05.27 06:43:47 | 000,294,912 | ---- | C] (rpwSoft) -- C:\Windows\Setup1.exe
[2013.05.27 06:43:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.23 13:40:20 | 000,165,376 | ---- | M] () -- C:\Users\Basti\Desktop\SystemLook_x64.exe
[2013.06.23 13:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.23 11:56:38 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.23 11:56:38 | 000,028,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.23 11:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.23 11:47:39 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.22 22:23:52 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe
[2013.06.22 22:14:30 | 000,648,201 | ---- | M] () -- C:\Users\Basti\Desktop\adwcleaner.exe
[2013.06.22 12:05:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.22 11:39:29 | 005,082,201 | R--- | M] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe
[2013.06.21 22:44:19 | 000,000,000 | ---- | M] () -- C:\Users\Basti\defogger_reenable
[2013.06.21 22:04:11 | 000,377,856 | ---- | M] () -- C:\Users\Basti\Desktop\gmer_2.1.19163.exe
[2013.06.21 21:57:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2013.06.21 21:55:58 | 000,050,477 | ---- | M] () -- C:\Users\Basti\Desktop\Defogger.exe
[2013.06.21 20:50:51 | 000,000,004 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\skype.ini
[2013.06.21 20:46:53 | 017,371,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.21 20:46:53 | 000,735,468 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.06.21 20:46:53 | 000,735,312 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013.06.21 20:46:53 | 000,733,182 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013.06.21 20:46:53 | 000,730,006 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013.06.21 20:46:53 | 000,730,004 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013.06.21 20:46:53 | 000,719,004 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013.06.21 20:46:53 | 000,714,536 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013.06.21 20:46:53 | 000,703,792 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013.06.21 20:46:53 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.21 20:46:53 | 000,673,490 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013.06.21 20:46:53 | 000,658,508 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.06.21 20:46:53 | 000,653,752 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013.06.21 20:46:53 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.21 20:46:53 | 000,646,766 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013.06.21 20:46:53 | 000,596,688 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013.06.21 20:46:53 | 000,499,310 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013.06.21 20:46:53 | 000,484,586 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013.06.21 20:46:53 | 000,471,450 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2013.06.21 20:46:53 | 000,469,230 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013.06.21 20:46:53 | 000,419,388 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013.06.21 20:46:53 | 000,407,794 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013.06.21 20:46:53 | 000,392,220 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013.06.21 20:46:53 | 000,382,796 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013.06.21 20:46:53 | 000,375,118 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2013.06.21 20:46:53 | 000,170,082 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013.06.21 20:46:53 | 000,157,422 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013.06.21 20:46:53 | 000,154,698 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013.06.21 20:46:53 | 000,152,014 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013.06.21 20:46:53 | 000,151,986 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013.06.21 20:46:53 | 000,149,578 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013.06.21 20:46:53 | 000,148,390 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.06.21 20:46:53 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.21 20:46:53 | 000,146,578 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013.06.21 20:46:53 | 000,145,886 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013.06.21 20:46:53 | 000,141,572 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013.06.21 20:46:53 | 000,140,194 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.06.21 20:46:53 | 000,138,976 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013.06.21 20:46:53 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013.06.21 20:46:53 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.21 20:46:53 | 000,119,580 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013.06.21 20:46:53 | 000,119,152 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2013.06.21 20:46:53 | 000,114,238 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013.06.21 20:46:53 | 000,110,090 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013.06.21 20:46:53 | 000,100,230 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2013.06.21 20:46:53 | 000,097,570 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013.06.21 20:46:53 | 000,094,380 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013.06.21 20:46:53 | 000,093,888 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013.06.21 20:46:53 | 000,083,998 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013.06.12 21:10:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.12 21:10:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.27 06:45:00 | 000,294,912 | ---- | M] (rpwSoft) -- C:\Windows\Setup1.exe
[2013.05.27 06:44:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
 
========== Files Created - No Company Name ==========
 
[2013.06.23 13:40:20 | 000,165,376 | ---- | C] () -- C:\Users\Basti\Desktop\SystemLook_x64.exe
[2013.06.22 22:14:30 | 000,648,201 | ---- | C] () -- C:\Users\Basti\Desktop\adwcleaner.exe
[2013.06.22 11:43:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.22 11:43:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.22 11:43:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.22 11:43:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.22 11:43:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.21 22:44:19 | 000,000,000 | ---- | C] () -- C:\Users\Basti\defogger_reenable
[2013.06.21 22:04:11 | 000,377,856 | ---- | C] () -- C:\Users\Basti\Desktop\gmer_2.1.19163.exe
[2013.06.21 21:55:58 | 000,050,477 | ---- | C] () -- C:\Users\Basti\Desktop\Defogger.exe
[2013.06.20 18:42:26 | 000,000,004 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\skype.ini
[2013.05.17 23:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2013.05.04 13:27:28 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.05.04 13:27:28 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.04.19 16:38:54 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\MediaDB.dll
[2013.04.19 16:37:54 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\ContentDirectoryPresenter.dll
[2013.04.15 18:53:12 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\boost_thread-vc90-mt-1_47.dll
[2013.04.15 18:53:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\boost_date_time-vc90-mt-1_47.dll
[2013.04.15 18:52:44 | 000,227,840 | ---- | C] () -- C:\Windows\SysWow64\boost_serialization-vc90-mt-1_47.dll
[2013.04.15 18:52:42 | 000,704,000 | ---- | C] () -- C:\Windows\SysWow64\boost_regex-vc90-mt-1_47.dll
[2013.04.15 18:52:40 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\boost_system-vc90-mt-1_47.dll
[2013.04.15 18:52:24 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\boost_filesystem-vc90-mt-1_47.dll
[2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.09 23:20:37 | 000,000,839 | ---- | C] () -- C:\Windows\wininit.ini
[2012.04.19 21:49:45 | 017,032,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.12 20:48:12 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\LCNIMP6.DLL
[2012.02.12 20:43:20 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2012.02.12 20:43:12 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\c1sizerppg.dll
[2012.02.02 19:44:09 | 000,032,529 | ---- | C] () -- C:\Users\Basti\rift_gamecard_30_days_89235554_Q4SKHBGD.jpg
[2011.11.14 19:17:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Alt 23.06.2013, 13:51   #8
Patros1001
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



Systemlook:



Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 14:33 on 23/06/2013 by Basti
Administrator - Elevation successful

========== filefind ==========

Searching for "*babylon*"
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed\babylon.css	--a---- 1668 bytes	[20:58 18/11/2011]	[20:58 18/11/2011] 0A601A75B0BFA02C4090D4B9F859BD24
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed\babylon.html	--a---- 622 bytes	[20:58 18/11/2011]	[20:58 18/11/2011] A7E16D933D279B4DC8E3733FD0AFD0A5
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed\babylon.zip	--a---- 55774 bytes	[20:58 18/11/2011]	[20:58 18/11/2011] BC002070760FB7FD224A3320D6954062
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed\babylon1.js	--a---- 9945 bytes	[20:58 18/11/2011]	[20:58 18/11/2011] 13DE816629F3C10C206AE08BC55BAAB9
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed\Content_Babylon_skinID.JPG	--a---- 11918 bytes	[20:58 18/11/2011]	[20:58 18/11/2011] EFDFE6FAAEBB2C43E95B5BEB54036D50
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\resources\de-de\babylon_feed.dtd	--a---- 1418 bytes	[20:58 18/11/2011]	[20:58 18/11/2011] D98A9606F50A8A95DE6744761F1FB3E0
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip	--a---- 551 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 97BAF567CCC7F61B07ABF28ECBA20DB3
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip	--a---- 617 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] F18D44F6225D9B7A0B08A4762B1EF4E6
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip	--a---- 611 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 4413BFA945E71C500A43146E20C9B6DF
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar100.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9210D5B10EB3E9E2387ACF946682DAC8
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar101.zip	--a---- 618 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 763BA779C35E09D74E5B66FB2508FDBA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar102.zip	--a---- 576 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6A15F0D0549B35D6F652FE8657600C2F
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar103.zip	--a---- 505 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B0B37E92EBA840AFED207C438FA423AD
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar104.zip	--a---- 316 bytes	[17:38 20/06/2013]	[17:38 20/06/2013] 7652C9AE0A4A88F7405C17AD06F3CD2C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar105.zip	--a---- 2428 bytes	[17:38 20/06/2013]	[17:38 20/06/2013] 7B92CEAEC921A261CD026BCDC5381C1C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar106.zip	--a---- 500 bytes	[17:38 20/06/2013]	[17:38 20/06/2013] FFB548166470D58C8D96CB3460076AD9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar107.zip	--a---- 575 bytes	[17:38 20/06/2013]	[17:38 20/06/2013] A02DED685AC418BA85CFA90FAD97A577
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip	--a---- 608 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] F92BAA05674B34C615506FEAA89C31BA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip	--a---- 564 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] D78104CDF17FFCEFD16B2DFC2779133C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip	--a---- 618 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 730AA341E87E620E06EEC2D828BBC9C9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip	--a---- 565 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] FBE3DE98A672E6A52FA256E23E9DB119
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip	--a---- 620 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 4EA6DFBC5D6AF85D44EBB2706C81AE28
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 0D7E0203A8F0BAF27FF488291B1222D7
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip	--a---- 621 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 7F814E9DDB1D74E042A4312058B2043B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip	--a---- 568 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] EE432E895F3DB5EF62D290A5C45DC0C8
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip	--a---- 618 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 05C6F0368492439D021036E35B5816B6
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip	--a---- 741 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] E6317D4F4183FB44C859790A4D66D6C4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip	--a---- 565 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 13FBB150456F09BB52EDB4E21A2D2768
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip	--a---- 622 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] F7C37FA160D4BBFA1012A9FB313DBF63
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip	--a---- 568 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2D862300610F40091160CC9BCEF99573
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip	--a---- 617 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] AE8968D84DF6843334D730E318037A8B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip	--a---- 568 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2F2DD5B1102432999B0E568795054DF5
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip	--a---- 622 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 634F4FF0E14B64F0D953AE82E9049B2C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip	--a---- 565 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B9177600C5ADF51264C165C82A66907E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip	--a---- 620 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2FB1BF609E0C673220A90B1AE212A44E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar28.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9D8065EB8A63AA97E4EAFBE56233239C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar29.zip	--a---- 621 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9156972869ACDC746C003F5BA6B8D09E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip	--a---- 1082456 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] A50FB3E675F7AE754C3A70C40389E2B4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar30.zip	--a---- 567 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 35A088DF72037DD992A377DFD28D7FC9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar31.zip	--a---- 620 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2049EB454B70DFD5A5F8036006E8856A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar32.zip	--a---- 567 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B46373F8B8AD3F3679EA63FA50D45FEB
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar33.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 4D2C9A15DB8473FB1F13E3CF0F150BB4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar34.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6E9372755461D808BA1AD9EE8FAEC224
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar35.zip	--a---- 622 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] C7045B33AEA6A4697BBEB8B27A1D0B76
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar36.zip	--a---- 565 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 860B7B647DD7B2B8B02B4357AA7F486B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar37.zip	--a---- 618 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 967F8BD6220C6B13CFE54A54FCE8C2E0
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar38.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] CE24BFA6E2CBFE3DC05163EE5011188C
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar39.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 48A856E1E0C209FB619AB6DA4AFE1FE3
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip	--a---- 767 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 03C9D15171D5B527D430B85E219484DA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar40.zip	--a---- 549 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] C2E1D6C2611FCF754084E2C893FF8855
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar41.zip	--a---- 615 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 8512121E61A53721EEBFF10D4C7E3E0A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar42.zip	--a---- 549 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 901CA3AFF91123ED44FB1260D74663EE
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar43.zip	--a---- 617 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 1C53E687A28217BC042EED85541ECD2B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar44.zip	--a---- 551 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] CB5DDE048AB7B0924E33FB3727B84578
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar45.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 0BD3DDA8810D9BD8BC4A3201E78FD012
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar46.zip	--a---- 659 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9CD2DDEC5BFEA797F8F9F9C24A6198EA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar47.zip	--a---- 705 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9A4232CF37314012C5C10CB0E38473F0
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar48.zip	--a---- 627 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 821CC330CAEFCD605BD03262F8984273
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar49.zip	--a---- 540 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] D57CA7D9AD8B699F2DD6FB01EF8FB9AE
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip	--a---- 765 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 518468592BB857F5E99CBB8027AA9BA4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar50.zip	--a---- 543 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] FFB93E6FA76AE29149C063B3A94F39CB
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar51.zip	--a---- 578 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 7AF233DA81ED40B7F11A84DEB481719A
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar52.zip	--a---- 596 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] DD67586C7F394BA281063DF850F61F57
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar53.zip	--a---- 592 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 928F1E728EF4D7CC91B9DE2FB8A10D95
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar54.zip	--a---- 541 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] C4EC51C760271CE274C62925B819884E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar55.zip	--a---- 577 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 559820C573C2CD2B717A44350C72398B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar56.zip	--a---- 592 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 7421AD5CFBAA2822610DFB5C5DFCE3C5
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar57.zip	--a---- 546 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B21A3D496FC3C9A90EC8D4DE5CA6FA13
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar58.zip	--a---- 551 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] D76007E806A5A8C5715E46856ADE2A87
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar59.zip	--a---- 637 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] AAA2CFEE7B2795122986CE7F0E24D511
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip	--a---- 618 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6D014BBD2A9A4F75CDDC7861BE7C3821
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar60.zip	--a---- 598 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B4490B94222811DD5F468138934DB057
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar61.zip	--a---- 593 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2630769868B189B17B9230EE79654393
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar62.zip	--a---- 315 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9EC2C116258F922AADC52DC9B189C8C4
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar63.zip	--a---- 2090 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6402D45B58287294819BBEE222B9D0D1
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar64.zip	--a---- 3896213 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2E73C9C6B0AF5878350819647B4B8A6D
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar65.zip	--a---- 496 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] E5C057BEF8D3BCD3B4533A7D755FFB40
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar66.zip	--a---- 693 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] D8BC20A1695A2EDA1098D429019DE174
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar67.zip	--a---- 542 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9ED86B736D143314967FCA2989C7AEB6
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar68.zip	--a---- 545 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] F89FDAE0639297485379A0417063B00D
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar69.zip	--a---- 577 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] E518A0FDACFABF6B8908646560508C87
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip	--a---- 615 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 14DDB9BCF745E2763022903F054539F2
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip	--a---- 596 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 45E9942306D46C549645D21B2D410CF9
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar71.zip	--a---- 592 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] CAAF183764794DBFCAD3D3B58B2F32A7
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar72.zip	--a---- 564 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 5CAE34E8DC2CC64C8C3F9CB726EC0DE1
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar73.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 397A2A4EC23231EB525D9CEB06596618
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar74.zip	--a---- 540 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 12306E2DFB73FD20C9537ED8FFF93389
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar75.zip	--a---- 543 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 125497550E368486A302C548983C4602
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar76.zip	--a---- 576 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] AAC97B0EC2F2AD577DE57066CB6B5598
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar77.zip	--a---- 593 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] FEC194EBA9AE3FAA7BEFC13BD296D568
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar78.zip	--a---- 590 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6FF42E045F8D25276AF3D5A846A24310
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar79.zip	--a---- 551 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9910314F5332C8BD709DDE2704D2E808
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip	--a---- 607 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 004FB65F049C95BE677742F66BA62D6B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar80.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] A7D88163A19E9881A3E422E8CFF1E631
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar81.zip	--a---- 547 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6197F59C2827DD92794E8BE499EFD72B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar82.zip	--a---- 551 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] F657289FA96EB6774A7B06387DFFD597
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar83.zip	--a---- 578 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] CA8CD3EA2C15D26C85007F5352732CD7
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar84.zip	--a---- 598 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 47C7E323A8716371424498C71084A582
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar85.zip	--a---- 594 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] BFD4F66B6253F0925AD5FA096AF03EE0
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar86.zip	--a---- 549 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] FB431D9C575F7F1835CC448FA6D754FC
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar87.zip	--a---- 615 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B7EBD53FDF5F5F3D25ADA4D6B3BC23EA
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar88.zip	--a---- 563 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] A667DBA1512B1971D9021EE268206AA1
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar89.zip	--a---- 621 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 0792F7F592330D26FC1C1ECE8D9D6762
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip	--a---- 610 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] A7A20419045D3F1BFD544E976C2CA393
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar90.zip	--a---- 550 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 08C208B20BDCC98A1377F309742AD5D5
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar91.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 618095F66BE82CE2B8AAAEFE78D08CF2
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar92.zip	--a---- 560 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] AEB9F4A0D5F3B7256AEBC73782CC2D69
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar93.zip	--a---- 616 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] CF2B638F38EE89C949B72BE829B41728
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar94.zip	--a---- 550 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] C1C3A8AE419E39E155CA2AD7EB09D564
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar95.zip	--a---- 617 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 0DBE196EF819C15A75E59816C4328D1B
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar96.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2A540DDB56AF7F9D4CDFF407961B236E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar97.zip	--a---- 620 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 63FD36584F4DB4F27FC16DDDDA86C58E
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar98.zip	--a---- 564 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 760F00F1AEB8C54C212C3E9354E11F58
C:\ProgramData\Spybot - Search & Destroy\Recovery\BabylonToolbar99.zip	--a---- 617 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 49E6CE20D8AE007462CECC174C2AF1A9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip	--a---- 551 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 97BAF567CCC7F61B07ABF28ECBA20DB3
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip	--a---- 617 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] F18D44F6225D9B7A0B08A4762B1EF4E6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip	--a---- 611 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 4413BFA945E71C500A43146E20C9B6DF
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar100.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9210D5B10EB3E9E2387ACF946682DAC8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar101.zip	--a---- 618 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 763BA779C35E09D74E5B66FB2508FDBA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar102.zip	--a---- 576 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6A15F0D0549B35D6F652FE8657600C2F
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar103.zip	--a---- 505 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B0B37E92EBA840AFED207C438FA423AD
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar104.zip	--a---- 316 bytes	[17:38 20/06/2013]	[17:38 20/06/2013] 7652C9AE0A4A88F7405C17AD06F3CD2C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar105.zip	--a---- 2428 bytes	[17:38 20/06/2013]	[17:38 20/06/2013] 7B92CEAEC921A261CD026BCDC5381C1C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar106.zip	--a---- 500 bytes	[17:38 20/06/2013]	[17:38 20/06/2013] FFB548166470D58C8D96CB3460076AD9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar107.zip	--a---- 575 bytes	[17:38 20/06/2013]	[17:38 20/06/2013] A02DED685AC418BA85CFA90FAD97A577
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip	--a---- 608 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] F92BAA05674B34C615506FEAA89C31BA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip	--a---- 564 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] D78104CDF17FFCEFD16B2DFC2779133C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip	--a---- 618 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 730AA341E87E620E06EEC2D828BBC9C9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip	--a---- 565 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] FBE3DE98A672E6A52FA256E23E9DB119
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip	--a---- 620 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 4EA6DFBC5D6AF85D44EBB2706C81AE28
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 0D7E0203A8F0BAF27FF488291B1222D7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip	--a---- 621 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 7F814E9DDB1D74E042A4312058B2043B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip	--a---- 568 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] EE432E895F3DB5EF62D290A5C45DC0C8
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip	--a---- 618 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 05C6F0368492439D021036E35B5816B6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip	--a---- 741 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] E6317D4F4183FB44C859790A4D66D6C4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip	--a---- 565 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 13FBB150456F09BB52EDB4E21A2D2768
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip	--a---- 622 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] F7C37FA160D4BBFA1012A9FB313DBF63
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip	--a---- 568 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2D862300610F40091160CC9BCEF99573
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip	--a---- 617 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] AE8968D84DF6843334D730E318037A8B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip	--a---- 568 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2F2DD5B1102432999B0E568795054DF5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip	--a---- 622 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 634F4FF0E14B64F0D953AE82E9049B2C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip	--a---- 565 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B9177600C5ADF51264C165C82A66907E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip	--a---- 620 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2FB1BF609E0C673220A90B1AE212A44E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar28.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9D8065EB8A63AA97E4EAFBE56233239C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar29.zip	--a---- 621 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9156972869ACDC746C003F5BA6B8D09E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip	--a---- 1082456 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] A50FB3E675F7AE754C3A70C40389E2B4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar30.zip	--a---- 567 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 35A088DF72037DD992A377DFD28D7FC9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar31.zip	--a---- 620 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2049EB454B70DFD5A5F8036006E8856A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar32.zip	--a---- 567 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B46373F8B8AD3F3679EA63FA50D45FEB
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar33.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 4D2C9A15DB8473FB1F13E3CF0F150BB4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar34.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6E9372755461D808BA1AD9EE8FAEC224
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar35.zip	--a---- 622 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] C7045B33AEA6A4697BBEB8B27A1D0B76
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar36.zip	--a---- 565 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 860B7B647DD7B2B8B02B4357AA7F486B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar37.zip	--a---- 618 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 967F8BD6220C6B13CFE54A54FCE8C2E0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar38.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] CE24BFA6E2CBFE3DC05163EE5011188C
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar39.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 48A856E1E0C209FB619AB6DA4AFE1FE3
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip	--a---- 767 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 03C9D15171D5B527D430B85E219484DA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar40.zip	--a---- 549 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] C2E1D6C2611FCF754084E2C893FF8855
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar41.zip	--a---- 615 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 8512121E61A53721EEBFF10D4C7E3E0A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar42.zip	--a---- 549 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 901CA3AFF91123ED44FB1260D74663EE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar43.zip	--a---- 617 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 1C53E687A28217BC042EED85541ECD2B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar44.zip	--a---- 551 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] CB5DDE048AB7B0924E33FB3727B84578
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar45.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 0BD3DDA8810D9BD8BC4A3201E78FD012
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar46.zip	--a---- 659 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9CD2DDEC5BFEA797F8F9F9C24A6198EA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar47.zip	--a---- 705 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9A4232CF37314012C5C10CB0E38473F0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar48.zip	--a---- 627 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 821CC330CAEFCD605BD03262F8984273
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar49.zip	--a---- 540 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] D57CA7D9AD8B699F2DD6FB01EF8FB9AE
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip	--a---- 765 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 518468592BB857F5E99CBB8027AA9BA4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar50.zip	--a---- 543 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] FFB93E6FA76AE29149C063B3A94F39CB
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar51.zip	--a---- 578 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 7AF233DA81ED40B7F11A84DEB481719A
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar52.zip	--a---- 596 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] DD67586C7F394BA281063DF850F61F57
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar53.zip	--a---- 592 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 928F1E728EF4D7CC91B9DE2FB8A10D95
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar54.zip	--a---- 541 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] C4EC51C760271CE274C62925B819884E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar55.zip	--a---- 577 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 559820C573C2CD2B717A44350C72398B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar56.zip	--a---- 592 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 7421AD5CFBAA2822610DFB5C5DFCE3C5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar57.zip	--a---- 546 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B21A3D496FC3C9A90EC8D4DE5CA6FA13
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar58.zip	--a---- 551 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] D76007E806A5A8C5715E46856ADE2A87
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar59.zip	--a---- 637 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] AAA2CFEE7B2795122986CE7F0E24D511
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip	--a---- 618 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6D014BBD2A9A4F75CDDC7861BE7C3821
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar60.zip	--a---- 598 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B4490B94222811DD5F468138934DB057
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar61.zip	--a---- 593 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2630769868B189B17B9230EE79654393
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar62.zip	--a---- 315 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9EC2C116258F922AADC52DC9B189C8C4
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar63.zip	--a---- 2090 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6402D45B58287294819BBEE222B9D0D1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar64.zip	--a---- 3896213 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2E73C9C6B0AF5878350819647B4B8A6D
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar65.zip	--a---- 496 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] E5C057BEF8D3BCD3B4533A7D755FFB40
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar66.zip	--a---- 693 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] D8BC20A1695A2EDA1098D429019DE174
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar67.zip	--a---- 542 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9ED86B736D143314967FCA2989C7AEB6
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar68.zip	--a---- 545 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] F89FDAE0639297485379A0417063B00D
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar69.zip	--a---- 577 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] E518A0FDACFABF6B8908646560508C87
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip	--a---- 615 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 14DDB9BCF745E2763022903F054539F2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip	--a---- 596 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 45E9942306D46C549645D21B2D410CF9
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar71.zip	--a---- 592 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] CAAF183764794DBFCAD3D3B58B2F32A7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar72.zip	--a---- 564 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 5CAE34E8DC2CC64C8C3F9CB726EC0DE1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar73.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 397A2A4EC23231EB525D9CEB06596618
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar74.zip	--a---- 540 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 12306E2DFB73FD20C9537ED8FFF93389
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar75.zip	--a---- 543 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 125497550E368486A302C548983C4602
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar76.zip	--a---- 576 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] AAC97B0EC2F2AD577DE57066CB6B5598
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar77.zip	--a---- 593 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] FEC194EBA9AE3FAA7BEFC13BD296D568
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar78.zip	--a---- 590 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6FF42E045F8D25276AF3D5A846A24310
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar79.zip	--a---- 551 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 9910314F5332C8BD709DDE2704D2E808
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip	--a---- 607 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 004FB65F049C95BE677742F66BA62D6B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar80.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] A7D88163A19E9881A3E422E8CFF1E631
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar81.zip	--a---- 547 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 6197F59C2827DD92794E8BE499EFD72B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar82.zip	--a---- 551 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] F657289FA96EB6774A7B06387DFFD597
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar83.zip	--a---- 578 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] CA8CD3EA2C15D26C85007F5352732CD7
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar84.zip	--a---- 598 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 47C7E323A8716371424498C71084A582
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar85.zip	--a---- 594 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] BFD4F66B6253F0925AD5FA096AF03EE0
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar86.zip	--a---- 549 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] FB431D9C575F7F1835CC448FA6D754FC
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar87.zip	--a---- 615 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] B7EBD53FDF5F5F3D25ADA4D6B3BC23EA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar88.zip	--a---- 563 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] A667DBA1512B1971D9021EE268206AA1
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar89.zip	--a---- 621 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 0792F7F592330D26FC1C1ECE8D9D6762
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip	--a---- 610 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] A7A20419045D3F1BFD544E976C2CA393
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar90.zip	--a---- 550 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 08C208B20BDCC98A1377F309742AD5D5
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar91.zip	--a---- 619 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 618095F66BE82CE2B8AAAEFE78D08CF2
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar92.zip	--a---- 560 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] AEB9F4A0D5F3B7256AEBC73782CC2D69
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar93.zip	--a---- 616 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] CF2B638F38EE89C949B72BE829B41728
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar94.zip	--a---- 550 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] C1C3A8AE419E39E155CA2AD7EB09D564
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar95.zip	--a---- 617 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 0DBE196EF819C15A75E59816C4328D1B
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar96.zip	--a---- 566 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 2A540DDB56AF7F9D4CDFF407961B236E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar97.zip	--a---- 620 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 63FD36584F4DB4F27FC16DDDDA86C58E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar98.zip	--a---- 564 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 760F00F1AEB8C54C212C3E9354E11F58
C:\Users\All Users\Spybot - Search & Destroy\Recovery\BabylonToolbar99.zip	--a---- 617 bytes	[21:20 09/07/2012]	[21:20 09/07/2012] 49E6CE20D8AE007462CECC174C2AF1A9

Searching for "*DVDVideoSoftTB*"
C:\Windows\Prefetch\DVDVIDEOSOFTTB_DETOOLBARHELPE-FFD752EE.pf	--a---- 58746 bytes	[11:48 19/05/2013]	[16:34 20/06/2013] 5C9B693EE660526CDC409B006F8C833F

Searching for "*Optimizer Pro*"
No files found.

Searching for "*DomaIQ*"
No files found.

Searching for "*Conduit*"
C:\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\components\ConduitAutoCompleteSearch.js	--a---- 8641 bytes	[17:42 14/11/2011]	[17:42 14/11/2011] 467C3FEB6421FFDE5CD545B21DCD4696
C:\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\components\ConduitAutoCompleteSearch.xpt	--a---- 166 bytes	[17:42 14/11/2011]	[17:42 14/11/2011] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\searchplugin\conduit.xml	--a---- 931 bytes	[17:42 14/11/2011]	[17:42 14/11/2011] 4327F0E7327C7855E4F0160BC77B9A75

Searching for "*facemoods*"
No files found.

Searching for "*PriceGong*"
C:\Users\Basti\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.pricegong.com%2Ffavicon.png	--a---- 650 bytes	[21:05 30/11/2012]	[21:05 30/11/2012] 0ECFDCC49F935ACC585212CD8366A88D

Searching for "*eType*"
C:\Program Files\ATI\CIM\Config\PackageType.Dat	--a---- 543 bytes	[15:08 11/06/2007]	[15:08 11/06/2007] D4300930295DB990807468E92F09FBA1
C:\Program Files (x86)\TuneUp Utilities 2013\data\ico_alpha_filetype_16x16.ico	------- 2550 bytes	[19:29 30/11/2012]	[13:00 25/09/2009] A19CAFAA0DA801AF200E45DAD6CBE6A9
C:\Program Files (x86)\TuneUp Utilities 2013\data\ico_alpha_filetype_16x16.png	------- 614 bytes	[19:29 30/11/2012]	[13:00 25/09/2009] FF858188473331C0F648ADFAD7FED268
C:\Program Files (x86)\TuneUp Utilities 2013\data\ico_alpha_FileType_32x32.png	------- 1008 bytes	[19:29 30/11/2012]	[13:00 25/09/2009] 1C39D56A1272E939B44613DA1112CFF3
C:\Program Files (x86)\TuneUp Utilities 2013\data\Integrator\images\panel5\style_filetypes.png	------- 614 bytes	[19:29 30/11/2012]	[13:00 25/09/2009] FF858188473331C0F648ADFAD7FED268
C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll	--a---- 703488 bytes	[00:13 13/12/2012]	[00:13 13/12/2012] 54AB235486EF0272CCF495654FB45ED6
C:\Users\Basti\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fshop.gitarreundmehr.de%2FWebRoot%2FStoreTypes%2F6.14.3%2FStoreHosteurope%2Ffavicon.png	--a---- 94 bytes	[21:36 21/01/2013]	[21:36 21/01/2013] 50B79913396099BAC454943B81E911FE
C:\Users\Basti\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.kostueme-guenstiger.de%2FWebRoot%2FStoreTypes%2F6.14.1%2FStrato%2Ffavicon.png	--a---- 240 bytes	[18:36 22/01/2013]	[18:36 22/01/2013] 9848EAC453423932A0BE7B7AD20CF7B6
C:\Users\Basti\AppData\LocalLow\The Pok__mon Company International\Pokemon Trading Card Game Online\archetypes.bin	--a---- 1007588 bytes	[20:58 07/03/2013]	[20:58 07/03/2013] 6F033D61FFEB444237FD346BB0CC2A41
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\yrdsoke5.default\mimeTypes.rdf	--a---- 3772 bytes	[15:17 18/05/2013]	[15:17 18/05/2013] 4D8F0DE2E95E00ADDFB85962BB629484
C:\Windows\SoftwareDistribution\Download\921c01d5083b492ede909147310ee3f5\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.17130_none_46cc128a0951a80d.manifest	--a---- 6932 bytes	[19:24 22/05/2013]	[23:28 25/09/2012] 95C0E86DEAE4CBE26CC3032AEC36C249
C:\Windows\SoftwareDistribution\Download\921c01d5083b492ede909147310ee3f5\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.21329_none_476983c1225f0d1c.manifest	--a---- 6932 bytes	[19:24 22/05/2013]	[23:19 25/09/2012] 432B4E12E7D7F6D80441F8961DC1E480
C:\Windows\SoftwareDistribution\Download\921c01d5083b492ede909147310ee3f5\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.17959_none_48a5fc16067ff9cf.manifest	--a---- 6932 bytes	[19:24 22/05/2013]	[00:15 26/09/2012] 030A8501FC019497600F6282F67ABCDD
C:\Windows\SoftwareDistribution\Download\921c01d5083b492ede909147310ee3f5\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.22118_none_4959b0691f7e43c0.manifest	--a---- 6932 bytes	[19:24 22/05/2013]	[01:05 26/09/2012] CA6B0492D0D8AB67A2CDB7032287C286
C:\Windows\System32\PortableDeviceTypes.dll	--a---- 219648 bytes	[00:21 14/07/2009]	[01:41 14/07/2009] 4F3CD1C59EA71401E155C432BCECE180
C:\Windows\System32\wbem\portabledevicetypes.mof	--a---- 3490 bytes	[21:07 10/06/2009]	[21:07 10/06/2009] 0481A7A50DB231DA04919B256D6EB39A
C:\Windows\SysWOW64\PortableDeviceTypes.dll	--a---- 159744 bytes	[00:06 14/07/2009]	[01:16 14/07/2009] ADB45A977BD9E45790CA496DB84BA148
C:\Windows\SysWOW64\wbem\portabledevicetypes.mof	--a---- 3490 bytes	[21:46 10/06/2009]	[21:46 10/06/2009] 0481A7A50DB231DA04919B256D6EB39A
C:\Windows\winsxs\amd64_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.1.7601.17514_none_a926cbb502a97a6e\PortableDeviceTypes.dll	--a---- 219648 bytes	[00:21 14/07/2009]	[01:41 14/07/2009] 4F3CD1C59EA71401E155C432BCECE180
C:\Windows\winsxs\amd64_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.1.7601.17514_none_a926cbb502a97a6e\portabledevicetypes.mof	--a---- 3490 bytes	[21:07 10/06/2009]	[21:07 10/06/2009] 0481A7A50DB231DA04919B256D6EB39A
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5.manifest	--a---- 5417 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 0456BC804996A854112EDC9C40B6DE7E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5_aparaj.ttf_789944a5	--a---- 222356 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 0A5B5C55B73F577FF4AC8C9C31B4C183
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5_aparajb.ttf_caad65b5	--a---- 215860 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 7DC2ACC14E8095FAB4EEC11EEBE99B06
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5_aparajbi.ttf_02c81200	--a---- 228456 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] CFDB97EBF546A11E49C38F0DF63708CF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5_aparaji.ttf_ca6e5634	--a---- 239596 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 596E910C2341E1FA280A1FC462BDD32C
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e.manifest	--a---- 5279 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] D8EAD8369C4A37B5D1B175691C79E6CF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e_cordia.ttf_6873986a	--a---- 108572 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 1059AD38E2A3BD334504686A2901EEDB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e_cordiab.ttf_6fc99b08	--a---- 95892 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 89472D248B96ED4271EE74C7E6CDBE9D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e_cordiai.ttf_6f8a8b87	--a---- 100104 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 7A6CD3B905E2CF67EC81A58D1284EE17
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e_cordiaz.ttf_6ef165e0	--a---- 94816 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 3239D4CE37DC032F69B9D20CE4D1B094
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_6.1.7601.17514_none_afa74777185b3852.manifest	--a---- 2057 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] F37ED0885764E8376653F8465F1DBA79
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_6.1.7601.17514_none_afa74777185b3852_dokchamp.ttf_5b18a95f	--a---- 149624 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 119688CC24C7A1C78A469B0ED365EDD7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-gishabold_31bf3856ad364e35_6.1.7600.16385_none_f50009547b049b77.manifest	--a---- 2723 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] 3CAC296A30FECF6F4BEE4844F241640A
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-gishabold_31bf3856ad364e35_6.1.7600.16385_none_f50009547b049b77_gishabd.ttf_f731b2ea	--a---- 74056 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] FE7E63965224194F774A380E9D53AD0D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-moolboran_31bf3856ad364e35_6.1.7600.16385_none_c3c7531afa803429.manifest	--a---- 2470 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 52FA85EB5CAB8FEECF4E3BE13D110845
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-moolboran_31bf3856ad364e35_6.1.7600.16385_none_c3c7531afa803429_moolbor.ttf_8f2a9b94	--a---- 342840 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] DBB5D50716AF7C45DD357A6A585D7A9E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-wingdings_31bf3856ad364e35_6.1.7600.16385_none_85208756a65ef4ea.manifest	--a---- 2974 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 403C9B7CC01FFA05DF763FCE44423D34
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..-truetype-wingdings_31bf3856ad364e35_6.1.7600.16385_none_85208756a65ef4ea_wingding.ttf_c9c065ed	--a---- 83740 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 68C74934563BF4AFA50793C67BD19B24
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_6.1.7600.16385_none_5b3be3e0926bd543.manifest	--a---- 3100 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 7A710DF0FC15D0EF1D325294EFC11DC0
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_6.1.7600.16385_none_5b3be3e0926bd543_lucon.ttf_76ed00f1	--a---- 115016 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] ED07815509F9C255B6E0F66C7910EB97
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-sakkalmajalla_31bf3856ad364e35_6.1.7600.16385_none_fb8092e2c0173c39.manifest	--a---- 2727 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] EDBC8CB3F89C1EAFBA1ED08EEB71CFC9
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-sakkalmajalla_31bf3856ad364e35_6.1.7600.16385_none_fb8092e2c0173c39_majalla.ttf_5a048cf2	--a---- 370084 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 6E89ECFD2776A4697B964580E8924D0F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7.manifest	--a---- 7105 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 5F85DCD6B5E1D125E418FB50DB20486D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7_times.ttf_2caa4556	--a---- 834240 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 01D51F020433AC2343DC03C097AAC735
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7_timesbd.ttf_a3c367a0	--a---- 840736 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] A0CA394C46C62F25631B7151BBDC2D88
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7_timesbi.ttf_a3965c8d	--a---- 619972 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 325B7AB333620D3DEBACEEA720B2ED27
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7_timesi.ttf_88bb465f	--a---- 661244 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 4E08287934414B094529E48ACEBA0C4B
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_6.1.7600.16385_none_2a668cf479ef0388.manifest	--a---- 3731 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 80B0F9F5E2DD4FBD578CFFDA017DFEBD
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_6.1.7600.16385_none_2a668cf479ef0388_iskpota.ttf_b97d7073	--a---- 548036 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 38ACC11EE03D6C1DF3DF3CC99A04B734
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_6.1.7600.16385_none_2a668cf479ef0388_iskpotab.ttf_f096fc81	--a---- 368924 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 9D1485C0D69BF9DBB6C5C8D1A1294299
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-new_tai_lue_31bf3856ad364e35_6.1.7600.16385_none_325f57c8c0ee36a8.manifest	--a---- 3762 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] DA31A1BA2943293C736A51A1E0C123B7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-new_tai_lue_31bf3856ad364e35_6.1.7600.16385_none_325f57c8c0ee36a8_ntailu.ttf_c1891505	--a---- 82864 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 58448BC8344E86403C7AD25B3509965F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..ruetype-new_tai_lue_31bf3856ad364e35_6.1.7600.16385_none_325f57c8c0ee36a8_ntailub.ttf_139d3615	--a---- 75552 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 3CDB6AC81169D4D2D5C0D8A204EF35A9
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335.manifest	--a---- 5275 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 23A2AE8EF9C123F971D2DDF732314947
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335_angsa.ttf_06632f96	--a---- 109808 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] CC6C99B66A5B4C4E82FF2C6ED95077B4
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335_angsab.ttf_2615c880	--a---- 106220 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 3CB74FE6198EE7B4E4F675AACF265618
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335_angsai.ttf_284d5409	--a---- 103444 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] B50EF16C35EC7487935D84BDE8C770D1
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335_angsaz.ttf_2dafa6e8	--a---- 105636 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 5E9F0667FB361414006555937EA5E053
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b.manifest	--a---- 6885 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] DC429046AF05CE093B5D6967DBE199BE
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b_cour.ttf_054afabf	--a---- 709600 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 5BC234E37EE12ADC26918EB88E5E4EC4
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b_courbd.ttf_7d4db8d5	--a---- 710192 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 47EEA0AEE6A658D70341A2CCC25BB819
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b_courbi.ttf_7ee31c80	--a---- 530336 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] AA3AA1F24B74AB96BE6835B500CC4E17
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b_couri.ttf_21733c5a	--a---- 618240 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 166CF3C23215A1444FBF866189C88D79
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_6.1.7600.16385_none_6485fe8bf7ee4be9.manifest	--a---- 2725 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 0D1D03A511F4E0A9F1AF1A4ACE2DBF30
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_6.1.7600.16385_none_6485fe8bf7ee4be9_leelawad.ttf_cebbef27	--a---- 97752 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] A772AA8A7D2A778D9A2A43CC6D96ADA3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_6.1.7600.16385_none_d0e8774fa1155a53.manifest	--a---- 2057 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 0199DDF5BE9020698303EF9A32DFB91C
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_6.1.7600.16385_none_d0e8774fa1155a53_l_10646.ttf_f757c3ca	--a---- 325400 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] BCCCD674C3FE808A4B01B8914C6898D5
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-meiryobold_31bf3856ad364e35_6.1.7600.16385_none_2942916491573830.manifest	--a---- 2639 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] E80D54D64C3679CCB52A42046E3C1C24
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..truetype-meiryobold_31bf3856ad364e35_6.1.7600.16385_none_2942916491573830_meiryob.ttc_d9ebd964	--a---- 9749256 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 95F75A104ABDC82E3AAD20279DA01AAB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..uetype-malgungothic_31bf3856ad364e35_6.1.7600.16385_none_6144d01edfdac19c.manifest	--a---- 2566 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 0ED33A214CCF634C95B3A45A86ECCE24
C:\Windows\winsxs\Backup\amd64_microsoft-windows-f..uetype-malgungothic_31bf3856ad364e35_6.1.7600.16385_none_6144d01edfdac19c_malgun.ttf_166813d8	--a---- 4337296 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] E06E6E77FB5ACEFC83E0589B6CE53E9D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40.manifest	--a---- 7490 bytes	[21:35 14/11/2011]	[21:08 14/11/2011] A43B465A9073DD245889B42BABBDF12E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40_arial.ttf_e828c109	--a---- 778552 bytes	[21:35 14/11/2011]	[21:08 14/11/2011] 05ADA5BD099C819F28FBE4A1DE2F0A61
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40_arialbd.ttf_d4f87b8d	--a---- 749004 bytes	[21:35 14/11/2011]	[21:08 14/11/2011] EB71CDAE8106DF1BC31444A045F812A4
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40_arialbi.ttf_d4cb707a	--a---- 561924 bytes	[21:35 14/11/2011]	[21:08 14/11/2011] 934B2FAC22C00682057E26B895E48188
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40_ariali.ttf_a85a3504	--a---- 555884 bytes	[21:35 14/11/2011]	[21:08 14/11/2011] 4D5964EC09D480476DF4B48BF3D1DE14
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-batang_31bf3856ad364e35_6.1.7600.16385_none_13de7dc07ffbe591.manifest	--a---- 3694 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] D94F28AB5A347B521B24B834D8FC6702
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-batang_31bf3856ad364e35_6.1.7600.16385_none_13de7dc07ffbe591_batang.ttc_949601ce	--a---- 16264732 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] 982509F4C25A0AC0F4E368E222E894FE
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_6.1.7601.17514_none_65eab3ba3a64f6af.manifest	--a---- 2055 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] E9E68AFDAC61BAE0B25E07D0A06E8323
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_6.1.7601.17514_none_65eab3ba3a64f6af_daunpenh.ttf_f02ee377	--a---- 190700 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 5A68A4E0BD54F918326FDCF96028E3FF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_6.1.7600.16385_none_2a70c05575ba0bb8.manifest	--a---- 3727 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] CEB455C76EB3676D06541CC3EAF19B6E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_6.1.7600.16385_none_2a70c05575ba0bb8_ebrima.ttf_8897b9ba	--a---- 304428 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] 1BA82D324736A8A9D4327D482C4627C4
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_6.1.7600.16385_none_2a70c05575ba0bb8_ebrimabd.ttf_c39dde16	--a---- 298952 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] 16CEC52B0C38A2A8E37A23AE9A953FCF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54.manifest	--a---- 2563 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] 5363C6C467724C6512941D802EB6352D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54_euphemia.ttf_dc2c9458	--a---- 172656 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] 5C81010800152B142EA357CCBEE8C40E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gabriola_31bf3856ad364e35_6.1.7601.17514_none_e65a866e9dc81eaf.manifest	--a---- 2563 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 98B03FF28D9981EADD71E243AE5F1AAA
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gabriola_31bf3856ad364e35_6.1.7601.17514_none_e65a866e9dc81eaf_gabriola.ttf_2896bb77	--a---- 1804512 bytes	[03:32 21/11/2010]	[03:27 21/11/2010] 9F6C62F1F041CA9F3D69AC76684314D0
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_6.1.7600.16385_none_d7a960cbb5ebb166.manifest	--a---- 3714 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 0578DC1516FA41F21A9691F79345A990
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_6.1.7600.16385_none_d7a960cbb5ebb166_gautami.ttf_b2983076	--a---- 256384 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 379C6A5EC3D085B1AD2F0D83FD40C580
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_6.1.7600.16385_none_d7a960cbb5ebb166_gautamib.ttf_eba5f98c	--a---- 221268 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 1CB82C6F93C51AA8DD7C7EA82CD641EB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gisha_31bf3856ad364e35_6.1.7600.16385_none_9cb7ddca79444d70.manifest	--a---- 2698 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 6A3095B39497E368EA72ACBA871161F2
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gisha_31bf3856ad364e35_6.1.7600.16385_none_9cb7ddca79444d70_gisha.ttf_9a79c88c	--a---- 72932 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] D3E5565884B751094DF6825C37EEAC5E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gulim_31bf3856ad364e35_6.1.7600.16385_none_a1815c1476403b50.manifest	--a---- 3931 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] BEE9C432D3DF7B0E6AE63732EE4344AB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-gulim_31bf3856ad364e35_6.1.7600.16385_none_a1815c1476403b50_gulim.ttc_7c526737	--a---- 13524972 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] FDE85C81A1B925FAC046E0C916F04847
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_6.1.7600.16385_none_66211148328492ad.manifest	--a---- 3717 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 9C503C00E7BB9A151EA7D26B453FB705
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_6.1.7600.16385_none_66211148328492ad_kartika.ttf_0cd3884f	--a---- 131264 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 91CFE9F3B498C81D9095976C00BC1664
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_6.1.7600.16385_none_66211148328492ad_kartikab.ttf_45e15165	--a---- 126460 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] BB1045132F8D0C83AA339E311194F072
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_6.1.7600.16385_none_a4fa82598434113b.manifest	--a---- 3863 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] B917E8E8BDBE3F86C6B20D63896775DD
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_6.1.7600.16385_none_a4fa82598434113b_khmerui.ttf_235cfc01	--a---- 330464 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 56F089D4A1AECFE1368A63828E078332
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_6.1.7600.16385_none_a4fa82598434113b_khmeruib.ttf_5516e039	--a---- 263864 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] C5F4291DD642D702FFB779FB404A1A96
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3.manifest	--a---- 5397 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] EF1B99037D5C62C6CBDBBED960AC05C8
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3_kokila.ttf_28595c29	--a---- 201680 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] E81D8414C1FFCDCA76DECBE30BDA10A9
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3_kokilab.ttf_4e762005	--a---- 202196 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 97C0C76B9794131EACC206B4F4FF45B0
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3_kokilabi.ttf_822b42fe	--a---- 235940 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 5B536B9B1F28541888176C236178057F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3_kokilai.ttf_4e371084	--a---- 241672 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] B7E6414813AB300059F544B4D7005D61
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_6.1.7600.16385_none_d02cc17733960c0e.manifest	--a---- 3841 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 22F3316F783F38188830205C002D4B16
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_6.1.7600.16385_none_d02cc17733960c0e_laoui.ttf_7e71da2e	--a---- 97516 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 998C392B8982EFAB2B87EB46D7EBC485
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_6.1.7600.16385_none_d02cc17733960c0e_laouib.ttf_9bbcb09e	--a---- 88700 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 9BDB49CE05598D1F68939CCBA0CD39C7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c.manifest	--a---- 3705 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] FD1C03B33E9E799F58A37D887C1C84A2
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c_latha.ttf_95056720	--a---- 120848 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] ACC67C6F3EA43DEE389EF123E02782A0
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c_lathab.ttf_b2503d90	--a---- 119848 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 25AC104DB31463ABF624C03E3219A231
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_6.1.7601.17514_none_125c068ced09fd34.manifest	--a---- 3757 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 4B6E92D1BB4D4649F298689B014275A6
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_6.1.7601.17514_none_125c068ced09fd34_mangal.ttf_4eb5eb98	--a---- 206260 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] C43B90A850A8309ED8001F1FFCC2D961
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_6.1.7601.17514_none_125c068ced09fd34_mangalb.ttf_67a2137e	--a---- 191892 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 2634CE66D1C3D8634D2D0174C924D12C
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_6.1.7600.16385_none_aa49e9141901cae9.manifest	--a---- 2537 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] D8EE629D989072E00FA3E492585016A3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_6.1.7600.16385_none_aa49e9141901cae9_marlett.ttf_4c6c9093	--a---- 26672 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 5F10DAF510C3CB9CCFA737CADE9C5A90
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.1.7600.16385_none_d054871761215689.manifest	--a---- 2612 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 384B494B333094252700681366AB69AF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.1.7600.16385_none_d054871761215689_meiryo.ttc_ab0401d6	--a---- 9533888 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] D516FD68397BCED208EF2BDF5F71ED6D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mingliub_31bf3856ad364e35_6.1.7600.16385_none_2516994551e62499.manifest	--a---- 3472 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 76DFE649463734B311CF0799564DDA45
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mingliub_31bf3856ad364e35_6.1.7600.16385_none_2516994551e62499_mingliub.ttc_b8743970	--a---- 33805700 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] D4E65A967CC41D732CAE728BD3283692
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-msgothic_31bf3856ad364e35_6.1.7600.16385_none_34a180b79866a79c.manifest	--a---- 3491 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] 23E3AA80858C76F3ABE692BB7C08F9C6
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-msgothic_31bf3856ad364e35_6.1.7600.16385_none_34a180b79866a79c_msgothic.ttc_5396000d	--a---- 9176636 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 1F162793323E204A0D598A9AA4241443
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-msmincho_31bf3856ad364e35_6.1.7600.16385_none_be34642396bfadae.manifest	--a---- 3203 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] C2C1F3142A83746D67B1777192E63508
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-msmincho_31bf3856ad364e35_6.1.7600.16385_none_be34642396bfadae_msmincho.ttc_45a433bb	--a---- 10057108 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] EA3F8835F67B492A0740AC34E1E807F8
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_6.1.7600.16385_none_cee2efd161995b03.manifest	--a---- 2827 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 39D8325099CD5F32BFCFA171E3373306
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_6.1.7600.16385_none_cee2efd161995b03_mvboli.ttf_74791b0f	--a---- 84940 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] A7E3822358F6DCB2F986A68CF24721B2
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_6.1.7600.16385_none_11cc5af51bce7775.manifest	--a---- 2809 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 1DC6A688A8180565B84FD2D6489391EF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_6.1.7600.16385_none_11cc5af51bce7775_nyala.ttf_cf5a23e7	--a---- 438016 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 9F895BE44FD462D400A25832EC1095A1
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_6.1.7600.16385_none_cec462f31334afc8.manifest	--a---- 3744 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 0ECCF6D227DC77B2D15280658444B12E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_6.1.7600.16385_none_cec462f31334afc8_phagspa.ttf_5183c1d4	--a---- 146496 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 623A4E160C7783FB2450E2FADE07D883
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_6.1.7600.16385_none_cec462f31334afc8_phagspab.ttf_8437c490	--a---- 150228 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] C96B36C6EC8C33462679CBF409F929DB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243.manifest	--a---- 3705 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 4372E01549F493EBA3911B56124A80B3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243_raavi.ttf_15141359	--a---- 94300 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 8805728574A7EAF7D45CCB53591BD8A7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243_raavib.ttf_325ee9c9	--a---- 93800 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 32C4BFDAFA2C62023F5A95EC3D404CDD
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911.manifest	--a---- 8306 bytes	[17:17 16/08/2012]	[05:24 16/08/2012] 651A1880A8488BF7D2F78CD1C9975730
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_segoeui.ttf_b39275ad	--a---- 516560 bytes	[17:17 16/08/2012]	[05:24 16/08/2012] 69917140BC7639D6AAB16C3FD4637A8B
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_segoeuib.ttf_ea2ef279	--a---- 497372 bytes	[17:17 16/08/2012]	[05:24 16/08/2012] 0FD37958CD0738645F4D2DEB2DD9B59F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_segoeuii.ttf_ea35f432	--a---- 385560 bytes	[17:17 16/08/2012]	[05:24 16/08/2012] 494772733B824FA9084757B082533610
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_segoeuil.ttf_ea38f4ef	--a---- 330908 bytes	[17:17 16/08/2012]	[05:24 16/08/2012] 5076583FA2A14CD2CF3634FF59A1138B
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_segoeuiz.ttf_ea46f861	--a---- 398148 bytes	[17:17 16/08/2012]	[05:24 16/08/2012] AD4AEC6E9E8956AA5263F8F3A6C8803F
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_seguisb.ttf_a7ce912e	--a---- 406192 bytes	[17:17 16/08/2012]	[05:24 16/08/2012] D4D6E1A6527A21185217393C427A52CB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911_seguisym.ttf_e095394a	--a---- 842104 bytes	[17:17 16/08/2012]	[05:24 16/08/2012] 714BD6C91CDD7390094567BF4D6A4E74
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shonar_31bf3856ad364e35_6.1.7601.17514_none_22bcf2b96e304317.manifest	--a---- 3514 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] A12284FD44CD2E9E8E278F50AC6B6ECC
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shonar_31bf3856ad364e35_6.1.7601.17514_none_22bcf2b96e304317_shonar.ttf_fdf1d355	--a---- 340100 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 53D7C27D36716A2E787903901E194932
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shonar_31bf3856ad364e35_6.1.7601.17514_none_22bcf2b96e304317_shonarb.ttf_127871e9	--a---- 301028 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 79E741EA910EF300165854F7854CD215
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_6.1.7600.16385_none_295c980d6b8c1975.manifest	--a---- 3705 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] D009E450187F272361EED37205547F81
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_6.1.7600.16385_none_295c980d6b8c1975_shruti.ttf_c4dbca5d	--a---- 270172 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] A4C86F8B063BA5894439B3E1B3B77A50
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_6.1.7600.16385_none_295c980d6b8c1975_shrutib.ttf_cc31ccfb	--a---- 235340 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 31D8BDC6FF93105F5E81865633C9426A
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-simsunb_31bf3856ad364e35_6.1.7600.16385_none_ecef7b9d35a0dabd.manifest	--a---- 2842 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] E09F343C82E3348D62E48EC5E3C14EDF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-simsunb_31bf3856ad364e35_6.1.7600.16385_none_ecef7b9d35a0dabd_simsunb.ttf_08f71e3f	--a---- 15406288 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 417A85FF314928ADC67E51BB1B458F04
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-simsun_31bf3856ad364e35_6.1.7600.16385_none_56fe10b1895fd80b.manifest	--a---- 3436 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 4675A13F9E1EB02A6E3FCB0E35FFEEEF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-simsun_31bf3856ad364e35_6.1.7600.16385_none_56fe10b1895fd80b_simsun.ttc_eba56c14	--a---- 15323200 bytes	[02:59 14/07/2009]	[02:57 14/07/2009] 4D96249C34F491BA811E06078263A47D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-sylfaen_31bf3856ad364e35_6.1.7600.16385_none_baa3a3fe00df3026.manifest	--a---- 2834 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] 98BCF1795FEB446CE4AE285626169DCF
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-sylfaen_31bf3856ad364e35_6.1.7600.16385_none_baa3a3fe00df3026_sylfaen.ttf_c14359b6	--a---- 228348 bytes	[02:59 14/07/2009]	[02:58 14/07/2009] CF85131EF1119A8D56E92CD8FF533995
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e.manifest	--a---- 2907 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] 00EC06A9133600D2C547F8F8D591A126
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e_symbol.ttf_7a3af274	--a---- 70128 bytes	[02:59 14/07/2009]	[02:56 14/07/2009] 9629034E291841F941497D4A365C01F7
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.17621_none_8de4a1378b4dcecd.manifest	--a---- 3818 bytes	[21:35 14/11/2011]	[21:08 14/11/2011] C8C26460D00177522E6C8780DE5AE86E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.17621_none_8de4a1378b4dcecd_tahoma.ttf_586caa52	--a---- 700180 bytes	[21:35 14/11/2011]	[21:08 14/11/2011] 801BC5BED6BF516980E1891A785563A8
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.17621_none_8de4a1378b4dcecd_tahomabd.ttf_c258876e	--a---- 648008 bytes	[21:35 14/11/2011]	[21:08 14/11/2011] 269A3173C2531CFC6B376971A672DAC3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tai_le_31bf3856ad364e35_6.1.7600.16385_none_8b27023f8ebb68a4.manifest	--a---- 3726 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 6A35F8A3BB454B24AB29FF307D1F67E2
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tai_le_31bf3856ad364e35_6.1.7600.16385_none_8b27023f8ebb68a4_taile.ttf_52348015	--a---- 72008 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] FF43E14BDCC67883FBD7A6F6223920CC
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tai_le_31bf3856ad364e35_6.1.7600.16385_none_8b27023f8ebb68a4_taileb.ttf_6f7f5685	--a---- 63364 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 22181869727DC4B201302CC1C78F9ACE
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_6.1.7600.16385_none_e4baa884cb08804d.manifest	--a---- 3693 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] EDDDDA4D5747DB4BBEB644FDF996CD5E
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_6.1.7600.16385_none_e4baa884cb08804d_tunga.ttf_63bed00f	--a---- 188908 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 74CE3AEE1A945A489752721B23A8027C
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_6.1.7600.16385_none_e4baa884cb08804d_tungab.ttf_986e3427	--a---- 174896 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 2EB142DA4A4DDA7DCC915715DA3925DA
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202.manifest	--a---- 5396 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] BA2245A2F670C5414F91F7E3BE66180D
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202_utsaah.ttf_0b44910a	--a---- 216004 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 8A7D5EF1C37A77234417883EC9FDD6F6
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202_utsaahb.ttf_0e350a56	--a---- 210644 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 91E40B267560B94AF8306B4A43D189EB
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202_utsaahbi.ttf_3e01b33f	--a---- 218956 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 15B5D45C8C7723ABB68D0F98F5A9393B
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202_utsaahi.ttf_0df5fad5	--a---- 239152 bytes	[03:31 21/11/2010]	[03:26 21/11/2010] 617D7B66904A63C374450DB06412E9B6
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vani_31bf3856ad364e35_6.1.7601.17514_none_5a885c9b0fafaf30.manifest	--a---- 3462 bytes	[03:32 21/11/2010]	[03:26 21/11/2010] 01BFD80FF763D158FB5BD0C584BD54AC
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vani_31bf3856ad364e35_6.1.7601.17514_none_5a885c9b0fafaf30_vani.ttf_cae9a052	--a---- 386996 bytes	[03:32 21/11/2010]	[03:26 21/11/2010] A806161B4AB9F06085DD7C969C6AB6F3
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vani_31bf3856ad364e35_6.1.7601.17514_none_5a885c9b0fafaf30_vanib.ttf_8c9d41c8	--a---- 370576 bytes	[03:32 21/11/2010]	[03:26 21/11/2010] 756871F756EE24C7029AAFDAD4CBDC62
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vijaya_31bf3856ad364e35_6.1.7601.17514_none_44db357a5c7540d8.manifest	--a---- 3494 bytes	[03:32 21/11/2010]	[03:26 21/11/2010] BC1F01A177243A2CF51228197BE66B30
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vijaya_31bf3856ad364e35_6.1.7601.17514_none_44db357a5c7540d8_vijaya.ttf_a73b2b74	--a---- 171192 bytes	[03:32 21/11/2010]	[03:26 21/11/2010] E2FEBB205F1BDA4C972F37857F327B82
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vijaya_31bf3856ad364e35_6.1.7601.17514_none_44db357a5c7540d8_vijayab.ttf_d1bd78a2	--a---- 154072 bytes	[03:32 21/11/2010]	[03:26 21/11/2010] 6CD6865A4DCA5AF03B76E21C34D80E70
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_6.1.7600.16385_none_d2195f0f72f474c8.manifest	--a---- 3719 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 105C3618D7D07B871F8217B453208678
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_6.1.7600.16385_none_d2195f0f72f474c8_vrinda.ttf_4a270eaa	--a---- 259520 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] 3B839B8F5B064F5C20F40027783E6366
C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_6.1.7600.16385_none_d2195f0f72f474c8_vrindab.ttf_790ee52a	--a---- 257672 bytes	[02:59 14/07/2009]	[02:59 14/07/2009] C573F57D8C25477A939E3FCE3C737073
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-aparajita_31bf3856ad364e35_6.1.7601.17514_none_d123c185ad71f4d5.manifest	--a---- 5417 bytes	[03:16 21/11/2010]	[03:16 21/11/2010] 0456BC804996A854112EDC9C40B6DE7E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-cordianew_31bf3856ad364e35_6.1.7600.16385_none_de85488c0241f96e.manifest	--a---- 5279 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] D8EAD8369C4A37B5D1B175691C79E6CF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-cordiaupc_31bf3856ad364e35_6.1.7600.16385_none_d5acc06207f06a2e.manifest	--a---- 5106 bytes	[02:33 14/07/2009]	[02:18 14/07/2009] 55B71A3A3E8A1A37C4A444A97A4E19E2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-dokchampa_31bf3856ad364e35_6.1.7601.17514_none_afa74777185b3852.manifest	--a---- 2057 bytes	[03:16 21/11/2010]	[03:16 21/11/2010] F37ED0885764E8376653F8465F1DBA79
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-gishabold_31bf3856ad364e35_6.1.7600.16385_none_f50009547b049b77.manifest	--a---- 2723 bytes	[02:33 14/07/2009]	[02:12 14/07/2009] 3CAC296A30FECF6F4BEE4844F241640A
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-levenimmt_31bf3856ad364e35_6.1.7600.16385_none_e0843b84595f479b.manifest	--a---- 3272 bytes	[02:33 14/07/2009]	[02:27 14/07/2009] 7D7A96912FE62441D0BA0D2E05551DF3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-moolboran_31bf3856ad364e35_6.1.7600.16385_none_c3c7531afa803429.manifest	--a---- 2470 bytes	[02:33 14/07/2009]	[02:17 14/07/2009] 52FA85EB5CAB8FEECF4E3BE13D110845
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..-truetype-wingdings_31bf3856ad364e35_6.1.7600.16385_none_85208756a65ef4ea.manifest	--a---- 2974 bytes	[02:33 14/07/2009]	[02:23 14/07/2009] 403C9B7CC01FFA05DF763FCE44423D34
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..etype-lucidaconsole_31bf3856ad364e35_6.1.7600.16385_none_5b3be3e0926bd543.manifest	--a---- 3100 bytes	[02:33 14/07/2009]	[02:27 14/07/2009] 7A710DF0FC15D0EF1D325294EFC11DC0
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..etype-sakkalmajalla_31bf3856ad364e35_6.1.7600.16385_none_fb8092e2c0173c39.manifest	--a---- 2727 bytes	[02:33 14/07/2009]	[02:26 14/07/2009] EDBC8CB3F89C1EAFBA1ED08EEB71CFC9
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7.manifest	--a---- 7105 bytes	[03:16 21/11/2010]	[03:16 21/11/2010] 5F85DCD6B5E1D125E418FB50DB20486D
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-aharonibold_31bf3856ad364e35_6.1.7600.16385_none_df8bf8e079b63081.manifest	--a---- 2379 bytes	[02:33 14/07/2009]	[02:15 14/07/2009] 1CE83FBBE4E2A168DF80FEF71469A066
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-comicsansms_31bf3856ad364e35_6.1.7600.16385_none_384a156a54139a6c.manifest	--a---- 3288 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] 6AF73999B2FA4A485C06D269E0550075
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-dilleniaupc_31bf3856ad364e35_6.1.7600.16385_none_8390abd0a70bdb46.manifest	--a---- 5090 bytes	[02:33 14/07/2009]	[02:23 14/07/2009] EF2D841D59185CCCB3A924819A823E96
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-eucrosiaupc_31bf3856ad364e35_6.1.7600.16385_none_ecd82d1c49af0689.manifest	--a---- 5090 bytes	[02:33 14/07/2009]	[02:18 14/07/2009] 2DFD99AAA62D5C15B2FFAD34798573D8
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-iskoolapota_31bf3856ad364e35_6.1.7600.16385_none_2a668cf479ef0388.manifest	--a---- 3731 bytes	[02:33 14/07/2009]	[02:26 14/07/2009] 80B0F9F5E2DD4FBD578CFFDA017DFEBD
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-new_tai_lue_31bf3856ad364e35_6.1.7600.16385_none_325f57c8c0ee36a8.manifest	--a---- 3762 bytes	[02:33 14/07/2009]	[02:18 14/07/2009] DA31A1BA2943293C736A51A1E0C123B7
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-plantagenet_31bf3856ad364e35_6.1.7600.16385_none_47246d9331e672af.manifest	--a---- 2393 bytes	[02:33 14/07/2009]	[02:19 14/07/2009] 9DD6927DC2BB56405DC6B18025294EBC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-segoescript_31bf3856ad364e35_6.1.7601.17514_none_32eade0d03ae2a68.manifest	--a---- 3329 bytes	[03:15 21/11/2010]	[03:15 21/11/2010] 3FF8B9014F6958EB89039950F5443463
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..ruetype-trebuchetms_31bf3856ad364e35_6.1.7600.16385_none_d9b57888a1592ef4.manifest	--a---- 5121 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] C04DAAC71FF78B03C97723394FFA2083
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-angsananew_31bf3856ad364e35_6.1.7600.16385_none_bfea396e1dabb335.manifest	--a---- 5275 bytes	[02:33 14/07/2009]	[02:24 14/07/2009] 23A2AE8EF9C123F971D2DDF732314947
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-angsanaupc_31bf3856ad364e35_6.1.7600.16385_none_c5a2a76019e76995.manifest	--a---- 5101 bytes	[02:33 14/07/2009]	[02:27 14/07/2009] 75F475575D9D13C85056D1F21F5A039F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-arialblack_31bf3856ad364e35_6.1.7600.16385_none_4540bd0a80a4a192.manifest	--a---- 2377 bytes	[02:33 14/07/2009]	[02:15 14/07/2009] C3DD6BF3DF6F2709A9C7F78AFDE6F57F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-constantia_31bf3856ad364e35_6.1.7600.16385_none_66fc2dc6236a4562.manifest	--a---- 5124 bytes	[02:33 14/07/2009]	[02:18 14/07/2009] 0BAE5F104A2902EBBBC341F3FA76889F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-couriernew_31bf3856ad364e35_6.1.7600.16385_none_32383eb7c6ebfd9b.manifest	--a---- 6885 bytes	[02:33 14/07/2009]	[02:27 14/07/2009] DC429046AF05CE093B5D6967DBE199BE
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-frankruehl_31bf3856ad364e35_6.1.7600.16385_none_5a232d6cfade165e.manifest	--a---- 2373 bytes	[02:33 14/07/2009]	[02:14 14/07/2009] 8A601B5EE34179184ABDC3D1BFDF6410
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-freesiaupc_31bf3856ad364e35_6.1.7600.16385_none_ad8aa55efd12136f.manifest	--a---- 5083 bytes	[02:33 14/07/2009]	[02:18 14/07/2009] 910CCDADEE418A998EF16EFB08161C46
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-jasmineupc_31bf3856ad364e35_6.1.7600.16385_none_fffdf1db5de6d26d.manifest	--a---- 5083 bytes	[02:33 14/07/2009]	[02:22 14/07/2009] 6E4C90ED2DF63F9AF1C9208DA05D5ABC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-leelawadee_31bf3856ad364e35_6.1.7600.16385_none_6485fe8bf7ee4be9.manifest	--a---- 2725 bytes	[02:33 14/07/2009]	[02:19 14/07/2009] 0D1D03A511F4E0A9F1AF1A4ACE2DBF30
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-lucidasans_31bf3856ad364e35_6.1.7600.16385_none_d0e8774fa1155a53.manifest	--a---- 2057 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] 0199DDF5BE9020698303EF9A32DFB91C
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-meiryobold_31bf3856ad364e35_6.1.7600.16385_none_2942916491573830.manifest	--a---- 2639 bytes	[02:33 14/07/2009]	[02:27 14/07/2009] E80D54D64C3679CCB52A42046E3C1C24
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..truetype-segoeprint_31bf3856ad364e35_6.1.7600.16385_none_50896942163a554e.manifest	--a---- 3027 bytes	[02:33 14/07/2009]	[02:12 14/07/2009] AA01482EE49506437EDC2C5587610E21
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..uetype-browallianew_31bf3856ad364e35_6.1.7600.16385_none_8ec8f32d06b7767f.manifest	--a---- 5109 bytes	[02:33 14/07/2009]	[02:27 14/07/2009] A43FD3CCA593C200E3053A09B04B1A1C
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..uetype-browalliaupc_31bf3856ad364e35_6.1.7600.16385_none_8e8a0e8706e4503f.manifest	--a---- 5115 bytes	[02:33 14/07/2009]	[02:18 14/07/2009] E8555067506021ADA464C653DEFC2185
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..uetype-kodchiangupc_31bf3856ad364e35_6.1.7600.16385_none_d01c5f41457227be.manifest	--a---- 5097 bytes	[02:33 14/07/2009]	[02:18 14/07/2009] 9821A89042CDF32DD2005395C4F40F28
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-f..uetype-malgungothic_31bf3856ad364e35_6.1.7600.16385_none_6144d01edfdac19c.manifest	--a---- 2566 bytes	[02:33 14/07/2009]	[02:12 14/07/2009] 0ED33A214CCF634C95B3A45A86ECCE24
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-andalus_31bf3856ad364e35_6.1.7600.16385_none_4edc66caddc48ae2.manifest	--a---- 2359 bytes	[02:33 14/07/2009]	[02:17 14/07/2009] 26D869714241D0DCF99C050E7DC46051
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17514_none_d0a9759ec3fa9e2d.manifest	--a---- 7490 bytes	[03:17 21/11/2010]	[03:17 21/11/2010] CE5CA32A981728EC5E08BFCE60030EB6
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.17621_none_d09ba6bac4056b40.manifest	------- 7490 bytes	[16:47 14/11/2011]	[12:10 24/05/2011] A43B465A9073DD245889B42BABBDF12E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.1.7601.21733_none_d11c742ddd2959a9.manifest	------- 7490 bytes	[16:47 14/11/2011]	[13:23 24/05/2011] 75C1F2B353CFCD400D1BDCCB26BA831F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-batang_31bf3856ad364e35_6.1.7600.16385_none_13de7dc07ffbe591.manifest	--a---- 3694 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] D94F28AB5A347B521B24B834D8FC6702
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7600.16385_none_469b1ef409759322.manifest	--a---- 5108 bytes	[02:33 14/07/2009]	[02:16 14/07/2009] D2A4F09CC72F8211819C0678A68B4C33
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.17959_none_48a5fc16067ff9cf.manifest	------- 6932 bytes	[20:06 14/11/2012]	[00:15 26/09/2012] 030A8501FC019497600F6282F67ABCDD
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-calibri_31bf3856ad364e35_6.1.7601.22118_none_4959b0691f7e43c0.manifest	------- 6932 bytes	[20:06 14/11/2012]	[01:05 26/09/2012] CA6B0492D0D8AB67A2CDB7032287C286
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-cambria_31bf3856ad364e35_6.1.7601.17514_none_50c7a4451ab021fd.manifest	--a---- 4855 bytes	[03:17 21/11/2010]	[03:17 21/11/2010] 42FF57B86762522845A05D7B5B903161
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-candara_31bf3856ad364e35_6.1.7600.16385_none_47342bc83c01bc90.manifest	--a---- 5108 bytes	[02:33 14/07/2009]	[02:18 14/07/2009] DC2997428FF8E6E0068DF2EF556DC2E2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_6.1.7600.16385_none_c5e444bbbf030bfa.manifest	--a---- 5371 bytes	[02:33 14/07/2009]	[02:28 14/07/2009] 912133107740F67F02F724D740B00D96
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-corbel_31bf3856ad364e35_6.1.7600.16385_none_2e9e7f8d18669105.manifest	--a---- 5089 bytes	[02:33 14/07/2009]	[02:16 14/07/2009] B5E38D80F5BBB6F15EBFEB4BA8DEDD11
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-daunpenh_31bf3856ad364e35_6.1.7601.17514_none_65eab3ba3a64f6af.manifest	--a---- 2055 bytes	[03:15 21/11/2010]	[03:15 21/11/2010] E9E68AFDAC61BAE0B25E07D0A06E8323
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-david_31bf3856ad364e35_6.1.7600.16385_none_b50b10afa0728978.manifest	--a---- 3263 bytes	[02:33 14/07/2009]	[02:26 14/07/2009] 7AE47CCA11E569DC56A0D57C3B1C590E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-dfkaisb_31bf3856ad364e35_6.1.7600.16385_none_cf50101c76a692b6.manifest	--a---- 2093 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] CDC20CCC92AAE3AA3DD43BE42B50E001
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-ebrima_31bf3856ad364e35_6.1.7600.16385_none_2a70c05575ba0bb8.manifest	--a---- 3727 bytes	[02:33 14/07/2009]	[02:16 14/07/2009] CEB455C76EB3676D06541CC3EAF19B6E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-euphemia_31bf3856ad364e35_6.1.7600.16385_none_14191eff72a98c54.manifest	--a---- 2563 bytes	[02:33 14/07/2009]	[02:16 14/07/2009] 5363C6C467724C6512941D802EB6352D
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-gabriola_31bf3856ad364e35_6.1.7601.17514_none_e65a866e9dc81eaf.manifest	--a---- 2563 bytes	[03:15 21/11/2010]	[03:15 21/11/2010] 98B03FF28D9981EADD71E243AE5F1AAA
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-gautami_31bf3856ad364e35_6.1.7600.16385_none_d7a960cbb5ebb166.manifest	--a---- 3714 bytes	[02:33 14/07/2009]	[02:15 14/07/2009] 0578DC1516FA41F21A9691F79345A990
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-georgia_31bf3856ad364e35_6.1.7600.16385_none_8ceadd6195267598.manifest	--a---- 5090 bytes	[02:33 14/07/2009]	[02:17 14/07/2009] 1895AB11B789E498F54B53B0640D3255
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-gisha_31bf3856ad364e35_6.1.7600.16385_none_9cb7ddca79444d70.manifest	--a---- 2698 bytes	[02:33 14/07/2009]	[02:19 14/07/2009] 6A3095B39497E368EA72ACBA871161F2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-gulim_31bf3856ad364e35_6.1.7600.16385_none_a1815c1476403b50.manifest	--a---- 3931 bytes	[02:33 14/07/2009]	[02:14 14/07/2009] BEE9C432D3DF7B0E6AE63732EE4344AB
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-impact_31bf3856ad364e35_6.1.7601.17514_none_a7740a1a89b08d82.manifest	--a---- 2623 bytes	[03:16 21/11/2010]	[03:16 21/11/2010] 8AA1E2EB25B4BE03DEB47F8D7E7D9AA0
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-irisupc_31bf3856ad364e35_6.1.7600.16385_none_2449677664faf8df.manifest	--a---- 5062 bytes	[02:33 14/07/2009]	[02:21 14/07/2009] 04A2F608570C41F2897F0A6115AFC5BA
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-kalinga_31bf3856ad364e35_6.1.7600.16385_none_654e82379a40b52b.manifest	--a---- 3264 bytes	[02:33 14/07/2009]	[02:24 14/07/2009] C6A5F605C4A0E2B293B8A407E2375786
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-kartika_31bf3856ad364e35_6.1.7600.16385_none_66211148328492ad.manifest	--a---- 3717 bytes	[02:33 14/07/2009]	[02:24 14/07/2009] 9C503C00E7BB9A151EA7D26B453FB705
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_6.1.7600.16385_none_a4fa82598434113b.manifest	--a---- 3863 bytes	[02:33 14/07/2009]	[02:24 14/07/2009] B917E8E8BDBE3F86C6B20D63896775DD
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-kokila_31bf3856ad364e35_6.1.7601.17514_none_4d4bb384a78cecc3.manifest	--a---- 5397 bytes	[03:15 21/11/2010]	[03:15 21/11/2010] EF1B99037D5C62C6CBDBBED960AC05C8
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-laoui_31bf3856ad364e35_6.1.7600.16385_none_d02cc17733960c0e.manifest	--a---- 3841 bytes	[02:33 14/07/2009]	[02:19 14/07/2009] 22F3316F783F38188830205C002D4B16
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-latha_31bf3856ad364e35_6.1.7600.16385_none_cca6b1a135d8195c.manifest	--a---- 3705 bytes	[02:33 14/07/2009]	[02:24 14/07/2009] FD1C03B33E9E799F58A37D887C1C84A2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-lilyupc_31bf3856ad364e35_6.1.7600.16385_none_767d64eb7a9abcc4.manifest	--a---- 5062 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] 0D2603A291FB8AA02D4C7F9F16BA45CE
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-mangal_31bf3856ad364e35_6.1.7601.17514_none_125c068ced09fd34.manifest	--a---- 3757 bytes	[03:15 21/11/2010]	[03:15 21/11/2010] 4B6E92D1BB4D4649F298689B014275A6
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_6.1.7600.16385_none_aa49e9141901cae9.manifest	--a---- 2537 bytes	[02:33 14/07/2009]	[02:17 14/07/2009] D8EE629D989072E00FA3E492585016A3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.1.7600.16385_none_d054871761215689.manifest	--a---- 2612 bytes	[02:33 14/07/2009]	[02:27 14/07/2009] 384B494B333094252700681366AB69AF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-mingliub_31bf3856ad364e35_6.1.7600.16385_none_2516994551e62499.manifest	--a---- 3472 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] 76DFE649463734B311CF0799564DDA45
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-mingliu_31bf3856ad364e35_6.1.7600.16385_none_170f5b78a1ae6145.manifest	--a---- 3287 bytes	[02:33 14/07/2009]	[02:20 14/07/2009] 2028E3191A635511B9014FFCD3B751F2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-miriam_31bf3856ad364e35_6.1.7600.16385_none_7b7a9e11df9f30a1.manifest	--a---- 3656 bytes	[02:33 14/07/2009]	[02:23 14/07/2009] 0F244FBFE8EA97566E8D3009063BC5DE
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-msgothic_31bf3856ad364e35_6.1.7600.16385_none_34a180b79866a79c.manifest	--a---- 3491 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] 23E3AA80858C76F3ABE692BB7C08F9C6
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-msmincho_31bf3856ad364e35_6.1.7600.16385_none_be34642396bfadae.manifest	--a---- 3203 bytes	[02:33 14/07/2009]	[02:15 14/07/2009] C2C1F3142A83746D67B1777192E63508
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-mvboli_31bf3856ad364e35_6.1.7600.16385_none_cee2efd161995b03.manifest	--a---- 2827 bytes	[02:33 14/07/2009]	[02:16 14/07/2009] 39D8325099CD5F32BFCFA171E3373306
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-narkisim_31bf3856ad364e35_6.1.7600.16385_none_01fe5ed021465f26.manifest	--a---- 2365 bytes	[02:33 14/07/2009]	[02:27 14/07/2009] 62920A4A5B6CD758A05AF019DBA94ECC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-nyala_31bf3856ad364e35_6.1.7600.16385_none_11cc5af51bce7775.manifest	--a---- 2809 bytes	[02:33 14/07/2009]	[02:14 14/07/2009] 1DC6A688A8180565B84FD2D6489391EF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_6.1.7600.16385_none_cec462f31334afc8.manifest	--a---- 3744 bytes	[02:33 14/07/2009]	[02:26 14/07/2009] 0ECCF6D227DC77B2D15280658444B12E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-raavi_31bf3856ad364e35_6.1.7600.16385_none_a2d43ed8e3097243.manifest	--a---- 3705 bytes	[02:33 14/07/2009]	[02:13 14/07/2009] 4372E01549F493EBA3911B56124A80B3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-rod_31bf3856ad364e35_6.1.7600.16385_none_ea0e600fcdbd21b9.manifest	--a---- 2598 bytes	[02:33 14/07/2009]	[02:13 14/07/2009] 2360B659384DB72463456EC753819F46
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7600.16385_none_2cb0f5602bedb50f.manifest	--a---- 8306 bytes	[02:33 14/07/2009]	[02:26 14/07/2009] 33272CDFBE275EE35131CD95D15A60FB
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.17888_none_2e9a608e29115911.manifest	------- 8306 bytes	[04:42 16/08/2012]	[21:09 05/07/2012] 651A1880A8488BF7D2F78CD1C9975730
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.22045_none_2f4c144d42117054.manifest	------- 8306 bytes	[04:42 16/08/2012]	[21:08 05/07/2012] 264A4C3DEB834DE5F917464E223B08DB
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-shonar_31bf3856ad364e35_6.1.7601.17514_none_22bcf2b96e304317.manifest	--a---- 3514 bytes	[03:15 21/11/2010]	[03:15 21/11/2010] A12284FD44CD2E9E8E278F50AC6B6ECC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-shruti_31bf3856ad364e35_6.1.7600.16385_none_295c980d6b8c1975.manifest	--a---- 3705 bytes	[02:33 14/07/2009]	[02:28 14/07/2009] D009E450187F272361EED37205547F81
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-simfang_31bf3856ad364e35_6.1.7600.16385_none_e417159f3b4eb1b7.manifest	--a---- 2374 bytes	[02:33 14/07/2009]	[02:16 14/07/2009] 9BE3559EC2A9CED3716F161703ED2386
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-simhei_31bf3856ad364e35_6.1.7600.16385_none_501ca8058dc5e9fb.manifest	--a---- 2365 bytes	[02:33 14/07/2009]	[02:14 14/07/2009] AECB5D8E38876A0D7397795D748FFEA6
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-simkai_31bf3856ad364e35_6.1.7600.16385_none_4e5646f58eea24c2.manifest	--a---- 2361 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] 20F4802FEFDEAEB2556A977FF2096707
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-simsunb_31bf3856ad364e35_6.1.7600.16385_none_ecef7b9d35a0dabd.manifest	--a---- 2842 bytes	[02:33 14/07/2009]	[02:20 14/07/2009] E09F343C82E3348D62E48EC5E3C14EDF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-simsun_31bf3856ad364e35_6.1.7600.16385_none_56fe10b1895fd80b.manifest	--a---- 3436 bytes	[02:33 14/07/2009]	[02:18 14/07/2009] 4675A13F9E1EB02A6E3FCB0E35FFEEEF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-sylfaen_31bf3856ad364e35_6.1.7600.16385_none_baa3a3fe00df3026.manifest	--a---- 2834 bytes	[02:33 14/07/2009]	[02:24 14/07/2009] 98BCF1795FEB446CE4AE285626169DCF
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-symbol_31bf3856ad364e35_6.1.7600.16385_none_2b1957ff6a01d63e.manifest	--a---- 2907 bytes	[02:33 14/07/2009]	[02:25 14/07/2009] 00EC06A9133600D2C547F8F8D591A126
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7600.16385_none_8bc15c538e547e20.manifest	--a---- 3818 bytes	[02:33 14/07/2009]	[02:17 14/07/2009] D61CE6D26506B0F89DACA25CA56FF55A
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.17621_none_8de4a1378b4dcecd.manifest	------- 3818 bytes	[16:47 14/11/2011]	[12:10 24/05/2011] C8C26460D00177522E6C8780DE5AE86E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.1.7601.21733_none_8e656eaaa471bd36.manifest	------- 3818 bytes	[16:47 14/11/2011]	[13:22 24/05/2011] 37E607818EC8DD8787A794AABAFC11A7
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-tai_le_31bf3856ad364e35_6.1.7600.16385_none_8b27023f8ebb68a4.manifest	--a---- 3726 bytes	[02:33 14/07/2009]	[02:27 14/07/2009] 6A35F8A3BB454B24AB29FF307D1F67E2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-tunga_31bf3856ad364e35_6.1.7600.16385_none_e4baa884cb08804d.manifest	--a---- 3693 bytes	[02:33 14/07/2009]	[02:19 14/07/2009] EDDDDA4D5747DB4BBEB644FDF996CD5E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-utsaah_31bf3856ad364e35_6.1.7601.17514_none_8a6cbec4ba3b0202.manifest	--a---- 5396 bytes	[03:16 21/11/2010]	[03:16 21/11/2010] BA2245A2F670C5414F91F7E3BE66180D
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-vani_31bf3856ad364e35_6.1.7601.17514_none_5a885c9b0fafaf30.manifest	--a---- 3462 bytes	[03:16 21/11/2010]	[03:16 21/11/2010] 01BFD80FF763D158FB5BD0C584BD54AC
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.17514_none_1c9f288f15cd6e81.manifest	--a---- 5090 bytes	[03:16 21/11/2010]	[03:16 21/11/2010] 8DCB2FFED3C82BEDDF1D96E4BE79AA90
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.17621_none_1c9159ab15d83b94.manifest	------- 5090 bytes	[16:47 14/11/2011]	[12:08 24/05/2011] FFBE602138745EB7F863302A09F62FB2
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-verdana_31bf3856ad364e35_6.1.7601.21733_none_1d12271e2efc29fd.manifest	------- 5090 bytes	[16:47 14/11/2011]	[13:20 24/05/2011] 588B91BEDD030EA1E080DE36D51C7C3F
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-vijaya_31bf3856ad364e35_6.1.7601.17514_none_44db357a5c7540d8.manifest	--a---- 3494 bytes	[03:16 21/11/2010]	[03:16 21/11/2010] BC1F01A177243A2CF51228197BE66B30
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-vrinda_31bf3856ad364e35_6.1.7600.16385_none_d2195f0f72f474c8.manifest	--a---- 3719 bytes	[02:33 14/07/2009]	[02:15 14/07/2009] 105C3618D7D07B871F8217B453208678
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-webdings_31bf3856ad364e35_6.1.7600.16385_none_0afbb87eda82d5dd.manifest	--a---- 2365 bytes	[02:33 14/07/2009]	[02:22 14/07/2009] 099FBA3877645F8F83031B232C7E9785
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-font-truetype-yibaiti_31bf3856ad364e35_6.1.7600.16385_none_b436b1f0d44f46f1.manifest	--a---- 2647 bytes	[02:33 14/07/2009]	[02:15 14/07/2009] DAFD79689E8D4428B2DCF59ED4C0E052
C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.1.7601.17514_none_4d0830314a4c0938\PortableDeviceTypes.dll	--a---- 159744 bytes	[00:06 14/07/2009]	[01:16 14/07/2009] ADB45A977BD9E45790CA496DB84BA148
C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.1.7601.17514_none_4d0830314a4c0938\portabledevicetypes.mof	--a---- 3490 bytes	[21:46 10/06/2009]	[21:46 10/06/2009] 0481A7A50DB231DA04919B256D6EB39A

Searching for "*OpenCandy*"
No files found.

========== folderfind ==========

Searching for "*babylon*"
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\content\babylon_feed	d------	[20:58 18/11/2011]
C:\Program Files (x86)\ICQ7.7\Xtraz\icq\theme\babylon_feed	d------	[17:39 14/11/2011]
C:\Users\Basti\AppData\Roaming\ICQ\398305800\XtrazPrefs\babylon_feed	d------	[20:58 18/11/2011]

Searching for "*DVDVideoSoftTB*"
No folders found.

Searching for "*Optimizer Pro*"
No folders found.

Searching for "*DomaIQ*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*facemoods*"
No folders found.

Searching for "*PriceGong*"
No folders found.

Searching for "*eType*"
         

Gruß,

Patros1001

Alt 23.06.2013, 19:35   #9
M-K-D-B
/// TB-Ausbilder
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



Servus,


bevor wir weitermachen, habe ich noch eine Frage:

Hast du den ICQ Sparberater absichtlich/bewusst installiert?
Zitat:
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
Wenn nicht, sollen wir es entfernen?
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 23.06.2013, 19:52   #10
Patros1001
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



Also wäre mir nicht bekannt das ich das bewusst heruntergeladen hätte. Klar dann löschen wir das.

gut wäre soweit gelöscht. Ist mein Programm Spybot search&destroy eigentlich sinnvoll?

Alt 24.06.2013, 19:58   #11
Patros1001
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



was für nützliche Programme kannst du mir denn noch empfehlen um immer auf dem neusten update und sicher zu sein?

Alt 24.06.2013, 21:19   #12
M-K-D-B
/// TB-Ausbilder
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



Servus,



Spybot ist nicht mehr so gut wie es schon mal war (meine persönliche Meinung).


Wir entfernen die letzten Reste und kontrollieren nochmal alles. Danach entfernen wir alle Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.





Schritt 1
  • Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt.
  • Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
  • Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.





Schritt 2

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012.07.11 22:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f}
O2 - BHO: (ICQ Sparberater) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O4 - HKLM..\Run: []  File not found
[2013.06.21 20:50:51 | 000,000,004 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\skype.ini
C:\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
C:\Users\Basti\AppData\Local\Opera\Opera\icons\http%3A%2F%2Fwww.pricegong.com%2Ffavicon.png

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 4

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 5
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.06.2013, 05:38   #13
Patros1001
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



Hey,
Ich schaff das leider erst morgen.

Alt 27.06.2013, 14:38   #14
M-K-D-B
/// TB-Ausbilder
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



Servus,


alles klar, dann bis morgen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 30.06.2013, 08:52   #15
Patros1001
 
erneuter GVU Angriff! - Standard

erneuter GVU Angriff!



moin moin,

otl

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f}\chrome\locale folder moved successfully.
C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f}\chrome folder moved successfully.
C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\suw2ywvl.default\extensions\{3cb073f3-be3c-4e8f-942d-8a747b54486f} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC136321-1AE5-4A7F-B01C-5380D666175B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC136321-1AE5-4A7F-B01C-5380D666175B}\ not found.
File C:\Program Files (x86)\icq\Internet Explorer\icq.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
C:\Users\Basti\AppData\Roaming\skype.ini moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Basti
->Temp folder emptied: 5382154 bytes
->Temporary Internet Files folder emptied: 18153837 bytes
->Java cache emptied: 83324041 bytes
->FireFox cache emptied: 233683919 bytes
->Opera cache emptied: 52873358 bytes
->Flash cache emptied: 3767 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 320924 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42305012 bytes
RecycleBin emptied: 97934550 bytes
 
Total Files Cleaned = 509,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06302013_010316

Files\Folders moved on Reboot...
C:\Users\Basti\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Basti\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll moved successfully.
File\Folder C:\Windows\temp\hsperfdata_BASTI-PC$\372 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

mbam


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.29.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Basti :: BASTI-PC [Administrator]

Schutz: Aktiviert

30.06.2013 01:12:51
mbam-log-2013-06-30 (01-12-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216223
Laufzeit: 8 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Eset


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1d5557ed6d8def49adc1eefc8ec1a369
# engine=14206
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-30 03:30:33
# local_time=2013-06-30 05:30:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 572253 124192883 0 0
# scanned=617878
# found=1
# cleaned=0
# scan_time=14585
sh=A479673670334E0E9EB14AE2276A69D6882D1FDE ft=1 fh=0863bfb2c2e7c375 vn="Win32/LockScreen.APR trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Basti\AppData\Roaming\skype.dat.vir"
         
check


Code:
ATTFilter
 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Secunia PSI (3.0.0.7009)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 TuneUp Utilities 2013   
 TuneUp Utilities Language Pack (de-DE) 
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox 21.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled! 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
mfg.

Antwort

Themen zu erneuter GVU Angriff!
abgesicherten, angriff, anleitung, autorun, bild, blöde, chip.de, dateien, eingabeaufforderung, erneut, folge, hallo zusammen, hochfahren, kaspersky, log, löschen, modus, neu, nichts, pcs, problem, system, trojaner, version, webcam



Ähnliche Themen: erneuter GVU Angriff!


  1. Crypto Wars 3.0: Erneuter Streit um Quellen-TKÜ
    Nachrichten - 30.01.2015 (0)
  2. Windows XP: erneuter Schädlingsbefall?
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (3)
  3. win7 startet nicht - nur schwarzer Bildschim und erneuter S+tart
    Alles rund um Windows - 14.09.2014 (24)
  4. Syrian Electronic Army: Erneuter Angriff auf Reuters
    Nachrichten - 23.06.2014 (0)
  5. Erneuter Datenklau: BSI will Nutzer "mit Hochdruck" informieren
    Nachrichten - 04.04.2014 (0)
  6. Erneuter Datenklau: 18 Millionen E-Mail-Passwörter aufgetaucht
    Nachrichten - 03.04.2014 (0)
  7. Erneuter Virusbefall
    Plagegeister aller Art und deren Bekämpfung - 13.12.2013 (18)
  8. Erneuter Hackerangriff auf US-Medienkonzerne
    Nachrichten - 16.08.2013 (0)
  9. 2x | Erneuter Befall von js/agent.axquo
    Mülltonne - 06.03.2013 (1)
  10. GUV Angriff
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (31)
  11. Erneuter schädlingsfund von Virustotal ist die Seite überhaupt zuverlässig
    Log-Analyse und Auswertung - 11.02.2013 (1)
  12. Erneuter Ukasha Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.11.2012 (12)
  13. erneuter TR/ATRAPS.Gen2 Trojaner- Befall
    Log-Analyse und Auswertung - 31.01.2012 (15)
  14. Erneuter Ruf nach Vorratsdatenspeicherung
    Nachrichten - 27.11.2011 (0)
  15. Erneuter BKA-Trojaner-Befall
    Log-Analyse und Auswertung - 12.09.2011 (20)
  16. Dos-Angriff?
    Plagegeister aller Art und deren Bekämpfung - 14.08.2009 (43)

Zum Thema erneuter GVU Angriff! - Hallo zusammen, ich bin neu hier und hoffe hier Hilfe zu bekommen. Ich hatte vor ca. 1 Jahr schonmal einen GVU Trojaner, welchen ich mit dem Abgesicherten Modus und Wiederherstellung - erneuter GVU Angriff!...
Archiv
Du betrachtest: erneuter GVU Angriff! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.