Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira hat Trojaner tr/mediyes.gen gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.11.2013, 15:37   #1
Amalia2110
 
Avira hat Trojaner tr/mediyes.gen gefunden - Ausrufezeichen

Avira hat Trojaner tr/mediyes.gen gefunden



Ich habe am 29.10.2013 einen Virenscan mit Avira durchgeführt, da mein Laptop langsamer erschien.
Avira fand den Trojaner tr/mediyes.gen

Da ich beim Löschen immer sehr vorsichtig bin, habe ich ihn zu nächst in Quarantäne verschoben.
Alle weiteren benötigten logfiles sind im Anhang.

Hierzu logfile:




Typ: Datei
Quelle: C:\windows\system32\xpttheaa.tsp
Status: Infiziert
Quarantäne-Objekt: 1a3ad831.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.134
Virendefinitionsdatei: 7.11.110.16
Gefunden: TR/Mediyes.Gen
Datum/Uhrzeit: 29.10.2013, 20:30


Typ: Datei
Quelle: C:\windows\system32\xpttheaa.tsp
Status: Infiziert
Quarantäne-Objekt: 50f2ac79.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.134
Virendefinitionsdatei: 7.11.110.16
Gefunden: TR/Mediyes.Gen
Datum/Uhrzeit: 29.10.2013, 20:29
Angehängte Dateien
Dateityp: txt Addition.txt (29,2 KB, 149x aufgerufen)
Dateityp: txt FRST_29-10-2013_21-28-06.txt (31,9 KB, 132x aufgerufen)
Dateityp: txt Gmer.txt (1,2 KB, 133x aufgerufen)

Alt 11.11.2013, 15:59   #2
M-K-D-B
/// TB-Ausbilder
 
Avira hat Trojaner tr/mediyes.gen gefunden - Standard

Avira hat Trojaner tr/mediyes.gen gefunden






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.






Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S /64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S /64
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /64
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /64
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /800
C:\Windows\system32\*.dll /800 /64 
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 13.11.2013, 13:08   #3
Amalia2110
 
Avira hat Trojaner tr/mediyes.gen gefunden - Standard

Avira hat Trojaner tr/mediyes.gen gefunden



Code:
ATTFilter
OTL logfile created on: 11/13/2013 12:25:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anja\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 58.79% Memory free
3.49 Gb Paging File | 1.93 Gb Available in Paging File | 55.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 33.85 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.61% Space Free | Partition Type: FAT32
 
Computer Name: ANJA-HP | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/11 18:27:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
PRC - [2013/10/10 19:14:07 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/10/10 19:14:04 | 000,681,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/10/10 19:14:04 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/01/04 09:28:54 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/10/01 13:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/02/17 21:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
PRC - [2007/07/24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/23 21:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2013/01/28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/11/09 17:20:48 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2011/11/09 17:20:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 00:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/07/30 04:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/04/05 19:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/02/08 19:07:16 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/02/04 19:48:28 | 000,199,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2009/11/02 21:11:52 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/11 17:04:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/10 19:14:07 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/10/10 19:14:05 | 001,164,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2013/10/10 19:14:04 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/10/08 21:09:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013/01/28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/01/04 09:28:54 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/01 13:44:58 | 000,280,120 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/17 21:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/10/10 19:14:05 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avnetflt.sys -- (avnetflt)
DRV:64bit: - [2013/10/10 19:14:05 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/10/10 19:14:04 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/10/10 19:14:04 | 000,105,856 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/01/04 10:27:50 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/01/04 10:27:50 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/01/04 10:27:49 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/01/04 10:27:48 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 12:43:26 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/09 17:20:51 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/30 07:47:46 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/11/20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/11 17:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/08/05 00:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 23:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/20 22:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 22:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 22:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 15:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/04 01:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/21 04:06:38 | 000,096,384 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010/05/03 23:44:02 | 000,331,880 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/19 11:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/09 18:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/02 23:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/16 20:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/08 19:07:16 | 000,527,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/08 19:07:16 | 000,280,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/02/08 19:07:16 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/08 19:07:16 | 000,121,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/02/08 19:07:16 | 000,094,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/11/02 21:12:00 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/09/12 08:56:50 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/11/16 15:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/04/30 19:19:43 | 000,012,400 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\SECDRV.SYS -- (secdrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes,DefaultScope = {8C92A092-F416-4AA5-A542-77E5EBA75736}
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=62c3ebff000000000000e02a823e4d52
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{88E53329-7746-4236-941E-982AD23A3C71}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{8C92A092-F416-4AA5-A542-77E5EBA75736}: "URL" = hxxp://searchou.com/?q={searchTerms}&id=62c3ebff000000000000e02a823e4d52&r=368
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\..\SearchScopes\{D7C5183A-7397-4D9C-9B0E-BC8D16744586}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40privitize.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..keyword.URL: "https://www.google.de/"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..browser.search.defaultenginename: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anja\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anja\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2011/10/30 10:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/10/30 10:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/30 10:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/01/04 10:28:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/01/04 10:28:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/01/04 10:28:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/01/04 10:28:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/01/04 10:28:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/03 20:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Extensions
[2013/10/10 21:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\5berzbu4.default\extensions
[2013/04/02 11:11:39 | 000,000,000 | ---D | M] (Privitize.com) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\5berzbu4.default\extensions\ffxtlbr@privitize.com
[2013/10/10 21:43:40 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\firefox\profiles\5berzbu4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/02 11:09:22 | 000,001,378 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\mozilla\firefox\profiles\5berzbu4.default\searchplugins\privitize.xml
[2013/11/11 17:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/11/11 17:04:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://searchou.com/?id=62c3ebff000000000000e02a823e4d52
CHR - Extension: No name found = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: No name found = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: No name found = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: No name found = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: No name found = C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100908183258.dll (McAfee, Inc.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4120671964-2979887947-499652283-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4120671964-2979887947-499652283-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Key error. File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C906C7E-01DD-4307-BB97-BA44FAA178F1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\myrm - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\magnipic\sprote~1.dll) - c:\progra~2\magnipic\sprote~1.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{180be4f9-b3b5-11e0-bd63-e02a823e4d52}\Shell - "" = AutoRun
O33 - MountPoints2\{180be4f9-b3b5-11e0-bd63-e02a823e4d52}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{222fe124-e847-11e0-91b6-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{222fe124-e847-11e0-91b6-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe
O33 - MountPoints2\{222fe126-e847-11e0-91b6-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{222fe126-e847-11e0-91b6-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe
O33 - MountPoints2\{222fe14e-e847-11e0-91b6-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{222fe14e-e847-11e0-91b6-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe
O33 - MountPoints2\{222fe150-e847-11e0-91b6-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{222fe150-e847-11e0-91b6-e02a8249b4ae}\Shell\AutoRun\command - "" = K:\StartVMCLite.exe
O33 - MountPoints2\{427208f8-cd8c-11e0-b1f0-e02a823e4d52}\Shell - "" = AutoRun
O33 - MountPoints2\{427208f8-cd8c-11e0-b1f0-e02a823e4d52}\Shell\AutoRun\command - "" = J:\StartVMCLite.exe
O33 - MountPoints2\{427208fb-cd8c-11e0-b1f0-e02a823e4d52}\Shell - "" = AutoRun
O33 - MountPoints2\{427208fb-cd8c-11e0-b1f0-e02a823e4d52}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe
O33 - MountPoints2\{58d8cf7d-a63b-11e0-9b6b-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{58d8cf7d-a63b-11e0-9b6b-e02a8249b4ae}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe
O33 - MountPoints2\{58d8cf7f-a63b-11e0-9b6b-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{58d8cf7f-a63b-11e0-9b6b-e02a8249b4ae}\Shell\AutoRun\command - "" = J:\StartVMCLite.exe
O33 - MountPoints2\{58d8d13c-a63b-11e0-9b6b-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{58d8d13c-a63b-11e0-9b6b-e02a8249b4ae}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{6ba11c07-a93b-11e0-b5b3-e02a823e4d52}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba11c07-a93b-11e0-b5b3-e02a823e4d52}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe
O33 - MountPoints2\{6ba11c09-a93b-11e0-b5b3-e02a823e4d52}\Shell - "" = AutoRun
O33 - MountPoints2\{6ba11c09-a93b-11e0-b5b3-e02a823e4d52}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe
O33 - MountPoints2\{7041cde0-7a92-11e1-92b0-6431506b3c61}\Shell - "" = AutoRun
O33 - MountPoints2\{7041cde0-7a92-11e1-92b0-6431506b3c61}\Shell\AutoRun\command - "" = H:\pbsstart.exe
O33 - MountPoints2\{7e0b703e-e902-11e0-919e-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7e0b703e-e902-11e0-919e-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe
O33 - MountPoints2\{7e0b7040-e902-11e0-919e-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7e0b7040-e902-11e0-919e-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe
O33 - MountPoints2\{affefa94-300c-11e2-985a-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{affefa94-300c-11e2-985a-e02a8249b4ae}\Shell\AutoRun\command - "" = I:\Windows\StartInstall.exe
O33 - MountPoints2\{e2475866-a18a-11e0-991f-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{e2475866-a18a-11e0-991f-e02a8249b4ae}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe
O33 - MountPoints2\{e2475870-a18a-11e0-991f-e02a8249b4ae}\Shell - "" = AutoRun
O33 - MountPoints2\{e2475870-a18a-11e0-991f-e02a8249b4ae}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\StartVMCLite.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/11 18:27:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
[2013/11/11 17:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/29 21:17:18 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/29 20:28:34 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Avira
[2013/10/29 20:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/10/29 20:20:30 | 000,083,160 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013/10/29 20:20:30 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013/10/29 20:20:29 | 000,132,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013/10/29 20:20:29 | 000,105,856 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013/10/29 20:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/10/29 20:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/10/29 20:16:54 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/29 20:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/29 20:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/29 20:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/19 17:26:30 | 000,000,000 | ---D | C] -- C:\Users\Anja\Desktop\19.10.2013
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/13 12:10:20 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 12:09:58 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 12:09:58 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 12:02:26 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/13 12:01:29 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001UA.job
[2013/11/13 12:01:11 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/13 11:58:43 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAnja.job
[2013/11/13 11:58:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/11 18:27:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe
[2013/11/11 16:31:50 | 000,037,898 | ---- | M] () -- C:\Users\Anja\Desktop\Avira-Fund_2.PNG
[2013/11/11 16:31:20 | 000,039,195 | ---- | M] () -- C:\Users\Anja\Desktop\Avira-Fund_1.PNG
[2013/11/11 16:19:52 | 000,666,762 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/11/11 16:19:52 | 000,625,568 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/11 16:19:52 | 000,135,658 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/11/11 16:19:52 | 000,111,206 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/11 16:19:51 | 001,527,550 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/10/29 22:00:04 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001Core.job
[2013/10/29 21:12:09 | 000,000,168 | ---- | M] () -- C:\Users\Anja\defogger_reenable
[2013/10/29 20:21:09 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/10/29 20:16:08 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/11 16:31:50 | 000,037,898 | ---- | C] () -- C:\Users\Anja\Desktop\Avira-Fund_2.PNG
[2013/11/11 16:31:19 | 000,039,195 | ---- | C] () -- C:\Users\Anja\Desktop\Avira-Fund_1.PNG
[2013/10/29 21:12:08 | 000,000,168 | ---- | C] () -- C:\Users\Anja\defogger_reenable
[2013/10/29 20:21:09 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/10/29 20:16:08 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/07 11:59:58 | 000,017,408 | ---- | C] () -- C:\Users\Anja\AppData\Local\WebpageIcons.db
[2011/09/03 11:51:21 | 000,003,584 | ---- | C] () -- C:\Users\Anja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 09:22:02 | 000,007,607 | ---- | C] () -- C:\Users\Anja\AppData\Local\Resmon.ResmonCfg
[2011/07/09 14:25:18 | 000,000,002 | ---- | C] () -- C:\Users\Anja\tenmy.ini
[2011/06/28 14:54:44 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5161FDB657.sys
[2011/06/28 14:54:38 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2011/10/30 12:23:14 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers /64 >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 3
"ProviderFileName0" = C:\windows\SysNative\unimdm.tsp -- [2010/11/20 14:24:24 | 000,321,536 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = C:\windows\SysNative\kmddsp.tsp -- [2009/07/14 02:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = C:\windows\SysNative\ndptsp.tsp -- [2009/07/14 02:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = C:\windows\SysNative\hidphone.tsp -- [2009/07/14 02:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation)
"NumProviders" = 2
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S /64 >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = C:\windows\SysNative\svchost.exe -- [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00  [binary data]
64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{58373CDD-8847-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{58373CDD-8847-48CC [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = C:\Windows\SysNative\ntlanman.dll -- [2010/11/20 14:27:23 | 000,129,536 | ---- | M] (Microsoft Corporation)
64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\aptwix12w.dll
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S /64 >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = C:\windows\SysNative\svchost.exe -- [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = C:\Windows\SysNative\dnsrslvr.dll -- [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"extension" = C:\Windows\SysNative\dnsext.dll -- [2009/07/14 02:40:31 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
64bit: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09  [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010/11/20 13:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009/07/14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /64 >
"RPCSS" = RpcEptMapperRpcSs [binary data]
"defragsvc" = C:\windows\SysNative\defragsvc.dll -- [2009/07/14 02:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation)
"LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes]
"LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes]
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"WerSvcGroup" = C:\windows\SysNative\wersvc.dll -- [2009/07/14 02:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation)
"LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data]
"termsvcs" = TermService [binary data]
"swprv" = C:\windows\SysNative\swprv.dll -- [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes]
"LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data]
"NetworkServiceAndNoImpersonation" = KtmRm [binary data]
"regsvc" = RemoteRegistry [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSfdre [Binary data over 200 bytes]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"sdrsvc" = C:\windows\SysNative\sdrsvc.dll -- [2010/11/20 14:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation)
"WbioSvcGroup" = C:\windows\SysNative\WbioSrvc.dll -- [2009/07/14 02:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"wcssvc" = C:\windows\SysNative\WcsPlugInService.dll -- [2009/07/14 02:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation)
"AxInstSVGroup" = C:\windows\SysNative\AxInstSV.dll -- [2010/11/20 14:25:44 | 000,114,688 | ---- | M] (Microsoft Corporation)
"secsvcs" = WinDefend [binary data]
"bthsvcs" = C:\windows\SysNative\bthserv.dll -- [2009/07/14 02:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation)
"PeerDist" = C:\windows\SysNative\PeerDistSvc.dll -- [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation)
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
64bit: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com /64 >
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient]
 
< %SystemRoot%\system32\*.tsp >
[2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\hidphone.tsp
[2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\kmddsp.tsp
[2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ndptsp.tsp
[2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\remotesp.tsp
[2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\unimdm.tsp
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
< %SystemRoot%\system32\*.tsp /64 >
[2009/07/14 02:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\hidphone.tsp
[2009/07/14 02:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\kmddsp.tsp
[2009/07/14 02:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ndptsp.tsp
[2009/07/14 02:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\remotesp.tsp
[2010/11/20 14:24:24 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\unimdm.tsp
 
< C:\Windows\system32\*.dll /800 >
[2012/03/04 00:30:43 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll
[2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/30 05:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012/11/30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012/11/30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012/11/30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/30 05:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012/11/30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012/11/30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/30 03:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/30 03:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012/11/30 03:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/30 03:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2013/01/28 14:19:28 | 000,021,792 | ---- | M] (TuneUp Software) -- C:\Windows\system32\authuitu.dll
[2012/07/04 22:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012/06/06 06:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2012/06/02 05:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012/06/02 05:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2012/08/02 17:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2012/03/11 14:34:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\system32\deployJava1.dll
[2012/10/09 18:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012/10/09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2012/11/02 06:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2012/03/03 06:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2012/03/04 00:30:44 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2012/03/04 00:30:44 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2011/10/15 06:38:59 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\EncDec.dll
[2012/12/07 13:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2012/03/04 00:30:44 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2012/03/04 00:30:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2012/03/04 00:30:45 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll
[2012/03/04 00:30:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll
[2012/03/04 00:30:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll
[2012/03/04 00:30:44 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2012/03/04 00:30:44 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2012/11/14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2012/03/04 00:30:45 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2012/03/04 00:30:44 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2012/11/14 02:46:38 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2012/03/04 00:30:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2012/03/04 00:30:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2012/11/14 02:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012/03/01 06:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2012/03/04 00:30:43 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2012/03/04 00:30:44 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2012/11/14 02:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2012/11/14 03:09:22 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2012/11/14 02:51:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012/08/11 00:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2012/11/30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012/11/30 05:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2012/03/04 00:30:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2011/09/10 12:17:20 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msclmd.dll
[2012/11/14 02:47:20 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2012/03/04 00:30:45 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2012/11/14 03:48:26 | 012,320,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2012/11/14 02:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012/03/04 00:30:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2012/04/07 12:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2012/03/04 00:30:46 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2012/03/04 00:30:45 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2011/12/16 08:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012/11/01 05:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012/11/01 05:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012/11/20 05:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012/10/03 17:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012/07/04 22:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012/10/03 17:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012/10/03 17:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2012/01/13 08:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll
[2011/11/17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2012/01/04 09:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll
[2012/11/30 03:44:04 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll
[2012/03/04 00:30:43 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2011/12/20 22:09:06 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\system32\OpenAL32.dll
[2011/11/19 15:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll
[2012/03/04 00:30:43 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2011/10/26 05:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2011/10/26 05:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012/02/17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012/06/02 05:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012/06/02 05:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012/05/05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012/06/02 05:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012/09/25 23:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2012/11/09 05:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2012/02/20 19:01:15 | 000,258,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unicows.dll
[2012/11/14 02:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2012/11/14 02:57:44 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012/11/22 05:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2013/01/28 14:19:28 | 000,029,984 | ---- | M] (TuneUp Software) -- C:\Windows\system32\uxtuneup.dll
[2012/11/14 02:48:27 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012/03/04 00:30:44 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2011/11/17 06:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll
[2012/11/09 05:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2012/11/14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012/08/24 17:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012/03/01 06:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2012/11/30 05:54:00 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll
[2012/12/07 13:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2011/12/20 22:09:07 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\system32\wrap_oal.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< C:\Windows\system32\*.dll /800 /64  >
[2012/03/04 00:30:40 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\admparse.dll
[2011/11/09 17:20:44 | 000,162,816 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\SysNative\AESTAC64.dll
[2011/11/09 17:20:44 | 000,068,608 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\SysNative\AESTAR64.dll
[2011/11/09 17:20:44 | 000,090,624 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\SysNative\AESTCo64.dll
[2011/11/09 17:20:45 | 000,442,368 | ---- | M] (Andrea Electronics Corporation) -- C:\windows\SysNative\AESTEC64.dll
[2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/30 06:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/30 06:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/11/30 06:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/30 06:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/11/30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/11/30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/30 06:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/11/30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/11/30 06:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/11/30 06:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/30 06:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/11/30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/30 06:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/01/28 14:19:28 | 000,026,400 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2012/07/04 23:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\browser.dll
[2012/06/06 07:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012/06/02 06:41:27 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/06/02 06:41:28 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/06/02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\cryptsvc.dll
[2011/10/26 06:21:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2012/08/02 18:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2012/10/09 19:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012/10/09 19:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012/11/02 06:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012/03/03 07:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/04 00:30:38 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2012/03/04 00:30:38 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2011/10/15 07:31:56 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2012/12/07 14:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2012/03/04 00:30:38 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2012/03/04 00:30:39 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2012/03/04 00:30:39 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakeng.dll
[2012/03/04 00:30:40 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieaksie.dll
[2012/03/04 00:30:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieakui.dll
[2012/03/04 00:30:38 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2012/03/04 00:30:38 | 000,403,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iedkcs32.dll
[2012/11/14 07:32:33 | 010,925,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieframe.dll
[2012/03/04 00:30:39 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2012/03/04 00:30:38 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2012/11/14 06:55:45 | 002,144,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iertutil.dll
[2012/03/04 00:30:38 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2012/03/04 00:30:39 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2012/11/14 06:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/03/01 07:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/03/04 00:30:40 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2012/03/04 00:30:37 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2012/10/03 18:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iphlpsvc.dll
[2012/11/14 06:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/14 07:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/11/14 06:59:52 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsproxy.dll
[2012/08/11 01:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\kerberos.dll
[2012/11/30 06:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/11/30 06:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/07/11 17:09:48 | 000,064,856 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\klfphc.dll
[2012/03/04 00:30:37 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2012/05/14 06:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2011/11/17 07:35:19 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2011/09/10 12:17:17 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msclmd.dll
[2012/11/14 06:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/03/04 00:30:39 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedsbs.dll
[2012/11/14 08:06:18 | 017,811,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtml.dll
[2012/11/14 06:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/03/04 00:30:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2012/04/07 13:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/03/04 00:30:41 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2012/03/04 00:30:40 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2011/12/16 09:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[2012/11/01 06:43:42 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msxml3.dll
[2012/11/01 06:43:42 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msxml6.dll
[2012/11/20 06:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/10/03 18:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012/07/04 23:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012/10/03 18:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012/10/03 18:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012/10/03 18:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\nlaapi.dll
[2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\nlasvc.dll
[2011/11/17 07:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/01/04 11:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012/11/30 06:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/03/04 00:30:40 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2011/12/20 22:09:07 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\SysNative\OpenAL32.dll
[2011/11/19 15:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/03/04 00:30:40 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\profsvc.dll
[2011/10/26 06:25:15 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2011/10/26 06:25:16 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/02/17 07:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/04/26 06:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/04/26 06:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/06/02 06:45:31 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\schannel.dll
[2011/11/17 07:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\shell32.dll
[2012/05/05 09:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2011/11/17 07:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2011/11/17 07:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2011/11/09 17:20:48 | 000,219,648 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\staco64.dll
[2011/11/09 17:20:48 | 000,651,264 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapi64.dll
[2011/11/09 17:20:49 | 001,484,288 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapo64.dll
[2011/11/09 17:20:49 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stcplx64.dll
[2011/11/09 17:20:50 | 001,952,256 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stlang64.dll
[2012/09/25 23:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/09 06:45:09 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tzres.dll
[2012/11/14 07:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/11/14 07:04:44 | 001,346,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\urlmon.dll
[2012/11/22 06:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013/01/28 14:19:28 | 000,037,664 | ---- | M] (TuneUp Software) -- C:\windows\SysNative\uxtuneup.dll
[2012/11/14 06:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/07/26 03:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/03/04 00:30:37 | 000,249,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\webcheck.dll
[2011/11/17 07:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/11/09 06:45:32 | 000,750,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/11/14 07:04:11 | 001,392,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wininet.dll
[2012/11/30 06:45:14 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/08/24 19:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/03/01 07:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wmi.dll
[2012/11/30 06:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/11/30 06:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/11/30 06:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/12/07 14:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2011/12/20 22:09:08 | 000,419,840 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2012/06/02 23:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuaueng.dll
[2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/07/26 04:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/07/26 04:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/07/26 04:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WUDFSvc.dll
[2012/07/26 04:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/06/02 23:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/02 23:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/02 14:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll

< End of report >
         
__________________

Alt 13.11.2013, 13:09   #4
Amalia2110
 
Avira hat Trojaner tr/mediyes.gen gefunden - Standard

Avira hat Trojaner tr/mediyes.gen gefunden



Code:
ATTFilter
OTL Extras logfile created on: 11/13/2013 12:25:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anja\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 58.79% Memory free
3.49 Gb Paging File | 1.93 Gb Available in Paging File | 55.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 33.85 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.61% Space Free | Partition Type: FAT32
 
Computer Name: ANJA-HP | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
 
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F290B5-2A21-463B-8D1E-36A2D09F3B9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{202CC94E-BAA2-436E-84FE-60B941B53694}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2C1596BA-3BF5-4972-AD1E-0644305C9943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2EED468A-264F-4157-88D9-8BA9F5D3A69D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3C7C715A-4E45-41F1-930F-A0C5CC01FF34}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3D4F2FED-263A-4D97-92EA-6C122C491996}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{42374644-01E2-48E1-9FB3-EF6D5FA2A3C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4561761C-CE2B-466C-9DB6-875019F75E4C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4B90A4A5-F904-4384-B0C4-F3F1036F8BA1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5352E28B-F85B-4947-B4A6-915B92A95614}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5707A445-ADD8-4E1F-8775-795693DCA41F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{613514E3-4C74-41BB-8260-C34B941ADDFC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6FF03940-3118-4335-BCA8-0AB9B48B2BD3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{71DFE1DF-05C5-427B-872B-FE301CFD56F2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{72E9B8E2-1528-4045-B71D-52E255A9B05B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{89766A7B-A70A-42B9-AB36-B2E4DA2C9386}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8B74D903-98AF-432E-8ABF-45D92AD5949A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{92620B74-7138-4B48-92FD-BC50550A5436}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A766D9ED-70F4-4650-AC51-1817A63EE599}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A790A5CC-C77D-44E5-A89E-46A052D3FA81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A7CC2045-915A-43B8-B5A0-0323CD607A8B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AFEDCEBE-5DC1-4BC7-AE9A-21C485CE1957}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B6C57689-A42D-45B9-A147-B58C81442974}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BB56EDC2-F936-4C1D-9F93-C8892BC71EAC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BCCA7193-2080-4592-9779-F3A50570D725}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BF381C1C-4E9D-4AEA-9185-463A5C029604}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D7C80C3F-5F79-4E70-A6EC-7F235F56464F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DA34FFAE-7762-415B-A278-D833DAEC93E7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ED3F2E95-EC20-430C-8788-CCEB583A3AFC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F4DE6A41-314D-4F1D-99E5-3949318A70E6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F5A21057-4992-4F8B-83D4-1AE81AF6CFBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F96EEA9B-86FF-4D70-B6BF-A3606E0DEFD6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FD84B071-55FD-4E60-9F5D-F43F9F7500AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008E693E-0417-4A4D-84A5-084123313AA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0584BC5C-DF01-4DDB-8113-039FD7C3164A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{09E3CADF-CCB3-48C4-8F40-F9E7C0A17AEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0C6DA667-D8EC-4372-88F9-D37FFCF2B48F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1BCD0E2B-794B-4ABD-847C-D028153BCD49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2475D38F-B246-4152-A851-DC406486DFA4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2583831D-E856-482D-94EC-4F1A34BE1B46}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{2B11CC13-89AF-4006-BBF6-E1A12536F55E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{369983DD-098F-423E-A97B-7F309D259F59}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{386EADFC-CAEC-4ECC-B651-B18DCCE0A5DB}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{46D0EF7B-885B-41E4-8176-B28219303B64}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{485833CD-FC72-4E81-87C8-100232321529}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4CDCA744-0558-4473-9230-BF86D93595A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4D89A9E7-4BCD-4C43-84ED-7A0BA1D0C535}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{5389E858-9EB1-4C7E-B4A1-A9C82845B9C9}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe | 
"{55E886F3-B076-4A79-A385-48B393239DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{567D2CB5-5AFB-4B5A-92B2-98B4D04C181C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{576AC4F5-3D73-4324-B53B-32698FF9560D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5CF79173-1B2B-4C7B-9CD0-6486921DDF3A}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{5D0D977B-4A57-4BF7-A5DD-AEDC903477FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{614B0678-B9E2-4BF0-878D-133B30128992}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\s2gs.exe | 
"{6F0B21AF-9413-41D7-98B3-270751BA3163}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{73108004-D51A-4F66-887B-20ED05257C22}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7F0DDC1F-FE4A-4B37-84E9-6225D2FE8FA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{875F34C4-C198-4AA4-A2C6-C78FB4C8ED1B}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe | 
"{921D4A79-0D32-41ED-AEDE-A6B5431D1073}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9AE0509F-E5A5-4D2C-A889-75C095C89AA5}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{9E4098DE-814C-495C-8D12-0F04649462E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F97BABA-D871-40D3-AD23-76B9AA8B6644}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{A3991CAA-4718-496A-9322-5E63B8A5026B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{AB27AD43-4205-4735-8958-FF04B898D3A2}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\sacred 2 - gold\system\sacred2.exe | 
"{AC131E8B-CCB3-420D-BCA3-B101CDC8BBBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AD68E832-B46C-42FC-A634-328E631540CE}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{B1C13CDB-97D8-4769-84DF-C99CE621606A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B27D279D-2456-4165-8A26-35B407EF8A0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B70F397F-7BF1-40AD-8304-6A459D61ECD6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{BABC365D-EFE8-414C-8CAF-4CDA4D815C0A}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{BB02632D-01D7-4523-B7DE-54962AD9F1BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BB8C726B-A7B7-43CD-9060-1F041006FE78}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{C080501B-BAB3-4B72-8E88-A02415BA51C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C598A1D4-4384-414A-B7B7-792DF6EA7AA0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{C5B956F8-E433-486F-975E-68CFAC58F0FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C6AE27A2-FD30-4883-905A-6749BAD8B1F4}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{CF0C13AB-10F2-461E-87A7-A483665282F2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D0E60413-66D2-48A2-953C-370BB4D272B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D29E1FE1-64FB-408A-95F3-2B2E02E5FF37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D7FED0FA-D751-425F-8FA5-5392B79BED49}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{DAC4CDD9-2EC8-42D1-B19C-3A694578F77D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DADCAA3F-1EDC-4771-BC5E-A45B6D73FFC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDCBE5A4-7C25-4B46-9708-974B443E8472}" = protocol=6 | dir=out | app=system | 
"{DE79EB63-58B2-4AEE-A478-64AA111C6F62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E1C74745-911F-4166-A48E-6EBF331E3E9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7BA1B45-D623-460B-B8B6-1EE4066F489C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E9A93F81-E427-4B9E-922A-6E125B09ED65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{ED054555-0EF1-411C-9421-EDA4899C57F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EE150EB8-0F12-480C-BEF6-66D0CA54F47B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EF549622-DB15-41F6-8C85-91E9DD05640F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F2D483A3-7B16-442A-8C34-FC912968F525}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC114A6B-4D3B-4F48-BE2C-E011F19AF70D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014C6C60-4916-48F7-916E-E8048E12E9F1}" = HP HotKey Support
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0DF6233-C349-4297-A07C-8B6B0B3C40C5}" = MagniPic
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25E02664-2308-4DF4-BE71-7D982F6C1BCA}" = TV Star
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{506DDFBE-983F-4BC3-84B8-65F423B2D798}" = NVIDIA PhysX
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = Die Sims™ Inselgeschichten
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = Die Sims - Hokus Pokus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.9.0 "Legend"
"{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4F08198-5C84-4CDE-AE58-65506600C130}" = WinFunktion Mathematik plus 18
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5C1E5E2-11A5-4905-ACC6-6DDD5E3B7705}" = Visual C++ 8.0 x64 Runtime Setup Package
"{DA932D71-E52A-43D5-009E-395A1AEC1474}" = Die Sims™ Lebensgeschichten
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E684A226-D7B1-4B14-9778-44AD48A654F0}" = Corel Home Office
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E882771E-1C12-4E8C-99B6-E1B58DFCCFB2}" = FreeStyle Auto-Assist
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEE83A6D-7E16-ECAB-D10F-0B5813D2799E}" = Application Profiles
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfeeBrowserProtection" = McAfee Browser Protection Service
"Mozilla Firefox 25.0 (x86 de)" = Mozilla Firefox 25.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MVS" = McAfee Virus and Spyware Protection Service
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"Security Task Manager" = Security Task Manager 1.8d
"SP_008a99b9" = 
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"UltraStar" = UltraStar 0.9.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ExpressFiles" = ExpressFiles
"Google Chrome" = Google Chrome
"Zip Uncompressor" = Zip Uncompressor
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/7/2012 4:20:19 PM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bca54  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x16c8  Startzeit der fehlerhaften Anwendung: 0x01cd74da0f02dec4
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 4e0dd139-e0cd-11e1-8783-e02a8249b4ae
 
Error - 8/9/2012 3:32:44 PM | Computer Name = Anja-HP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 7
 
Error - 8/9/2012 3:32:54 PM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmiprvse.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79d42  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xd6c  Startzeit der fehlerhaften Anwendung: 0x01cd7665bf5ad351
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\wbem\wmiprvse.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 03345d48-e259-11e1-9bed-6431506b3c61
 
Error - 8/10/2012 10:46:04 AM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79d2c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x1700  Startzeit der fehlerhaften Anwendung: 0x01cd7706dc5a3a0f
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\taskeng.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 1ba4f45e-e2fa-11e1-9bed-6431506b3c61
 
Error - 8/12/2012 10:11:37 AM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: defrag.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc4f7  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x11c4  Startzeit der fehlerhaften Anwendung: 0x01cd7894613e6bca
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\defrag.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: a0598a94-e487-11e1-9bed-6431506b3c61
 
Error - 8/14/2012 3:57:49 PM | Computer Name = Anja-HP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 7
 
Error - 8/18/2012 5:37:02 AM | Computer Name = Anja-HP | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 7
 
Error - 8/18/2012 5:37:16 AM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: consent.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79e79  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0xb0  Startzeit der fehlerhaften Anwendung: 0x01cd7d250cdab294
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\consent.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 4b58b68c-e918-11e1-87fa-e02a8249b4ae
 
Error - 8/18/2012 6:01:32 AM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vssvc.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7998d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x7d0  Startzeit der fehlerhaften Anwendung: 0x01cd7d2870a7e296
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\vssvc.exe  Pfad des fehlerhaften 
Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: afb4b91e-e91b-11e1-87fa-e02a8249b4ae
 
Error - 8/18/2012 7:17:15 AM | Computer Name = Anja-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SCHTASKS.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79da3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a
ID
 des fehlerhaften Prozesses: 0x67c  Startzeit der fehlerhaften Anwendung: 0x01cd7d33052a3a27
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\SCHTASKS.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 43574f56-e926-11e1-87fa-e02a8249b4ae
 
[ Hewlett-Packard Events ]
Error - 9/27/2012 11:03:46 AM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 10/31/2012 11:01:50 AM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 10/31/2012 11:01:59 AM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 10/31/2012 11:03:01 AM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/8/2012 5:11:09 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/8/2012 5:13:40 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/8/2012 5:13:41 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/15/2012 6:23:20 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/15/2012 6:24:35 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/15/2012 6:24:47 PM | Computer Name = Anja-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Software Framework Events ]
Error - 12/29/2012 2:58:59 PM | Computer Name = Anja-HP | Source = CaslWmi | ID = 5
Description = 2012.12.29 19:58:58.946|00000E94|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007041d.
 
Error - 12/29/2012 3:00:00 PM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.29 20:00:00.278|00000E94|Error      |[CaslSmBios]hpSMBIOS::D{bool(byte[]&)}|Aufruf
 wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
 
Error - 12/29/2012 3:03:29 PM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.29 20:03:29.396|00000E94|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007041d.
 
Error - 12/29/2012 3:07:01 PM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.29 20:07:01.198|00000E94|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007041d.
 
Error - 12/29/2012 3:08:01 PM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.29 20:08:01.367|00000E94|Error      |a::a{hpCasl.enReturnCode()}|Registering
 for SmartAdapter.PluggedIn Failed. RetCode: e_GENERAL_EXCEPTION
 
Error - 12/30/2012 8:49:31 AM | Computer Name = Anja-HP | Source = CaslWmi | ID = 5
Description = 2012.12.30 13:49:31.587|00000BCC|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Die COM-Klassenfactory für die Komponente
 mit CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} konnte aufgrund des folgenden 
Fehlers nicht abgerufen werden: 8007041d.
 
Error - 12/30/2012 8:50:32 AM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2012.12.30 13:50:32.926|00000BCC|Error      |[CaslSmBios]hpSMBIOS::D{bool(byte[]&)}|Aufruf
 wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
 
Error - 3/15/2013 2:30:10 PM | Computer Name = Anja-HP | Source = CaslSmBios | ID = 5
Description = 2013.03.15 19:30:10.285|000011B8|Error      |[CaslWmi]CommandSmartAdapter::GetSmartAdapterStatusFromBIOS{hpCasl.enReturnCode(bool&,int&)}|Error
 597 from BIOS WMI call Read/0Fh while getting SmartAdapter state
 
[ HP Wireless Assistant Events ]
Error - 3/21/2013 3:42:17 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 4/4/2013 5:57:01 AM | Computer Name = Anja-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Fehler in der Anwendung.    bei HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     bei HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 4/4/2013 5:57:29 AM | Computer Name = Anja-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 4/19/2013 3:54:59 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 5/11/2013 7:19:33 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 5/11/2013 7:20:15 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 6/18/2013 8:50:48 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean
 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei
 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 7/8/2013 5:30:30 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597    bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
 calibration)     bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 8/7/2013 5:29:14 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 8/15/2013 2:37:44 AM | Computer Name = Anja-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597    bei HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
 calibration)     bei HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
[ Media Center Events ]
Error - 8/9/2013 6:07:23 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 12:07:22 - Fehler beim Herstellen der Internetverbindung.  12:07:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/12/2013 7:46:28 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 13:46:26 - Fehler beim Herstellen der Internetverbindung.  13:46:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/12/2013 8:49:40 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 14:49:36 - Fehler beim Herstellen der Internetverbindung.  14:49:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/17/2013 2:25:01 PM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 20:25:00 - Fehler beim Herstellen der Internetverbindung.  20:25:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/19/2013 5:59:13 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 11:59:12 - Fehler beim Herstellen der Internetverbindung.  11:59:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/19/2013 6:59:31 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 12:59:30 - Fehler beim Herstellen der Internetverbindung.  12:59:30 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/19/2013 7:59:46 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 13:59:45 - Fehler beim Herstellen der Internetverbindung.  13:59:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 8/24/2013 4:44:27 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 10:44:21 - Fehler beim Herstellen der Internetverbindung.  10:44:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/1/2013 4:30:40 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 10:30:39 - Fehler beim Herstellen der Internetverbindung.  10:30:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 9/16/2013 9:13:01 AM | Computer Name = Anja-HP | Source = MCUpdate | ID = 0
Description = 15:12:40 - Fehler beim Herstellen der Internetverbindung.  15:12:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 11/13/2013 7:58:20 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 11/13/2013 7:58:20 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%126
 
Error - 11/13/2013 7:58:20 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 11/13/2013 7:58:20 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%126
 
Error - 11/13/2013 7:58:20 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1062
 
Error - 11/13/2013 7:58:28 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 11/13/2013 7:58:28 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%126
 
Error - 11/13/2013 7:58:28 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 11/13/2013 7:58:28 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%126
 
Error - 11/13/2013 7:58:28 AM | Computer Name = Anja-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1062
 
 
< End of report >
         

Alt 13.11.2013, 17:08   #5
M-K-D-B
/// TB-Ausbilder
 
Avira hat Trojaner tr/mediyes.gen gefunden - Standard

Avira hat Trojaner tr/mediyes.gen gefunden



Servus,



auf deinem Rechner befinden sich noch Reste von Mediyes. Zudem bist du noch mit Adware und unerwünschter Software infiziert. Wir kümmern uns darum:




Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:services
Update-Service

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 4
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des OTL-Fix,
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM.


Alt 13.11.2013, 19:49   #6
Amalia2110
 
Avira hat Trojaner tr/mediyes.gen gefunden - Standard

Avira hat Trojaner tr/mediyes.gen gefunden



Logdatei des OTL-Fix

Code:
ATTFilter
All processes killed
========== SERVICES/DRIVERS ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Anja
->Temp folder emptied: 602429813 bytes
->Temporary Internet Files folder emptied: 19498868 bytes
->Java cache emptied: 9482767 bytes
->FireFox cache emptied: 415826057 bytes
->Google Chrome cache emptied: 407134986 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 101301 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 575906434 bytes
->Temporary Internet Files folder emptied: 2084150 bytes
->FireFox cache emptied: 6734463 bytes
->Flash cache emptied: 56914 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 114000 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 195727466 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36046003 bytes
RecycleBin emptied: 677744 bytes
 
Total Files Cleaned = 2,167.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11132013_185649

Files\Folders moved on Reboot...
C:\Users\Anja\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Logdatei von AdwCleaner

Code:
ATTFilter
# AdwCleaner v3.012 - Bericht erstellt am 13/11/2013 um 19:21:14
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Anja - ANJA-HP
# Gestartet von : C:\Users\Anja\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BabylonUpdater
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\clsoft ltd
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\RightClick
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\Program Files (x86)\ExpressFiles
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\MagniPic
Ordner Gelöscht : C:\Program Files (x86)\yourfiledownloader
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Anja\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Anja\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\yourfiledownloader
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\Extensions\ffxtlbr@privitize.com
Ordner Gelöscht : C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Datei Gelöscht : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mj-studio_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mj-studio_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DataMngr
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\magnipic\sprote~1.dll

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16457

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\prefs.js ]

Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\i0d523rf.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v

[ Datei : C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12452 octets] - [13/11/2013 19:18:35]
AdwCleaner[S0].txt - [11457 octets] - [13/11/2013 19:21:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11518 octets] ##########
         
Logdatei von JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Anja on 13.11.2013 at 19:46:05,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C92A092-F416-4AA5-A542-77E5EBA75736}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Anja\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{001BE13F-FE02-40F9-8C62-AEAE823CE9A1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{00575BFE-9AC8-4B9A-BFE5-3EEC66DACF68}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{007F51D0-5321-4F18-A57A-FD41547ED48A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{00F0B30C-F1E2-4A72-BBCA-BECC436B71BA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{01422EFC-3B30-4E15-9DA8-43D7C5903F2B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{015FBFDD-84F7-478C-87F5-71630EA21A45}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{01C14568-81F8-4A16-A2DC-20EA1C612301}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{020A65ED-F5D8-407D-A2D3-E0E7E21E095C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0237D3BE-EEA9-4584-A349-C96488DA6AE5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{02E2F83E-562E-484C-B364-E30A5F026F61}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0308D409-F6DE-43F1-9670-A6046AD52394}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{030F423B-C867-4D1C-88FA-3638073EA8B8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{031FA85F-4D85-4090-9DDC-C1761FD624F4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{035879C5-C94F-44B9-926A-2B79D74EDF95}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{03AA1DEC-02CE-4AD0-9B4B-936E7FCD0BD0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0502E671-CC91-4C7F-8AB8-2DF9E64320D7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{053EF262-9232-4A92-B5B7-5D5B4C713E1B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{055772A2-78A5-4583-8D18-0FCC479E2D19}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{05B43B5F-B240-444C-9CAD-7AC9F50CD74D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{05E61F23-306C-430C-88AD-8691150AA371}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{063E998D-BE00-4457-93D1-9CE25D295341}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0666B270-E8D2-4187-B761-7A7F8AEF2BFC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{06D3A800-6F54-4967-966B-2DE6243F303D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{06EBA169-E5AC-488C-A7CE-D1A2177D8500}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{071D7A30-A0BB-41E3-BD5A-A862E15DC9A1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{08C337B4-CD0B-48BF-A601-E7CE70F704E3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{094F73AB-A834-4123-BAAC-25CA1438DAD3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{096D7060-8732-433A-9FCE-C067EE49AB19}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0980E307-0B80-4A44-9584-C0144B1F9B89}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{099D89D1-C283-409E-AA31-966D98D03FEE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0A090681-C50A-4F93-9FC1-85AA987F4347}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0AFAE1BE-9483-42B5-818E-70EFBCA1898E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0B393109-0341-42F0-B5C4-72C44FBC1E37}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0B88DFA0-EA21-4B84-8B40-B97E3822ACA7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0C5B8C0D-2F33-4FFC-A9F6-FE4D97D05A1B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0C645EF8-7708-4C49-89F0-596A5FEC9E92}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0CAAB320-63B4-4E6E-B96E-D27EF52E3D11}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0D1B37AA-CB88-43C0-83C1-1381D69DF0C8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0DA78E7F-0E62-4B51-8373-F88EDF829B6D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0DAC62E0-EA2E-4CB8-8384-3DEFF714AF3E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0EB9B722-70AD-4831-80B6-76507A2D6702}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{0EFEAFDB-C725-435E-A6E0-26FAF2914007}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1097330E-71BD-43A2-8CDE-9113A3B7313D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1240BD07-6BE8-48A8-9528-1A348C42DB3A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{134E9290-7125-41EF-8AE9-EB0A6F5F851D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1378B717-6299-44BD-9CCD-B3B88BB21373}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{13C7634F-629D-45C1-A4E7-0253709C6241}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{13D0DBC9-D4CF-4944-9239-FCBE4E8AF755}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1463B91A-2E5D-462F-BE2C-AF1F9EDB76A0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{15071DCF-CC14-4DE8-9AA1-8B16F2C4FEA9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{15426CEF-9768-4081-965E-F1A19E949FB4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{156E778B-0BA1-4049-A5B0-24C0750A1D35}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{15BFC1A5-D77C-4F6C-8948-A6DC7CCA45BE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{161B1096-7537-420A-AA2D-572DBAA8222E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1632CF35-FE38-485C-B412-61DF84145215}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1646981A-6E37-4E3A-908E-018949A2619C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{16844505-199E-4E96-AB0C-CDF7BC3D1ABC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{17C333C9-7A55-451E-B4A5-FEA6876A57B1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{17D441B9-88EB-4C80-8443-34AF24394D31}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{185A0E46-7117-437D-8798-7E86766546C6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{186189E3-7F80-48CE-8973-C1C82A2884ED}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{187FEBCE-7E02-4EFC-8963-8EF26BD1A85D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{18BBA536-6A2B-44B6-97F3-953C014BCB93}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{196A9D10-5348-4A22-8DBE-A673EB551DBE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{197E0A47-EAAD-420D-9F8F-32DBEC2BE57F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1A2488E6-E3D2-4DCB-ADF6-33FB8133A313}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1A730EB8-126C-45CF-A05B-565DC1A2CFA1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1A91FB8A-60A5-4696-A3CB-F6981EC5955D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1B241FB1-3A4A-4555-9165-01334B399D58}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1BB18C58-A9E9-4214-ADD6-37A4C4DFE6B9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1CE33AEF-82C3-464D-BFBB-D24774EE6AAF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1D1AFF5C-A4A2-433F-8063-E4B5BF466923}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1D443779-EFF5-40F1-A5DE-9F5EFE403412}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1D45029E-1662-46D2-AA09-AF3D8B35C6DB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1D8F0466-37BB-496A-ACA6-6EF42A56BE95}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1DC1C05D-A381-48B4-BD2D-6F527A9E0871}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1E17ACE8-C9C6-458E-AAD0-1465233FF8BA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1E68DF81-13A4-4CE3-A678-0C7418E87AA9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1ECB9C57-D9FA-4146-B11B-CC2BFA9856DC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1F2A5428-7642-4B42-A09E-C87A7AD60127}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1F68A8B3-4653-4957-84F0-9E2D381B7E8E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{1FCB16A3-71B9-4006-B290-8858CA5F806E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2025551A-0277-4BBC-8E2B-421C0C3B8B11}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{203E62AD-2512-4449-A707-396B8DA83505}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2097F026-FD26-49DC-9C66-573B1C424937}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{20EE683C-E7E0-43DF-9E8F-5730C24759AC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{221AE7FB-CD30-44A0-A1BE-BD6ED44D4B1B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{234432E5-7EB5-47E2-967E-93E22D8D08EB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{235F2231-C64C-4537-B159-F15515C81E88}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{23B74BC5-A8BF-4787-A268-1F3661E27E7E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{245069D5-11C1-41B6-81D4-A9B8B8D54B3F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{24C88D75-1E37-4205-A89C-A6C58F927659}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{250B6AB4-2A50-41AD-BBC5-2850FBFE29D1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{253E6AEA-D9BE-4F10-872D-B44C5C62458F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{253E983E-1798-4735-960D-097E33C044E0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{25A36B0A-207E-4E80-ACDD-2436D0BA8C81}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{262F9238-911A-4DC5-840B-292D6B3922CF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{26DC530A-1884-4E61-90E5-FCCC0A8F12AD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2761F357-DB17-41AA-A5D2-49D4F6BCB546}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{27C4221E-3867-4A25-A2B8-BF0178CE2760}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{28403312-BC3D-4AD6-B536-63AAD1AF3A03}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2864AD87-D0C4-404F-9BFA-96B3C7F2E026}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{28DC669A-660C-4A2C-8B76-8ED2AE140806}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2965EDBC-83BA-48EB-9A26-C57D4237A9C1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2990D3EA-0761-492F-833E-7A9BF21EF1CF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{29D487E1-1FD3-4723-8668-05A2E884A72B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2ABBD2A0-C47D-4FF7-927B-156E07244D14}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2AF62FE6-6C69-4F0B-A018-158D02233B4E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2B50654A-8EC6-4D63-B353-5C0664BE200A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2B57EB46-8993-49DB-A2F6-D237958E39D0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2BBBA4D3-50A0-4736-B247-90334E4D6CBF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2BEB30AA-2E62-43AF-852F-80E3F762D3D3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2CD12347-0E90-4EC5-BD89-697BF4CEBDB5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2D9FC0CB-2E2B-4CAC-B286-D919BB907682}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2DBFDC92-4BF5-4C98-9793-D335EB99B295}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2E08B6B8-D796-4943-96EB-506D99C22F30}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2E3142D9-B010-420F-A4A1-0EB0FDF2B1D9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2E5A0998-A9C2-4C78-BB4A-7FDC9DAEC6D5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2E8C8BF5-45A0-4CDD-B180-8506CECECC7D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2EC8F042-CA55-4D18-B583-0133A69C3048}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2EFFA18B-2C48-463F-862F-704AC82E987B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{2FEE4148-CC69-4759-A524-EB019AF20E50}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{303D4EDA-FAA1-4938-8047-40343E247A7F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{30430E47-876E-4F11-A996-8E2C49CBDA26}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{30AB7F66-1EE5-431B-B319-3CC26F13BACB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{31090261-E923-4EF1-8ABB-78149E5162BF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{312AF67B-DE78-4D80-BC12-C5059287E5F6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{317D0AC6-99EE-4C9A-B143-E8231D02E0B4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{31B36A3E-6EAF-49AA-890C-224755FB2089}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{326259B8-2D37-4EA3-8D62-9BC9C36950E7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{32841E65-8F9F-452E-96DF-45933B1B548A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{32F64B51-0632-4706-A94E-2879D86CD804}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{338CE20A-A079-494F-A6D3-7EEAEF3D8DEA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{33B2A88E-FBBA-455C-9641-BF1E91954EF5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{33CEB14B-E06A-42C6-B9FD-5FBE34539069}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{33E78270-78BE-4FC2-B703-192185C1BDF5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{348690F6-7682-46E0-81B4-7326A78F1E65}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{34F3C5FB-3EE8-43DA-AC58-246A42913783}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{354D7017-4465-42D3-907D-07BA412D86CC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{356315CC-7BF6-4BDB-9237-21CE7DE43859}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3621ADBD-3255-480F-B8E7-DC4AE65F0964}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{37681789-A696-4FC9-B73B-C7E1D2782929}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{377081D4-9580-450C-B40B-1C2412DE5BBD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{382ACD60-9CAA-48A0-A2E8-2B433EC62E5B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3870A40D-9D8D-42A7-B4AA-4D6A0E3DD665}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{38B590FC-BC48-44E8-A0DB-8728E6E015E2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{394A6B1E-6957-4325-AB45-E20FCCFAF9AB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3A670FA1-CFC6-4181-B303-0C6D16C70FCD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3A84A157-7F33-4DB9-99A6-324464E19F02}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3AA2211B-1B64-4C13-BA08-BC4B3692749A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3B13C19F-8CDC-4CFC-B9F1-83769DBA642D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3B3E81C1-75D5-45AC-A055-0B39643E891E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3C2B2ED2-43C6-4114-A200-210DA77DCFD0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3C5AC8B6-EFE6-40DA-AE9D-1C6C51FBE837}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3C8D7556-83EF-40F2-A3F1-05AEB7828CB6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3CED4B39-AA3D-411B-94A6-DF4B18A108FF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3D1DFEBE-54D0-4B7A-9D0F-CBBD46964DCF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3DDD2BD7-389E-43A2-8E53-BB3E7EB5DF6A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3E350C4F-855E-4805-A8B9-B4C3AF56864A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3E600447-3274-4F45-B23E-FC8B8C078FCE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3F647997-BE37-4AA5-8C7E-FF015FBE2DAE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3F66429C-A58D-4FA6-A8E3-2186AF1DD61F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{3FDECFAD-9D7F-49B4-8ADF-68766D87F697}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4002CF26-8743-403F-9065-2D78BC14C854}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{40058F49-6CF9-4259-B5F9-3DB9DBAE98BA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{40377BE4-E077-4F7E-B2E3-D9766FC3979F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4039F200-943A-4618-B703-6293B428CB52}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{403D4D8F-9696-4018-A406-7EDF4995873B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{406B689E-42B5-45F8-A994-58777D6CF0E5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{40BB730D-C98B-4D57-8A6D-5BF7E39E2361}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{40C617FE-B87A-4882-8DA0-AD0F68AB2402}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{41F4472C-45C0-4C1A-9D0F-9E41E9348AA9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{42150026-C9B6-4980-8550-31C24B986085}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4216919F-7D8C-4038-85D4-A54E208C09F4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{425410A4-F6C5-456B-A3F4-DB2094CE8A37}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{42556BD2-0630-44BB-9E6F-76409496C9B0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{42C13826-2B91-4668-9A29-E68C0C8ACA7D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{435A82F8-16EE-4D80-B5D9-E51618C92AB6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{43A668C1-52DB-4A51-8C7D-CD73F9D0D5D2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{442F9312-45D6-4BBC-B093-E4E3FB19EFD0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{448676DF-7472-4E2E-AFFF-6FF38396CF5F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{44A91216-5E15-45DB-A452-0E1D3EEE1B5A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{45BFCBF8-2B45-4F6B-A280-8D9A1500BE73}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{45FC9A63-4DA9-4CC3-8CA1-45463E513CF8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{46026469-EDBA-4DAE-9975-CA4E0199DA1F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{460D606F-3A7D-42F0-9BA3-B33A7A7CD160}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4615926F-41EA-4B11-A321-9E10FC657503}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4628B279-0746-4B9E-BFD6-B78D5D2EA4D7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4656C621-EAC1-4A64-989F-72BA32799B61}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{46E04350-720F-4F69-A548-7B9948DCB667}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{47000BB0-CB2F-4DF3-B50C-680D5C9EB1D1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{47096F0E-7DF1-4DB7-BD0A-650FD2FE2EB3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{47128211-A562-4FB6-A3F7-EAA528DBBF24}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{471B2B97-4DC6-435D-9683-12DBF68BD459}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{47BA8196-7178-4566-9617-EE3D54267BC1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{47D087DC-CB94-439D-9E95-ABB387DFA432}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{48165532-2342-4AEF-8BF0-41B8440B0DEF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{493317BC-C9F6-4FDE-BDFF-89FA3ACC946D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4A69CF54-4B3D-42E7-8101-6EC8C94E235E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4AC88794-6487-4691-984B-6793A92ED880}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4B25DB7B-18D6-40CF-AB52-1D87B86A2F50}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4C252FB1-A2C9-4A38-9BBF-3785BF53C404}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4CC58F37-7272-4B5E-A447-47A226AE52CB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4D27BFE9-B239-42AB-8D90-AEA57BFDB630}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4D62C840-4ABD-434A-AD07-4BFA5B3D466A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4DD3823E-A559-42FE-8D1A-5766D2E32BFA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4DEA2494-F871-441D-8DA8-9DAF78D67CA1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4E22AEE5-2A92-484B-9554-5D71DF824C6E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4E3ED453-EFF3-4AD5-B7D6-55C6B25B889E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4E71ACA8-19F9-4ACC-9A8F-509E16A81BDF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4EB2905C-CB66-48D1-BEE4-D822745C6CE5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4F6E8C7F-9C4F-4995-860F-400F06745F9C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4FD3C279-3D60-4BD6-A6B1-252F8BB3DD94}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{4FE894C1-9BF2-4620-84F9-1498435B5CE2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{503436E6-2DF6-4748-8FD8-C8112951230E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{50D17ECA-2A87-4948-8ABD-A5DC0AF874E5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{50E45B55-1537-48AC-8E35-F4BF4CC2876B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{51515737-DDDB-4F12-ACD6-74BA6EBC84DF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5172D9D8-92C9-44AB-8706-3AD958E7C4BE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5213F867-E58E-4BAC-AA9B-567F68A4DDED}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{524F3572-5BFB-481E-AD95-10941410EA2B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{53A5AC0C-AC31-4C27-842B-2BC7F2290B41}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{53BD31A8-6533-4760-A185-FAC52EDB7DFE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{53FA0800-DDAB-4706-8D0C-6B928BF1625B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5466F336-0FE8-4F43-B516-96D650EDCC43}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{546BE58C-6A22-464C-AD21-BD4A923FED35}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{547DE481-FFAC-43C8-8687-86387FB3446A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{54C83F01-55A0-49A5-923C-5A27031A82B9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{551C1F4F-143C-4694-9FD5-3938638140C4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{55443C1D-5D3C-469B-A1C1-19A58E9C3245}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5551CCEC-E243-497F-BD81-9DFDC5231552}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{557C9DA7-4EAE-4D93-8D3F-091280E3F598}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{558A8B4D-980C-492E-9BE4-072B06C22DDF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{55B20E1C-1347-485A-8DC7-5222872DBE13}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{56403899-93AD-4F04-85E1-231CD8760179}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{564C0F3C-8901-43A1-A449-BED5C2B372DF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{56A11499-11F2-41CC-AC82-CF5CB69D7593}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{56B3592C-EC7F-4D38-A7E1-541F94030844}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5713B203-756A-4B73-8D86-D4E15A42E740}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{57D28DE5-8140-4A29-9B7C-E12FC727B79A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{57EFBAF5-0128-4721-B319-FC2F1F3AA480}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5847B1B2-CE4B-45D2-BCC5-A55E1B1ACDB1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{58B26314-8C64-42D9-9454-AF3DCAA58E75}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5939E48C-8153-48AC-8BAB-2A49F4166236}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{59EB8593-899B-430E-8B24-AF25922E9D3A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5AA0FBFA-FA51-48E1-A64C-40B95EAC1ACB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5AA11990-CE2A-4B14-B549-7FFA5B642A81}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5B39FC88-49F2-43BD-89A6-08FBEB80C2ED}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5B4A8AF5-4C87-4085-87A4-F1BA170F1BE6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5C1A7BB0-2D18-4081-B380-A75C8432C880}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5C93FBAD-D997-45F6-96C9-B40B2F2C41E8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5CF24285-0A9D-4362-B5DA-EAA596A5DD3F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5D30D9CB-52EC-4C3D-BEEB-C36D752436B5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5D6E441B-57D8-42B8-8642-E448A5CCE6CA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5DAB78BD-0CF1-4822-A0A6-11D63DFCA19F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5DE21FF4-D4B1-4005-9D13-51EFECD5C8DE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5DFC34D1-5332-4D35-B01E-B519CE065DC7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5E8E5462-F35B-4D6E-B323-49F816B34DC2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5E95A085-A4E5-47CC-8CD3-63E2D2D1F5F6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{5F9DE22F-4F56-49B4-9A67-2ACA33AD46EC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6025237B-4640-4830-B159-910AA829E4D7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{60843916-5A7C-4A9D-994A-8AF91616682E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{60A3205F-2958-4FE9-A1B1-8C3BE36A74BB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{60E5903E-D839-45A7-B4A1-DE1ED34BF8A8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{610AC13E-486B-4439-96C5-581EA2CCE366}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{617F8FAA-ED28-4373-8F49-CE45E77CFC2D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{61EA97CE-A996-4FAB-B4E0-2E494434E121}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{620E3953-BBD3-46B2-A60C-E625B006B01F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{620FD506-8CAE-4827-A768-19276C6BC4F5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{623F8014-22DC-4381-82AD-C1FD3814EAD1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{62E7EBA2-81AB-4D7B-A2C8-E856A58C083F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{633C6661-00C6-4AF9-886D-1CF589EEDD83}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6383DE01-85CB-4F55-AEE5-AD77DEB175A1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6408E3BA-D4AC-4236-B6D1-C064AC640C8B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{648923EB-D518-4069-B73E-38EA52CB6D14}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{649A784E-7771-4FC1-96EE-A9D503494BE5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{64CC9BC5-EA4D-46E9-9707-30A74B43F84A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{64FAB5A5-B530-4C1D-BF50-E6E59BE53C9F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{65274363-E427-4E9F-A0F6-C345C5407438}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{65281517-2F45-47A4-AC51-9B1A4DA503E0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6569EE07-DB9D-469E-8488-F4C7AC4EA01F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6591A5E4-28CB-4F8A-B8D2-8BE673ACEA5D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{66044FC4-D4E2-4D8C-A2E5-F10EACC75540}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{66BBA867-8D1D-49B8-9728-DEBD2432B7AB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{68155A39-EF81-4FF4-B933-806B599C5349}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6857306C-E639-4733-B4D2-D7F9CF447FD9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{685C963D-4D0E-400E-858E-0B0C6F5E1D0C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{68964A28-940B-486A-A79B-4E413F2C4478}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{68B14E25-8FEC-4BF9-9EFD-378C316D8AF8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{68EDEA77-E119-4B5D-B19C-7BFA8BE37AF6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6B048CDF-C7E2-4235-B35B-9E29821E6387}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6C370CD6-FB7C-4A74-8CBB-DB6DB2173705}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6D5BB3E9-6E8D-4E96-BCB3-EA079ACA3187}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6D8B6FAF-52DB-49B9-81ED-9CFE0544FAD0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6DB61388-5A72-45FD-8415-1151109563C9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6E37BF22-4638-41A6-A446-E2ADDEA301DC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6E82952E-2B3A-433F-91F6-A2DC1AC340D3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{6FE6297E-2AB6-4D18-AC58-2FD0E85613AA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{701193DE-678F-4344-B331-755950B352D4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{71279DAF-305A-43AB-8069-3B4A17682602}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{715E7C03-4568-4BD7-ADF6-70D13D81F91F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{71EC5862-0DF7-4831-A74C-12517B2915E6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{72260607-8893-4B07-973A-BE503D625896}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7239CA03-328B-467A-A583-513107943C41}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{72719D26-3A44-4294-81B6-4C8780618061}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{72B44920-2FE5-4104-BE67-30A85666DA38}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{732DC3A2-64B3-4AE2-BBAD-A13CCA645707}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{73EDA30E-CE0B-4250-9778-BF82EE634FF6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{73F1E4E0-D65F-4D08-B7F9-7A6905133D78}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{742708BF-8A9E-4B39-991E-69A1EE258613}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{74912D82-F165-46D9-AECC-DA6E12480E0D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{74AC72E3-D8A2-488B-961D-975F41DC6898}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{74F7ABEF-A163-478A-A3AA-67F965155CAD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7550652E-0B3A-4EA9-BF03-EABC04E7E33E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7583E8B4-6941-47A5-91AB-75C7E4A1B67D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{76E14521-E387-4932-B549-AEFEABF29E3C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{76E4AE6B-9B4F-4332-9E53-4A43717727BC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{776C3A52-F8E1-41A8-A134-D4376D8CE6FE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{77CC68C8-2E1F-425B-B932-55FABEECED55}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{77E1153F-E571-4797-8FB4-EDE7C9D4C7DD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7808CDE8-5945-49FA-822A-533F054CCD5C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{78100C14-18E2-476A-8E36-EAB0CE0377F7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{782EE0AC-AF77-4501-B629-04F4C99C603E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7903CC78-74E8-45A1-8ABF-EBB46D0E72D8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{79AB7159-68DE-4C56-8E54-105AA5B5499D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7B44C855-318D-431D-94E9-D777A2B38928}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7B7CFB81-45D8-4B52-A796-AEEDF94DA913}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7C5B3FA5-9EB0-437D-A34E-7CBE8D5157AB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7C7BC9A3-78AF-440C-ACFA-3B79F868C12F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7CA2D2BE-19E2-453E-A0E9-4CABC1BDD694}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7CE1DE73-CC93-495B-8A62-FD7AC1BB2EB3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7CF4203D-CF17-4E41-81FA-AF831C4DACD1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7D65B5FD-E638-46A4-8753-BB31B7FDFD76}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7D73A490-529E-4DA3-9DF5-030F932DF1B8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7DA653A8-A47F-4408-8366-02E43B448708}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7DB431C5-EDC4-45F9-BCF3-86F98D217791}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7E5491CD-8AE7-43CD-9B5D-7F1FC843AAC0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7E7E9B65-DF7E-42F0-9DA1-7924F4A31351}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7EA07514-74A2-428A-AD4C-38E1C6A41CF6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7EA956D7-005C-4E39-A644-5540349B7172}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7EBD5BB4-CDB4-4655-A1D5-16091E267232}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7ED462F6-F6ED-4A79-B72D-F49BE3D4E610}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7F7D9F9D-8C04-4016-9457-0263A73D740A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7FC5143C-E51C-4F36-9B8C-935CBA97CBD2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{7FC5F9B9-4F29-4E1B-8154-D1A8B68956F6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{80A7F7B9-145C-4D43-81FF-0E667CBEAA6F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{80D859FA-0377-4E8F-AF2B-D0E77B33D90A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8160E0E3-CC14-4D4A-89A4-D9C9217F8831}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{818B2490-2054-4683-A9D7-7659593B034D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{819A2821-331F-433D-ACC6-9C00CB571ED2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{81C3A667-5BC5-4ABB-B1C6-058B41BEAA8C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{81E114A0-1DE7-4387-B80E-CF4EA82F7316}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{82554106-3C2F-47F1-AC96-FE41FD2ABFC2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{825A8288-F13B-4430-BB74-93D980E94E6C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{82BFB72D-3D52-4E4D-A033-0F7EE2C41D00}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8498D211-0AE5-4B93-A083-8D872E041EBA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{84DF3EAC-4574-40EF-81FA-85FB40596912}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{85650BFF-A31A-4AAC-BC52-A4747AC77319}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8574DC71-3C05-4AF4-94A7-215809EF5F82}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{863D93BE-6865-42E8-BD7D-541145735436}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{86556902-A465-483F-BC98-65F8D4CF2DDE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8751AF76-D61C-49B1-9A5C-A1F71736AE40}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{87565F96-BA3D-4186-B56A-AA2C2B9F38A9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8971ED47-1188-41F1-8A44-B51A552CE029}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{89D26E1B-C315-4C9F-92AC-62644972371E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8A5AC2A6-7F80-4840-AFE5-2E72FDA21A14}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8B734D42-CD2F-455E-920E-284C069604BA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8BA24BF9-F031-4A2E-9676-EECB7A817E93}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8C88B55A-363B-454F-918A-5831F6FC69F8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8CAF0D4E-20AF-41A7-89DF-1F1F140FB02B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8D68F275-5392-41CA-98F1-BCBD11EE4CF0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8DA06D37-0B0A-48CB-829A-6F064DB70CE7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8DA62BA4-D426-4AA0-B876-746241642880}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8DB3B168-6616-49D2-AB3F-45C4A1ABA6C5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8DDD12FD-E156-42E0-94BB-413554AC5429}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8DF43BC9-EEE1-446A-9D5B-BCF9D0D3DCEA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8E08A987-9738-4B8A-956B-2ADBE12FB660}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8E1B6190-8495-429E-BFBD-828AC000E89C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8E63A92C-850F-4D3C-8AE6-075926DFE058}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8EC8141A-148A-4F44-8FEE-664B86DC9769}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8EEDF908-2785-4058-87F9-6F756FEF8515}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8F77CE25-B7BE-4B66-8BC9-325AB20037BE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8F787935-3EE0-4F03-98E6-7FFC048307AA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{8F8BB9B7-9026-4C1C-BEFF-70BC366DF50D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{902B6170-FDBA-427C-A38B-CA77AB764694}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{905BCD13-65C3-4506-B544-4D1911A6DC7E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{90664843-102F-4BA3-8212-2A989072E73D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9096A005-A78B-4D24-97AC-73E807CC69AC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{918FB3A7-B759-499A-B7BD-F3B52365D7D1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{924B8F7E-ADA9-4DC1-BD19-ED8730A68783}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9297A23E-7A17-4C14-9589-72C6C41D3008}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{929BCC0B-3512-4AD1-B1EF-629C5E80FD96}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{92ADED59-8C98-47C6-9847-7A5D5E414ED9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{93753F91-DF0B-48DF-AE0B-91142B4DE14D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{93858B89-D40F-4C05-82AB-D6DE98D7A781}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{93C13575-9C05-434E-890B-3E3CA746AD19}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{93CE7780-3265-4B91-9B9D-C6D0BCF3FABB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9432D393-B663-41ED-91FC-04BF40FD4BFA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{946EDEA5-5A9E-4217-8E09-975803C5610B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{961CC196-A1EE-4A6A-A8EC-FD3064126198}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{96599C35-5E0E-4C0F-9B4A-290F9CFC1EA8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{966D2B2F-1D2A-42F1-AEF8-5CC7A4BF2858}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{96A0071A-12E6-4CFA-9D03-BC12B6CDC55A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{96E0FF46-9143-45FE-9F39-E35B428DCFC1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{96F8DE14-FAA6-4F32-9429-88852FC91439}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9746DCE9-F335-445D-BCAF-F8D2F476B5DF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{97A1120D-C99E-4598-977F-838AF3BBEAE8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{97A48E15-5580-4E66-9C83-AA0C92CDC36D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{97DABED2-EC0F-4632-87A4-4F652446B816}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{97DFFEBB-B862-419D-8D4B-526BD0F3E5C5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{984DF10F-3139-4CD0-95DD-76270F661129}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{997F46C8-2DB0-4162-AF6C-AD27EB26F7A6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9A50CC3F-8F70-4DC1-AC35-02C6621F77E2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9AD05902-1A3E-4C71-AEC6-3B8074194794}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9AEF0853-7CA4-405F-A549-6BAB98CBFBE5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9B5CCB2D-55CB-4619-83AE-6E25A5393848}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9B9690E9-AE6E-4E8A-88CD-5C07D1EAA807}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9BA20F36-E6AB-4D54-B245-3BF4EF899072}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9BBDB8BE-ADD2-4DFB-983C-001C8D0D65C8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9BC38920-22D5-4C80-8A9A-C833E5203745}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9BEB70A3-C98D-462F-94FA-0586A9D2CF52}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9BFA521A-76DE-4894-BED5-068D53DCFFAE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9C2183AD-2307-4627-9C1A-8D73EDAA572B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9C66E84B-FE22-41D5-9F02-08CD70DCF016}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9C81DF49-D574-4135-AE91-0806A89CE0B6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9D5F02A4-861F-44DA-9C2B-EB0B32699F47}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9DF9EDD1-B036-4C88-823B-7ED2B5F63A10}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9E4185BE-F574-4BF7-BAA9-677163CD5EB8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9E5DA368-C101-4543-8131-E10CE9BAC305}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9E8894AE-B217-44C1-A745-E888FE499BE7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9EA63F34-F5D9-4117-8597-35DF555145C6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9EE23DD7-3787-4B9A-BCC2-8E2F5F0409A8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9EE5D4C9-38A6-4F0B-8262-0CFC6BF7D369}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9EFDDED9-CCA3-4EA7-977A-411268C9ECB7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{9F508FDA-D722-4AA7-8A80-8A9F4B6E7111}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A059DCF3-F53B-4FE8-9C2C-45BA52AC95FE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A07E77E7-F27F-46AF-8A59-078E38F275E7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A0804CE2-BB42-405F-95A9-21F08A29B84C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A16D81E7-D15B-4988-8F4F-78594F998EAD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A1D79073-07D5-4F39-B0E9-030A5ACA4742}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A1E89F35-8C8F-46AC-A2AA-A7024409DB21}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A22A9BF2-4ED6-48EC-B82A-3FE030D9FBC3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A27CACC7-DE4E-4C51-A98A-FB360AA2963A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A2866FD2-4FA6-4A66-AEFA-5C2EA9FCF1A5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A3018F9D-8BC0-4B67-88D5-AB0DDDF00A34}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A366BBFB-19FE-4B35-98FE-2CE8DE672A66}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A391697E-F240-40EB-BD0F-1EBE87BBB32B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A3A63358-41C7-4673-8CFA-CD7CF6ACCF6E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A3CD8793-2DC7-4281-AFB2-E32961774216}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A400FBEE-0781-422A-9503-61F274213727}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A4DF34B7-5382-4BC7-9DBC-6E54D508E87C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A55D6178-81E2-4720-81DD-F45BD9F551B8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A5BB18EC-B9A9-42FB-922F-E3C5D7927AF7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A6926EB7-FC1B-457E-BEC8-A1F8C6A2577A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A6B70E0D-8FB1-4664-AD46-E3368926B617}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A6C719B8-FE01-405F-9E9B-3B3B790F8C9F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A72272F5-1547-406B-AFBC-12A3AE604EED}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A75FD6C2-7F8F-4D55-B5BC-FA5F64B0C8F7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A786A4EE-502B-47DB-95DE-9812EE42F882}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A7A2B1F8-5FC2-48D5-86B3-9B3B47FE507D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A8113341-9151-430F-A5AB-C3BEAADC3173}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A869AF50-B78E-437A-BF76-62E3EEEE4C48}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A8B34496-B62C-4ABF-B2D6-4B5162CABEDC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A8E610FC-ED6F-4306-9D37-67521D554662}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A9971C8C-FCB4-439B-BA61-DF57879B7463}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{A9C7AE72-4260-48FA-93DD-DD4D9A601EBD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AA3AAEC5-BEA4-4932-ADD5-9E1FEABBF8BE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AA65164C-67BA-4CD1-9973-749C2FFBEC12}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AB04498C-ECAC-4EF4-A4C7-D6878F65D7B8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AB0AB631-2F02-4AEE-92AB-CAFE7AFB03DD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AB85EFDB-A1C8-425E-B1D7-1A3E9DB75CE9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AD03CA33-0F89-48F4-A4BC-5C3E86AE364B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AD51D4F3-955C-42BD-8198-71FEA249D367}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{ADEBA2B6-4A8B-4934-80F8-417EB4C7C430}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AE2ED5C1-5F6C-49D2-853B-100A95EF0930}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AE612A59-1F87-4D99-97AB-AE0D8A8B2C12}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AE824F95-03B0-48FD-8A70-442C48274C4F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AEF03A84-4780-40AF-A802-E80BB208D24A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{AFDDD416-6F9A-4224-B252-A6FBAF980C87}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B0D2C3C5-C1DC-44AD-A87F-602261F56647}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B0D4A45B-072F-4D51-A7E1-7ABC43097A14}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2431322-625D-497C-84A4-9258EFD5BFF8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2717228-F3FA-49CB-887D-6E5EF6A322C7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B29C2DCF-FE3E-4DF7-A282-AA1693FDD266}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2BAB039-3E7A-4599-B940-E7CA648FACD4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2CF853C-E442-4B27-BF0D-04FE97056464}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2DD219E-9744-48BC-8CB0-949ACBD6C435}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2EC07AF-CE3E-400F-9876-3408F5035C65}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B2F572E1-A0F3-475C-A9F7-5774F7B65889}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B30BCD61-8F63-40A3-A9D5-0E029BCD46EC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B36F1962-CCB7-4D7D-B13A-FB13AB7E2AB6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B375EAAB-D7A0-4A93-898E-3BD73C06E344}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B3D9127B-E317-478E-9A64-D455B89E7FFD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B41C9C93-7E92-4C7A-9915-A7D9884C8C60}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B49542EE-ED6D-4EF0-B241-B5F35012C7E8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B4F58925-DF72-48B1-9516-4419F69459A5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B553C0A9-80CB-422E-B107-739571D11A68}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B5A86B83-133E-41BF-98C7-E8BD4D79281F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B617CB14-F776-4AFA-B830-0ECC5F8989BC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B61CF9F5-B398-4B3B-BE25-20AD67464B8A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B6CF4BBF-980E-4C70-97ED-359CF64A69F1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B76282A9-B0AF-4044-BD3F-8CD9FE55FC83}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B7D164D1-B320-4164-B689-6CBBBAD856D3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B8AEDF83-7EE9-4A9C-95FB-F5E42108A0C5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B8E0B8BB-301B-4095-8BEA-56E93ADF5550}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B8E2D615-B861-469A-B0A2-B49205AD6232}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B9335A49-CCD4-4C3B-944B-6E9595C427C0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{B93D408B-1CAB-494E-BDCA-C25BA1C0937D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BA6C5763-76BE-4B9D-81F9-2A0AF4A4FDF8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BA89C3CE-14A5-4AA2-B2C8-955C4F2B951A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BAE64349-8E1C-4331-9B7B-6ECB2CBD1729}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BAF80117-DDB0-43D8-A59F-656CD94E0ADF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BB1F4439-F53E-4B45-9C85-D6E5EE4C93E8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BB76B79F-1FC3-4021-A43E-FF9801942FBE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BB8BFF4F-6803-49E5-BB1A-FA7968A7FE8E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BC779EAA-8F7E-483E-9D18-5713106EA182}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BCA8F5DD-3F8E-4EB0-A511-D7D1863504BB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BCE2B4A0-C26E-4AEC-82BC-9449B14F3D78}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BCF4E29E-5FB5-451D-BE02-56C9EA91AC0C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BD6C6292-5464-4464-83FF-382979328BF6}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BD9C02FF-DF2B-4A6D-A6E3-0CBBDB111559}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BDE84F83-7350-452B-9519-3D08389395FA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BE4711A5-C4F8-439A-B34E-60BF2FDFC1F9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BE8C3C5F-73B5-4476-8E72-76C388CC55C5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BEDA1BED-A0A8-409C-8A30-BD4941E21EFD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BF601E7C-548D-40DA-8446-154756DF5024}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BF920F1E-08C3-4C31-BA38-75DF72D722F7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{BF943B0B-4DE7-49B4-B5BC-73D5A0812383}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C004536D-0F48-4750-A79C-D335998DAE39}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C05B83C9-0F00-4BE4-8481-723B75B10638}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C0F743EC-9031-45BF-991A-FA9611050DA5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C1F8FFD2-33A6-4863-99BE-49D0FFA9202E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C26BF1CF-C65D-4898-9492-3BE32FCA555F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C270558A-37B4-4E1B-A3E9-48741019A8E9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C2902D45-D13E-496E-81FE-EBE72B35CA98}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C2A3AADB-7BB6-4CE8-BF8B-3A243C8CEEE9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C38EA6B8-01FF-4E85-B995-9B738CCB8677}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C3F07004-8DAF-4E1A-BED5-74A4B6719512}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C4785231-8188-4C37-9D97-95A729B2468C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C4E684ED-8F59-4B37-8C45-EBB23062E5D7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C52BD7BF-3DF6-4725-A9A6-97F7C91EC82C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C58858DD-2D99-4415-9C01-E614524D2664}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C6296497-4439-43F9-9481-F80474831081}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C65B2566-A34F-4F43-96A6-3906036BBCB3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C65CE090-F426-4F35-BDA6-D05B57C0E727}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C68267A9-1AEC-424E-9A67-11A3AF1EB170}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C6926C4B-590B-4501-A584-36E5A63B28DE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C6FFD51A-CE51-4771-AD9B-7074FD5A08F7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7141693-1A40-4515-97F1-94587EE2373F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7874CE3-4443-4F70-B7A6-3D7F74849A3C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7989BC1-53CE-422A-90EB-6E05E3731D38}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7A3D162-8764-4DA1-AECB-BABDA1A015B9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7D7C174-87E6-49A0-9861-86D642831C70}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C7E3165C-08A0-4062-8D9F-B5C55F4C7B3A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C80621FE-FEA9-4D68-88CE-819DE931AC7D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C8065619-23C4-4446-B950-CA9162D54104}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C844187E-59C6-454D-A563-B812084657B1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C85B7647-4C1D-4160-A1D9-4B9014305AB2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C963F9D8-DF88-44DC-96F9-AD403DFF694E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{C98221CA-B015-4E55-9A3E-6A31E7E16BE7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CA768A58-D7C4-4A8D-89FB-B85C49345B0F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CA88F34F-9F37-4987-9FD9-195950ACC76D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CA9DE0AD-43EA-409C-94E8-F47BEC2B3494}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CB06A848-FA43-4B83-98C8-0E5CAD5DEF70}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CB2A71E7-65FB-4FBF-93FE-C3AEED221813}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CB5A4A7E-9D83-4C29-A513-D804099C91D8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CBDC070A-EA02-44DA-9A0C-7EBE80CFA261}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CD363335-7858-4D1F-989E-C2E9E721102B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CDC3E5C5-DE2A-460C-8C2B-A38A752C47E0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CE1B7B00-4B45-40E0-819E-FDF010BC3949}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CE9D22C0-48EB-4F84-946A-7C8FC8F9BFA9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CEA592C1-E26B-4216-99AA-059A82A15CDC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{CF32EB01-07E2-4A73-8D10-0D6C82D3E1CD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D03654FD-D163-4C02-A417-F514220FAFD1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D07D86A8-A20C-47E8-9045-17A58588AFAD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D0F58798-D27A-4E6A-9B22-EFF9A6DA2ABE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D114A7C9-4D06-4B31-8A78-A21C5BD266FB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D20BF1D7-7159-4C8D-BDEE-28E206126AE8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D2258E63-E77D-40CA-AFF4-45046BC0EC4B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D25CBC76-88F5-4F94-B60E-6DCA8C8FB88D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D2DCE3BF-55A3-460F-95CA-91FA32C2A6F2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D305E9FA-1680-44D0-B4A4-91E79BF6A502}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D32E73F9-164A-492A-8ABF-46479ED10508}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D4133B67-F309-4F0B-8E3C-0EC009A3A115}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D41E4132-E2EF-480F-8E77-8576FFEB387D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D4371291-9ED3-451F-A826-9B8F40EED23C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D48C0A21-0C3E-47E5-8FDB-CBEE8D5CEEC9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D4C4DFE7-F6C6-4947-9848-8685E84102A3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D56FD96C-0539-4CC2-BE82-1E7C57B5B607}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D5A2A205-EDB3-4758-8F09-59FADBF5A0CD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D5A2E7B7-24AB-4ADA-B134-17846686E7E7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D5A87AF8-0F6E-491D-B061-40C5DAE6A2A9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D5E05E70-7F38-4FD7-B612-0CCD2D8A6232}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D6447622-16B8-4A23-8042-44D92489FB12}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D645EFBF-5E57-4E9E-915B-D9EF2BA3DE9A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D700F990-AC0A-455F-9B5A-F928513DBF11}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D72ACCBD-36F5-4705-BE89-5886CF6E7441}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D791E100-A951-4D78-B6E3-768211729F0D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D7FD0D17-BCB6-45F7-AA8F-DBEB43A68965}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D7FF3495-DE65-43DE-AB13-4C6A7C6C5BE1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D80E9F75-10DB-4C48-8660-2490D55D1C27}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D941100F-B582-485C-BFA2-76462489D23A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D9F74CC1-6675-452E-AEF5-34E840F9159A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{D9F8B07E-9B7B-4230-81B1-934BAF947136}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DA2822CD-6B0F-4350-9A71-43BAC0FC5562}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DA55FF90-8CAF-4334-A4B8-4B3FBF11793C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DA6070DB-DD9A-495C-B96C-5583D0E0EB0D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DA6549DC-6F2E-434B-A983-9FA8139A42F1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DB3F0163-9C0F-427B-8CF8-D9C20501A5FE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DC41414F-A651-4FAF-8CE4-78C59212A6C3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DC9FC6C4-38E9-42D7-93DC-A2560D1FACDD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DCC78E8B-7DC3-441A-B13C-AB164A1F4163}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DD14A8FA-7DD9-434B-9B15-1D2465817EC9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DD5260A0-FD54-40E2-84DF-AC38E483E12E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DD57D282-B297-40D2-935B-C5AC2BF18994}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DE0ACAFE-DFAE-44D1-A8EC-FA2DA1AAE7D2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DEC1E18C-31AB-4C92-8481-BB7AC8D3050F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DF230B03-7C3C-47BC-A6C4-766103AFF303}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DF7C819A-A6C9-46A5-B36C-FAEDF2084FC7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{DF8143E1-DCB7-43D0-B21E-05D80A2E1232}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E19C40BE-4CAD-4806-BC9D-592E197649D5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E1ABA728-C881-4C35-BD55-D4DE4E5BD63E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E1BC9A35-BF1B-447A-BDEC-4BE4116BE69E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E21CDDC1-994D-4163-BB8E-DA832A044D6E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E2366277-DBBD-4DE1-809A-BDDD54778624}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E25C98FB-8BAA-4767-9C9F-B35C842270D0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E2CDE4A2-3F20-4B90-B967-69A9E109AAEF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E30B12DD-645A-4D1D-8F11-A3BDE53948EE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E3A6201A-A18F-4437-B5C9-2D3F2BA6ACA4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E3B7247C-B5E5-409D-B3D4-5EB4FF044A68}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E44E602E-EED7-4C6A-92C1-5DD49F882485}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E585CC77-A9B1-492F-9054-E1D8AF998E66}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E5899508-5B6A-441D-BA97-CB60E774DA3E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E597655C-D13B-4E61-819F-66900DCFEC4B}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E5CF1D30-0F2A-4323-9F54-EE9912E2DA49}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E5D6D24C-6225-4C99-9A5C-E8D22AC7319D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E622C403-A842-4934-955D-3E67DFB08864}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E69950F8-CE76-4254-80A6-65FE1E3455FB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E6D10605-EF91-4927-A746-6344960ADB73}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E6E34437-01BC-4135-8F09-DE8149FA32AB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E8363D44-FBB5-454B-A595-7FA8749B3790}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E90843D9-7E0D-4757-9555-AC37F228451C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{E97F2785-FFD7-4D46-8059-9AD508E1EDAC}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA205228-5853-4B5D-9BE1-0399F662D665}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA4140DE-8067-4D90-8EC9-28BE5A243564}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA5B2C98-F40E-4453-B8B9-DFB7E8BE421E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA7488FE-9E38-437F-8549-848AA1E9C4C0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EA7BC9C4-86DD-4D95-BD91-1A8D15DAAC7C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EAB583AB-7640-4389-A670-7918950FE558}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EB93A933-396E-4597-B6D0-ECE9C6CA50BB}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EBF15F71-BB7E-43B6-87FA-C656A303DE7A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EC0E3403-124E-4565-AB67-8FF953E05199}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EC943DDA-BFD0-44C0-B48F-4D0DD429776D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{ED1D5E91-6382-4139-B63C-767B63BA5443}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EE5E8F1F-61E6-488C-B976-0EF2FD2DB0B1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EE7E15DB-72C0-4568-AF82-C713D112F6D7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EE7E74B4-AD1A-4714-A5F5-70F44166C8E2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EE9C7F37-D706-4BC0-AD86-FAC74DF05C18}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EEE80F47-5A78-456C-8ABE-E66D232B338E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{EF8DAD79-EBA3-4117-8F0B-258DCB872081}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F0274F39-F917-4519-956A-C971B09C4FFE}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F0B62E2E-E940-43C2-8F55-870DFEADCCE9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F0E7019C-F36D-4302-A50B-BD049BB391E7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F1163A8B-7222-44AD-8B49-89EA0B1FA502}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F169A3B3-CB29-41C4-8CCA-BEE493D57A8C}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F1CF0B04-39A2-40F1-8003-EE0B38213B62}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F1E3F15E-9262-4D0F-92C9-A50C70E4A809}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F1E571CB-3D82-4EB7-9DD7-E78499F20200}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F21D63E6-605C-4891-8F28-47E85B08FEB1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F2CDCC86-E348-49A4-823B-0A1317610497}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F2CFEF96-E699-4340-8622-6468C63BA29D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F3A177F7-039F-45A0-A733-98A75BA1C4A4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F3C49E89-CB43-4AF1-AFB2-1414C43A53D2}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F4286779-9D51-431A-A5EE-DC0373A59D41}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F44A7C2C-C1D8-4F16-8EA5-E51611C35FDD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F4F2EF79-B188-4365-8795-A0281992330A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F53E94A2-2F1A-46B3-B5C1-1599958461E8}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F53F6D25-D180-4E9C-9DFF-B42512F950DA}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F55CE0AE-90A8-43AD-90BA-81AA58E62B2F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F584795F-3859-40D2-B5F7-6605DCACB8F0}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F58D6EA7-180D-4F2A-8386-26A37B79A184}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F5C4B6ED-CC20-4DA8-A43A-321326A3B6E1}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F69D71A9-EC5C-49CA-AB51-B170C5EDAD3E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F6D57397-8F07-431B-9E51-CB5C28CE2BB7}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F6F58FA8-F400-45E7-80F7-324FF9AE2025}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F70891C7-D857-4A58-BBB7-DB1C4BEB5E5A}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F71BB0DE-1B55-4FE9-9580-D1142A2F5AA9}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F784DA2F-4FB0-40D6-8100-051C2CAA2761}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F83AE19C-3DBA-4C04-A05E-8AFC6C27B0B5}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F871AD50-1CA6-431A-B0D8-ECEA9627BCA4}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F8D2E47E-1FFB-4D4D-BA68-C9195F23251D}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F99074F9-2FAB-4D4F-8C29-C355B6BE53BD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{F9F0A2BC-6593-4FE7-935B-AD867680F53F}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FA1DCBA3-891D-4479-B233-BF61BDD11E01}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FA50024A-1178-4A79-9CDE-C4239B3CC69E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FA73E340-DC61-4F08-B6FB-4D213C3E30FF}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FAF1EF35-E21B-4525-B45D-BF1EE8303B5E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FB894500-2570-4C36-8A2D-1A2323467BCD}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FBE1E6B8-AA2E-428B-A2FB-386888D56C34}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FEAF57C4-D767-4628-AB98-1BE3D44158F3}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FECDC011-22FC-4F04-9F3E-91D84968FA7E}
Successfully deleted: [Empty Folder] C:\Users\Anja\appdata\local\{FFD961DE-BF30-4A90-9554-B5ED09E84B85}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Anja\appdata\local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.11.2013 at 20:00:06,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Logdatei von MBAM

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anja :: ANJA-HP [Administrator]

13.11.2013 20:09:13
mbam-log-2013-11-13 (20-09-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228442
Laufzeit: 15 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Anja\Downloads\petz_5_full_version_free_downloader_de_99028.exe (PUP.Optional.GoForFiles.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 14.11.2013, 16:12   #7
M-K-D-B
/// TB-Ausbilder
 
Avira hat Trojaner tr/mediyes.gen gefunden - Standard

Avira hat Trojaner tr/mediyes.gen gefunden



Servus,



Wir spüren die letzten Reste auf, damit wir sie später entfernen können:





Schritt 1
Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.





Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *Babylon*
    *clsoft ltd*
    *ICQToolbar*
    *RightClick*
    *Media Finder*
    *ICQ6Toolbar*
    *MagniPic*
    *yourfiledownloader*
    *Ilivid*
    *OpenCandy*
    *facemoods*
    *privitize*
    *Searchqu*
    *Softonic*
    *DataMngr*
    
    :folderfind
    *Babylon*
    *clsoft ltd*
    *ICQToolbar*
    *RightClick*
    *Media Finder*
    *ICQ6Toolbar*
    *MagniPic*
    *yourfiledownloader*
    *Ilivid*
    *OpenCandy*
    *facemoods*
    *privitize*
    *Searchqu*
    *Softonic*
    *DataMngr*
    
    :regfind
    Babylon
    clsoft ltd
    ICQToolbar
    RightClick
    Media Finder
    ICQ6Toolbar
    MagniPic
    yourfiledownloader
    Ilivid
    OpenCandy
    facemoods
    privitize
    Searchqu
    Softonic
    DataMngr
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.








Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von FRST,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Fragen.

Alt 16.11.2013, 09:36   #8
Amalia2110
 
Avira hat Trojaner tr/mediyes.gen gefunden - Standard

Avira hat Trojaner tr/mediyes.gen gefunden



FRST-Dateien


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Anja (administrator) on ANJA-HP on 15-11-2013 22:08:46
Running from C:\Users\Anja\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\windows\system32\atibtmon.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-10] (Google Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6588144 2013-10-02] (SUPERAntiSpyware)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
MountPoints2: G - G:\Start.exe
MountPoints2: I - I:\StartVMCLite.exe
MountPoints2: K - K:\StartVMCLite.exe
MountPoints2: {180be4f9-b3b5-11e0-bd63-e02a823e4d52} - D:\Autorun.exe
MountPoints2: {222fe124-e847-11e0-91b6-e02a8249b4ae} - I:\StartVMCLite.exe
MountPoints2: {222fe126-e847-11e0-91b6-e02a8249b4ae} - I:\StartVMCLite.exe
MountPoints2: {222fe14e-e847-11e0-91b6-e02a8249b4ae} - I:\StartVMCLite.exe
MountPoints2: {222fe150-e847-11e0-91b6-e02a8249b4ae} - K:\StartVMCLite.exe
MountPoints2: {427208f8-cd8c-11e0-b1f0-e02a823e4d52} - J:\StartVMCLite.exe
MountPoints2: {427208fb-cd8c-11e0-b1f0-e02a823e4d52} - I:\StartVMCLite.exe
MountPoints2: {58d8cf7d-a63b-11e0-9b6b-e02a8249b4ae} - D:\StartVMCLite.exe
MountPoints2: {58d8cf7f-a63b-11e0-9b6b-e02a8249b4ae} - J:\StartVMCLite.exe
MountPoints2: {58d8d13c-a63b-11e0-9b6b-e02a8249b4ae} - E:\Autorun.exe
MountPoints2: {6ba11c07-a93b-11e0-b5b3-e02a823e4d52} - D:\StartVMCLite.exe
MountPoints2: {6ba11c09-a93b-11e0-b5b3-e02a823e4d52} - I:\StartVMCLite.exe
MountPoints2: {7041cde0-7a92-11e1-92b0-6431506b3c61} - H:\pbsstart.exe
MountPoints2: {7e0b703e-e902-11e0-919e-e02a8249b4ae} - I:\StartVMCLite.exe
MountPoints2: {7e0b7040-e902-11e0-919e-e02a8249b4ae} - I:\StartVMCLite.exe
MountPoints2: {affefa94-300c-11e2-985a-e02a8249b4ae} - I:\Windows\StartInstall.exe
MountPoints2: {e2475866-a18a-11e0-991f-e02a8249b4ae} - D:\StartVMCLite.exe
MountPoints2: {e2475870-a18a-11e0-991f-e02a8249b4ae} - D:\StartVMCLite.exe
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-04] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\Gast\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Gast\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\Gast\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\Gast\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
AppInit_DLLs:    [0 ] ()
Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {88E53329-7746-4236-941E-982AD23A3C71} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100908183258.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} -  No File
Handler-x32: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: https://www.google.de/
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Anja\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Anja\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\searchplugins\privitize.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox
FF Extension: No Name - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: No Name - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome: 
=======
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Safe Money) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Virtual Keyboard) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0
CHR Extension: (Anti-Banner) - C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Anja\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-04] (Kaspersky Lab ZAO)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-02-04] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2010-02-08] (McAfee, Inc.)
R2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [282824 2010-02-17] (McAfee, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2012-01-18] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-01-04] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2013-01-04] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2013-01-04] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2013-01-04] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121760 2010-02-08] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-02-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [527592 2010-02-08] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94224 2010-02-08] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [280008 2010-02-08] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12400 2012-04-30] (Macrovision Europe Ltd)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-08-13] (Kaspersky Lab)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-15 22:08 - 2013-11-15 22:11 - 00020715 _____ C:\Users\Anja\Downloads\FRST.txt
2013-11-15 22:03 - 2013-11-15 22:04 - 01957794 _____ (Farbar) C:\Users\Anja\Downloads\FRST64.exe
2013-11-15 19:51 - 2013-11-15 19:51 - 00015581 _____ C:\Users\Anja\Desktop\Nachtrag.ods
2013-11-15 15:43 - 2013-11-15 15:43 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-11-15 15:40 - 2013-11-15 15:40 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Jahreszeiten.lnk
2013-11-15 15:32 - 2013-11-15 15:32 - 00003046 _____ C:\windows\System32\Tasks\{755B076A-C28C-4BE3-A000-452A4D9791AA}
2013-11-15 14:44 - 2013-11-15 14:44 - 00002282 _____ C:\Users\Public\Desktop\Die Sims™ 3 Diesel Accessoires.lnk
2013-11-15 14:01 - 2013-11-15 14:01 - 00002292 _____ C:\Users\Public\Desktop\Die Sims™ 3 Gib Gas-Accessoires.lnk
2013-11-15 13:54 - 2013-11-15 13:54 - 00002256 _____ C:\Users\Public\Desktop\Die Sims™ 3 Luxus-Accessoires.lnk
2013-11-15 13:38 - 2013-11-15 13:38 - 00002346 _____ C:\Users\Public\Desktop\Die Sims™ 3 Design-Garten-Accessoires.lnk
2013-11-15 13:27 - 2013-11-15 13:27 - 00002318 _____ C:\Users\Public\Desktop\Die Sims™ 3 Traumsuite-Accessoires.lnk
2013-11-15 13:14 - 2013-11-15 13:14 - 00002274 _____ C:\Users\Public\Desktop\Die Sims™ 3 Stadt-Accessoires.lnk
2013-11-15 13:05 - 2013-11-15 13:05 - 00002246 _____ C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
2013-11-15 12:46 - 2013-11-15 12:46 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Lebensfreude.lnk
2013-11-15 12:29 - 2013-11-15 12:29 - 00002264 _____ C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk
2013-11-14 22:10 - 2013-11-14 22:10 - 00002192 _____ C:\Users\Public\Desktop\Die Sims™ 3 Showtime.lnk
2013-11-14 21:25 - 2013-11-14 21:25 - 00002210 _____ C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk
2013-11-14 21:00 - 2013-11-14 21:00 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
2013-11-14 20:29 - 2013-11-14 20:29 - 00002086 _____ C:\Users\Public\Desktop\Die*Sims™*3.lnk
2013-11-13 20:06 - 2013-11-13 20:06 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Malwarebytes
2013-11-13 20:05 - 2013-11-13 20:05 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-13 20:05 - 2013-11-13 20:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 20:05 - 2013-11-13 20:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 20:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-13 20:04 - 2013-11-13 20:04 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anja\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-13 20:00 - 2013-11-13 20:00 - 00075181 _____ C:\Users\Anja\Desktop\JRT.txt
2013-11-13 19:45 - 2013-11-13 19:45 - 00000000 ____D C:\windows\ERUNT
2013-11-13 19:43 - 2013-11-13 19:43 - 01034531 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe
2013-11-13 19:16 - 2013-11-13 19:21 - 00000000 ____D C:\AdwCleaner
2013-11-13 19:15 - 2013-11-13 19:16 - 01085542 _____ C:\Users\Anja\Desktop\adwcleaner.exe
2013-11-13 19:11 - 2013-11-13 19:12 - 00001069 _____ C:\Users\Anja\Desktop\SRWare Iron.lnk
2013-11-13 19:11 - 2013-11-13 19:11 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2013-11-13 18:56 - 2013-11-13 18:56 - 00000000 ____D C:\_OTL
2013-11-13 18:51 - 2013-11-13 18:51 - 00001004 _____ C:\Users\Public\Desktop\SRWare Iron.lnk
2013-11-13 18:51 - 2013-11-13 18:51 - 00000000 ____D C:\Users\Anja\AppData\Local\Chromium
2013-11-13 18:51 - 2013-11-13 18:51 - 00000000 ____D C:\Program Files (x86)\SRWare Iron
2013-11-13 18:50 - 2013-11-13 18:50 - 30706620 _____ (SRWare                                                      ) C:\Users\Anja\Downloads\srware_iron.exe
2013-11-13 18:47 - 2013-11-13 18:47 - 00000966 _____ C:\Users\Anja\Desktop\Continue Zip Extractor Installation.lnk
2013-11-13 18:32 - 2013-11-13 18:32 - 00000000 ____D C:\Users\Anja\AppData\Roaming\TP
2013-11-13 12:59 - 2013-11-13 12:59 - 00100712 _____ C:\Users\Anja\Desktop\Extras.Txt
2013-11-13 12:56 - 2013-11-13 12:56 - 00194440 _____ C:\Users\Anja\Desktop\OTL.Txt
2013-11-11 18:27 - 2013-11-11 18:27 - 00602112 _____ (OldTimer Tools) C:\Users\Anja\Desktop\OTL.exe
2013-11-11 17:03 - 2013-11-13 18:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 16:32 - 2013-11-11 16:32 - 00001362 _____ C:\Users\Anja\Desktop\quarantaene.txt
2013-10-29 22:21 - 2013-10-29 21:28 - 00032697 _____ C:\Users\Anja\Desktop\FRST_29-10-2013_21-28-06.txt
2013-10-29 22:21 - 2013-10-29 21:28 - 00029935 _____ C:\Users\Anja\Desktop\Addition.txt
2013-10-29 22:15 - 2013-10-29 22:15 - 00001202 _____ C:\Users\Anja\Desktop\Gmer.txt
2013-10-29 21:39 - 2013-10-29 21:40 - 00377856 _____ C:\Users\Anja\Downloads\gmer_2.1.19163.exe
2013-10-29 21:25 - 2013-10-29 21:28 - 00030958 _____ C:\Users\Anja\Downloads\Addition.txt
2013-10-29 21:17 - 2013-10-29 21:17 - 00000000 ____D C:\FRST
2013-10-29 21:12 - 2013-10-29 21:12 - 00000540 _____ C:\Users\Anja\Downloads\defogger_disable.log
2013-10-29 21:12 - 2013-10-29 21:12 - 00000168 ____C C:\Users\Anja\defogger_reenable
2013-10-29 21:09 - 2013-10-29 21:12 - 00050477 _____ C:\Users\Anja\Downloads\Defogger.exe
2013-10-29 20:28 - 2013-10-29 20:28 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Avira
2013-10-29 20:21 - 2013-10-29 20:21 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-29 20:20 - 2013-10-29 20:20 - 00000000 ____D C:\ProgramData\Avira
2013-10-29 20:20 - 2013-10-29 20:20 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-29 20:20 - 2013-10-10 19:14 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-10-29 20:20 - 2013-10-10 19:14 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-10-29 20:20 - 2013-10-10 19:14 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-10-29 20:20 - 2013-10-10 19:14 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-10-29 20:16 - 2013-10-29 20:16 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-29 20:16 - 2013-10-29 20:16 - 00000000 ____D C:\Users\Anja\AppData\Roaming\SUPERAntiSpyware.com
2013-10-29 20:15 - 2013-10-29 20:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-29 20:15 - 2013-10-29 20:15 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-29 20:09 - 2013-10-29 20:09 - 27866848 _____ (SUPERAntiSpyware) C:\Users\Anja\Downloads\SUPERAntiSpyware.exe
2013-10-29 20:08 - 2013-10-29 20:09 - 123853152 _____ C:\Users\Anja\Downloads\avira_free_antivirus_de.exe
2013-10-19 17:26 - 2013-10-19 19:20 - 00000000 ____D C:\Users\Anja\Desktop\19.10.2013

==================== One Month Modified Files and Folders =======

2013-11-15 22:11 - 2013-11-15 22:08 - 00020715 _____ C:\Users\Anja\Downloads\FRST.txt
2013-11-15 22:08 - 2013-03-09 13:11 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-15 22:04 - 2013-11-15 22:03 - 01957794 _____ (Farbar) C:\Users\Anja\Downloads\FRST64.exe
2013-11-15 22:01 - 2012-03-18 17:42 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 22:00 - 2011-10-10 18:52 - 00001116 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001UA.job
2013-11-15 22:00 - 2011-10-10 18:52 - 00001064 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001Core.job
2013-11-15 21:55 - 2010-11-30 07:36 - 02014866 _____ C:\windows\WindowsUpdate.log
2013-11-15 21:54 - 2009-07-14 05:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 21:54 - 2009-07-14 05:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 21:47 - 2012-05-07 11:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-15 21:44 - 2012-03-18 17:42 - 00001102 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-15 21:43 - 2013-04-04 12:35 - 00036261 _____ C:\windows\setupact.log
2013-11-15 21:43 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-15 19:51 - 2013-11-15 19:51 - 00015581 _____ C:\Users\Anja\Desktop\Nachtrag.ods
2013-11-15 19:34 - 2011-07-04 20:17 - 00000000 ____D C:\Users\Anja\AppData\Roaming\uTorrent
2013-11-15 19:28 - 2011-07-04 20:22 - 00000000 ____D C:\Users\Anja\Downloads\The Sims 2 Seasons
2013-11-15 19:03 - 2013-04-05 19:23 - 00187178 _____ C:\windows\PFRO.log
2013-11-15 15:49 - 2013-04-18 17:10 - 00000000 ____D C:\Users\Anja\Documents\Electronic Arts
2013-11-15 15:47 - 2011-08-13 12:02 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Origin
2013-11-15 15:47 - 2011-08-13 11:59 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-15 15:43 - 2013-11-15 15:43 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2013-11-15 15:43 - 2013-06-21 21:35 - 00001092 _____ C:\windows\KB893803v2.log
2013-11-15 15:43 - 2011-08-13 12:00 - 00000000 ____D C:\ProgramData\Origin
2013-11-15 15:40 - 2013-11-15 15:40 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Jahreszeiten.lnk
2013-11-15 15:37 - 2011-07-08 09:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-11-15 15:37 - 2010-09-09 01:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-15 15:32 - 2013-11-15 15:32 - 00003046 _____ C:\windows\System32\Tasks\{755B076A-C28C-4BE3-A000-452A4D9791AA}
2013-11-15 14:44 - 2013-11-15 14:44 - 00002282 _____ C:\Users\Public\Desktop\Die Sims™ 3 Diesel Accessoires.lnk
2013-11-15 14:01 - 2013-11-15 14:01 - 00002292 _____ C:\Users\Public\Desktop\Die Sims™ 3 Gib Gas-Accessoires.lnk
2013-11-15 13:54 - 2013-11-15 13:54 - 00002256 _____ C:\Users\Public\Desktop\Die Sims™ 3 Luxus-Accessoires.lnk
2013-11-15 13:38 - 2013-11-15 13:38 - 00002346 _____ C:\Users\Public\Desktop\Die Sims™ 3 Design-Garten-Accessoires.lnk
2013-11-15 13:27 - 2013-11-15 13:27 - 00002318 _____ C:\Users\Public\Desktop\Die Sims™ 3 Traumsuite-Accessoires.lnk
2013-11-15 13:14 - 2013-11-15 13:14 - 00002274 _____ C:\Users\Public\Desktop\Die Sims™ 3 Stadt-Accessoires.lnk
2013-11-15 13:05 - 2013-11-15 13:05 - 00002246 _____ C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk
2013-11-15 12:46 - 2013-11-15 12:46 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Lebensfreude.lnk
2013-11-15 12:29 - 2013-11-15 12:29 - 00002264 _____ C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk
2013-11-14 22:10 - 2013-11-14 22:10 - 00002192 _____ C:\Users\Public\Desktop\Die Sims™ 3 Showtime.lnk
2013-11-14 21:25 - 2013-11-14 21:25 - 00002210 _____ C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk
2013-11-14 21:00 - 2013-11-14 21:00 - 00002228 _____ C:\Users\Public\Desktop\Die Sims™ 3 Reiseabenteuer.lnk
2013-11-14 20:29 - 2013-11-14 20:29 - 00002086 _____ C:\Users\Public\Desktop\Die*Sims™*3.lnk
2013-11-13 20:06 - 2013-11-13 20:06 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Malwarebytes
2013-11-13 20:05 - 2013-11-13 20:05 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-13 20:05 - 2013-11-13 20:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 20:05 - 2013-11-13 20:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-13 20:04 - 2013-11-13 20:04 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Anja\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-13 20:00 - 2013-11-13 20:00 - 00075181 _____ C:\Users\Anja\Desktop\JRT.txt
2013-11-13 19:45 - 2013-11-13 19:45 - 00000000 ____D C:\windows\ERUNT
2013-11-13 19:43 - 2013-11-13 19:43 - 01034531 _____ (Thisisu) C:\Users\Anja\Desktop\JRT.exe
2013-11-13 19:21 - 2013-11-13 19:16 - 00000000 ____D C:\AdwCleaner
2013-11-13 19:21 - 2011-06-30 19:28 - 00000000 ____D C:\ProgramData\ICQ
2013-11-13 19:16 - 2013-11-13 19:15 - 01085542 _____ C:\Users\Anja\Desktop\adwcleaner.exe
2013-11-13 19:12 - 2013-11-13 19:11 - 00001069 _____ C:\Users\Anja\Desktop\SRWare Iron.lnk
2013-11-13 19:11 - 2013-11-13 19:11 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2013-11-13 18:56 - 2013-11-13 18:56 - 00000000 ____D C:\_OTL
2013-11-13 18:51 - 2013-11-13 18:51 - 00001004 _____ C:\Users\Public\Desktop\SRWare Iron.lnk
2013-11-13 18:51 - 2013-11-13 18:51 - 00000000 ____D C:\Users\Anja\AppData\Local\Chromium
2013-11-13 18:51 - 2013-11-13 18:51 - 00000000 ____D C:\Program Files (x86)\SRWare Iron
2013-11-13 18:50 - 2013-11-13 18:50 - 30706620 _____ (SRWare                                                      ) C:\Users\Anja\Downloads\srware_iron.exe
2013-11-13 18:47 - 2013-11-13 18:47 - 00000966 _____ C:\Users\Anja\Desktop\Continue Zip Extractor Installation.lnk
2013-11-13 18:32 - 2013-11-13 18:32 - 00000000 ____D C:\Users\Anja\AppData\Roaming\TP
2013-11-13 18:24 - 2013-11-11 17:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 12:59 - 2013-11-13 12:59 - 00100712 _____ C:\Users\Anja\Desktop\Extras.Txt
2013-11-13 12:56 - 2013-11-13 12:56 - 00194440 _____ C:\Users\Anja\Desktop\OTL.Txt
2013-11-13 11:58 - 2013-06-05 22:53 - 00000328 _____ C:\windows\Tasks\HPCeeScheduleForAnja.job
2013-11-11 18:32 - 2013-06-05 22:53 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForAnja
2013-11-11 18:27 - 2013-11-11 18:27 - 00602112 _____ (OldTimer Tools) C:\Users\Anja\Desktop\OTL.exe
2013-11-11 16:32 - 2013-11-11 16:32 - 00001362 _____ C:\Users\Anja\Desktop\quarantaene.txt
2013-11-11 16:19 - 2010-09-09 01:21 - 00666762 _____ C:\windows\system32\perfh007.dat
2013-11-11 16:19 - 2010-09-09 01:21 - 00135658 _____ C:\windows\system32\perfc007.dat
2013-11-11 16:19 - 2009-07-14 06:13 - 01527550 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-29 22:15 - 2013-10-29 22:15 - 00001202 _____ C:\Users\Anja\Desktop\Gmer.txt
2013-10-29 21:40 - 2013-10-29 21:39 - 00377856 _____ C:\Users\Anja\Downloads\gmer_2.1.19163.exe
2013-10-29 21:28 - 2013-10-29 22:21 - 00032697 _____ C:\Users\Anja\Desktop\FRST_29-10-2013_21-28-06.txt
2013-10-29 21:28 - 2013-10-29 22:21 - 00029935 _____ C:\Users\Anja\Desktop\Addition.txt
2013-10-29 21:28 - 2013-10-29 21:25 - 00030958 _____ C:\Users\Anja\Downloads\Addition.txt
2013-10-29 21:17 - 2013-10-29 21:17 - 00000000 ____D C:\FRST
2013-10-29 21:12 - 2013-10-29 21:12 - 00000540 _____ C:\Users\Anja\Downloads\defogger_disable.log
2013-10-29 21:12 - 2013-10-29 21:12 - 00000168 ____C C:\Users\Anja\defogger_reenable
2013-10-29 21:12 - 2013-10-29 21:09 - 00050477 _____ C:\Users\Anja\Downloads\Defogger.exe
2013-10-29 21:12 - 2011-06-28 14:38 - 00000000 ___DC C:\Users\Anja
2013-10-29 20:39 - 2013-10-29 20:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-29 20:29 - 2009-07-14 06:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-29 20:28 - 2013-10-29 20:28 - 00000000 ____D C:\Users\Anja\AppData\Roaming\Avira
2013-10-29 20:21 - 2013-10-29 20:21 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-29 20:20 - 2013-10-29 20:20 - 00000000 ____D C:\ProgramData\Avira
2013-10-29 20:20 - 2013-10-29 20:20 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-29 20:16 - 2013-10-29 20:16 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-29 20:16 - 2013-10-29 20:16 - 00000000 ____D C:\Users\Anja\AppData\Roaming\SUPERAntiSpyware.com
2013-10-29 20:15 - 2013-10-29 20:15 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-29 20:09 - 2013-10-29 20:09 - 27866848 _____ (SUPERAntiSpyware) C:\Users\Anja\Downloads\SUPERAntiSpyware.exe
2013-10-29 20:09 - 2013-10-29 20:08 - 123853152 _____ C:\Users\Anja\Downloads\avira_free_antivirus_de.exe
2013-10-19 19:20 - 2013-10-19 17:26 - 00000000 ____D C:\Users\Anja\Desktop\19.10.2013
2013-10-19 10:56 - 2012-03-18 17:42 - 00004102 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-19 10:56 - 2012-03-18 17:42 - 00003850 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Anja\AppData\Local\Temp\avgnt.exe
C:\Users\Anja\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-13 12:51

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by Anja at 2013-11-15 22:12:48
Running from C:\Users\Anja\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: McAfee® Total Protection™ Service (Disabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee® Total Protection™ Service (Disabled - Out of date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee® Total Protection™ Service (Disabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.0.0)
Adobe Acrobat 5.0 (x32 Version: 5.0)
Adobe AIR (x32 Version: 2.7.0.19530)
Adobe Download Assistant (x32 Version: 1.0.2)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
AION Free-to-Play (x32)
Application Profiles (x32 Version: 2.0.4182.33919)
ATI Catalyst Install Manager (Version: 3.0.778.0)
Avira Free Antivirus (x32 Version: 14.0.0.411)
Bing Bar Platform (x32 Version: 6.0.2237.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Broadcom 2070 Bluetooth 3.0 (Version: 6.3.0.6300)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center InstallProxy (x32 Version: 2010.0805.358.5180)
Catalyst Control Center Localization All (x32 Version: 2010.0805.358.5180)
CCC Help Chinese Standard (x32 Version: 2010.0805.0357.5180)
CCC Help Chinese Traditional (x32 Version: 2010.0805.0357.5180)
CCC Help Czech (x32 Version: 2010.0805.0357.5180)
CCC Help Danish (x32 Version: 2010.0805.0357.5180)
CCC Help Dutch (x32 Version: 2010.0805.0357.5180)
CCC Help English (x32 Version: 2010.0805.0357.5180)
CCC Help Finnish (x32 Version: 2010.0805.0357.5180)
CCC Help French (x32 Version: 2010.0805.0357.5180)
CCC Help German (x32 Version: 2010.0805.0357.5180)
CCC Help Greek (x32 Version: 2010.0805.0357.5180)
CCC Help Hungarian (x32 Version: 2010.0805.0357.5180)
CCC Help Italian (x32 Version: 2010.0805.0357.5180)
CCC Help Japanese (x32 Version: 2010.0805.0357.5180)
CCC Help Korean (x32 Version: 2010.0805.0357.5180)
CCC Help Norwegian (x32 Version: 2010.0805.0357.5180)
CCC Help Polish (x32 Version: 2010.0805.0357.5180)
CCC Help Portuguese (x32 Version: 2010.0805.0357.5180)
CCC Help Russian (x32 Version: 2010.0805.0357.5180)
CCC Help Spanish (x32 Version: 2010.0805.0357.5180)
CCC Help Swedish (x32 Version: 2010.0805.0357.5180)
CCC Help Thai (x32 Version: 2010.0805.0357.5180)
CCC Help Turkish (x32 Version: 2010.0805.0357.5180)
ccc-core-static (x32 Version: 2010.0805.358.5180)
ccc-utility64 (Version: 2010.0805.358.5180)
Corel Home Office - CS Templates (x32 Version: 5.6.5)
Corel Home Office - CT Templates (x32 Version: 5.6.5)
Corel Home Office - IPM (x32 Version: 5.6.5)
Corel Home Office - JP Templates (x32 Version: 5.6.5)
Corel Home Office - KR Templates (x32 Version: 5.6.5)
Corel Home Office - Launcher (x32 Version: 5.6.5)
Corel Home Office - Templates RU (x32 Version: 5.6.5)
Corel Home Office - Templates1 (x32 Version: 5.6.5)
Corel Home Office (x32 Version: 5.0.87.621)
Corel Home Office (x32 Version: 5.6.5)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.40.2.0131)
Die Sims - Hokus Pokus (x32)
Die Sims 2 (x32)
Die Sims 2: Family Fun - Accessoires (x32)
Die Sims 2: Nightlife (x32)
Die Sims 2: Open For Business (x32)
Die Sims 2: Wilde Campus-Jahre (x32)
Die Sims™ 2 Apartment-Leben (x32)
Die Sims™ 2 Freizeit-Spaß (x32)
Die Sims™ 2 Gute Reise (x32)
Die Sims™ 2 H&M®-Fashion-Accessoires (x32)
Die Sims™ 2 Haustiere (x32)
Die Sims™ 2 IKEA® Home-Accessoires (x32)
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (x32)
Die Sims™ 2 Party-Accessoires (x32)
Die Sims™ 2 Teen Style-Accessoires (x32)
Die Sims™ 2: Glamour-Accessoires (x32)
Die Sims™ 3 (x32 Version: 1.42.130)
Die Sims™ 3 Design-Garten-Accessoires (x32 Version: 7.0.55)
Die Sims™ 3 Diesel Accessoires (x32 Version: 14.0.48)
Die Sims™ 3 Einfach tierisch (x32 Version: 10.0.96)
Die Sims™ 3 Gib Gas-Accessoires (x32 Version: 5.0.44)
Die Sims™ 3 Jahreszeiten (x32 Version: 16.0.136)
Die Sims™ 3 Late Night (x32 Version: 6.0.81)
Die Sims™ 3 Lebensfreude (x32 Version: 8.0.152)
Die Sims™ 3 Luxus-Accessoires (x32 Version: 3.0.38)
Die Sims™ 3 Reiseabenteuer (x32 Version: 2.0.86)
Die Sims™ 3 Showtime (x32 Version: 12.0.273)
Die Sims™ 3 Stadt-Accessoires (x32 Version: 9.0.73)
Die Sims™ 3 Traumkarrieren (x32 Version: 4.0.87)
Die Sims™ 3 Traumsuite-Accessoires (x32 Version: 11.0.84)
Die Sims™ Inselgeschichten (x32)
Die Sims™ Lebensgeschichten (x32)
Energy Star Digital Logo (x32 Version: 1.0.1)
Formelrechner (x32 Version: 1.00.0000)
FreeStyle Auto-Assist (x32)
Gameforge Live 1.9.0 "Legend" (x32 Version: 1.9.0)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4)
HP Documentation (x32 Version: 1.5.1.0)
HP ESU for Microsoft Windows 7 (x32 Version: 1.1.8.1)
HP HotKey Support (Version: 4.0.3.1)
HP Setup (x32 Version: 8.2.4130.3367)
HP SoftPaq Download Manager (x32 Version: 3.0.5.0)
HP Software Framework (x32 Version: 4.0.51.1)
HP Software Setup (x32 Version: 7.0.1.6)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Web Camera (Version: 1.0.0)
HP Webcam (x32 Version: 1.0.25.0)
HP Webcam Driver (x32 Version: 6.1.7600.0049)
HP Wireless Assistant (Version: 4.0.6.0)
IDT Audio (x32 Version: 1.0.6300.0)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
LightScribe System Software (x32 Version: 1.18.22.2)
LSI HDA Modem (Version: 2.2.98)
MagniPic (Version: 1.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Browser Protection Service (x32 Version: 5.1.0.325)
McAfee Firewall Protection Service (x32 Version: 5.1.0.325)
McAfee Virus and Spyware Protection Service (x32 Version: 5.1.0.325)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Norton Online Backup (x32 Version: 2.0.0.34)
NVIDIA PhysX (x32 Version: 9.09.0209)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 9.0.14.2148)
PDF Complete Special Edition (x32 Version: 3.5.117)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0011)
Roxio Activation Module (x32 Version: 1.0)
Roxio Creator Audio (x32 Version: 3.8.0)
Roxio Creator Business (x32 Version: 10.3.56.21)
Roxio Creator Business v10 (x32 Version: 3.8.0)
Roxio Creator Copy (x32 Version: 3.8.0)
Roxio Creator Data (x32 Version: 3.8.0)
Roxio Creator Tools (x32 Version: 3.8.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Sacred 2 (x32 Version: 2.64.0.0)
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Task Manager 1.8d (x32 Version: 1.8d)
Skype™ 5.10 (x32 Version: 5.10.116)
SRWare Iron Version SRWare Iron 30.0.1650.0 (x32 Version: SRWare Iron 30.0.1650.0)
Stronghold Kingdoms (x32 Version: 1.17)
SUPERAntiSpyware (Version: 5.6.1040)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
The Sims™ 2 Seasons (x32)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2)
TV Star (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Visual C++ 8.0 x64 Runtime Setup Package (x32 Version: 1.0.0.0)
Visual C++ 8.0 x86 Runtime Setup Package (x32 Version: 1.0.0.0)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Vodafone Mobile Connect Lite (x32 Version: 3.1.2.104)
Windows 7 Default Setting (x32 Version: 1.0.1.7)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinFunktion Mathematik plus 18 (x32 Version: 18.00.0000)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Zip Uncompressor (HKCU)

==================== Restore Points  =========================

16-10-2013 13:16:31 Windows-Sicherung
29-10-2013 18:39:32 Windows-Sicherung
11-11-2013 15:18:18 Windows-Sicherung
13-11-2013 11:30:20 OTL Restore Point - 11/13/2013 12:30:11 PM
13-11-2013 17:31:50 Microsoft Office 2010 wird entfernt
14-11-2013 18:32:02 Entfernt TheSims3EP5
14-11-2013 18:34:25 Entfernt The Sims 3 Ambitions
14-11-2013 18:36:50 Entfernt The Sims 3 World Adventures
14-11-2013 18:39:44 Entfernt TheSims3EP4
14-11-2013 18:42:27 Entfernt The Sims 3 Outdoor Living Stuff
14-11-2013 18:44:14 Entfernt The Sims 3
14-11-2013 19:05:40 Installiert The Sims 3
14-11-2013 19:40:22 Installiert The Sims 3
14-11-2013 19:43:30 Installiert The Sims 3 World Adventures
14-11-2013 20:09:25 Installiert The Sims 3
14-11-2013 20:13:47 Installiert The Sims 3 Late Night
14-11-2013 20:48:38 Installiert The Sims 3
14-11-2013 21:00:58 Installiert TheSims3EP6
15-11-2013 11:18:41 Installiert TheSims3EP5
15-11-2013 11:42:01 Installiert TheSims3EP4
15-11-2013 11:53:54 Installiert The Sims 3 Ambitions
15-11-2013 12:13:01 Installiert The Sims 3 Town Life Stuff
15-11-2013 12:26:10 Installiert The Sims 3 Master Suite Stuff
15-11-2013 12:34:38 Installiert The Sims 3 Outdoor Living Stuff
15-11-2013 12:57:12 Installiert The Sims 3 Fast Lane Stuff
15-11-2013 13:31:23 Installiert The Sims 3
15-11-2013 13:41:17 Installiert TheSims3SP7
15-11-2013 14:14:12 Installiert The Sims 3
15-11-2013 14:36:30 Installiert TheSims3EP8

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00BBE578-02EA-4170-8082-C9E9A13407F7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {0C164CE7-2C9C-4517-8560-8C328C9BDD55} - System32\Tasks\{7C087477-233F-4856-848B-8238E3BC9D7B} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Apartment-Leben\TSBin\Sims2Launcher.exe [2008-07-26] (Electronic Arts)
Task: {17208F38-122B-483A-9D20-08B479C7AFC8} - System32\Tasks\{E478E215-2332-44D7-8214-B689062655D2} => C:\Program Files (x86)\Monte Cristo\TV star\TV Star.exe [1999-10-05] (Vision Park)
Task: {23813C25-50BA-4BD8-93D7-F8C4FFE76B87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {37E6F48E-6DCD-43D0-BD1F-657C44D53A20} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-18] (Google Inc.)
Task: {46FD326B-210A-44E3-87DA-1F936B250194} - System32\Tasks\{6398D677-A4E7-4EC6-94AA-0D195C409D29} => C:\Program Files (x86)\Firefly Studios\Stronghold Kingdoms\StrongholdKingdoms.exe [2012-09-17] (Firefly Studios)
Task: {48DAEF78-7972-406E-83AF-FCC45AB3D7E9} - System32\Tasks\{82745B83-E239-4108-92E0-DC155CD2A401} => C:\Users\Anja\Downloads\The Sims 2 - Apartment Life\The Sims 2 - Apartment Life.part01\Crack\Sims2EP8.exe [2008-08-26] (Maxis, a division of Electronic Arts Inc.)
Task: {4D44BF8E-2C06-4482-BA84-1A0E9217FBAF} - System32\Tasks\{D41EF7B7-BEE5-473B-BB66-38D04C65F0D3} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Apartment-Leben\TSBin\Sims2Launcher.exe [2008-07-26] (Electronic Arts)
Task: {4F47ED4E-E934-443D-8C28-3CF0D74ACF39} - System32\Tasks\{97036323-4394-493E-B652-D8F59621E349} => C:\Program Files (x86)\Firefly Studios\Stronghold Kingdoms\StrongholdKingdoms.exe [2012-09-17] (Firefly Studios)
Task: {506FAD33-EBF3-406B-A9AF-2755E1DE46B8} - System32\Tasks\{7FB44E24-E216-4994-A15D-A0041D141767} => C:\Program Files (x86)\Monte Cristo\TV star\TV Star.exe [1999-10-05] (Vision Park)
Task: {56BE1CC2-FB75-46DF-B5B7-6BA147A37DE2} - System32\Tasks\{0220A7DA-D894-44FF-987C-3ED23B67B793} => C:\Program Files (x86)\Firefly Studios\Stronghold Kingdoms\StrongholdKingdoms.exe [2012-09-17] (Firefly Studios)
Task: {64BDE0EA-A22F-47C4-9F5F-5091B71B1926} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {6AD9A9F0-8B6C-48D7-9974-7AC57EA450F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6C972B18-2075-4C92-906A-CEBAD35DFE41} - System32\Tasks\{AC50EEF0-54CE-4FFC-8F89-5882D05390FF} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Apartment-Leben\TSBin\Sims2Launcher.exe [2008-07-26] (Electronic Arts)
Task: {7C8347CF-AA15-491C-852C-77F676F56161} - System32\Tasks\{465D559C-3427-4B19-B42A-C143A9CC84B9} => C:\Users\Anja\Downloads\The Sims 2 - Apartment Life\The Sims 2 - Apartment Life.part01\Crack\Sims2EP8.exe [2008-08-26] (Maxis, a division of Electronic Arts Inc.)
Task: {7E03F50F-6D2B-498A-8B0F-355D5E918793} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001Core => C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10] (Google Inc.)
Task: {88DEA2E5-BFF0-4888-83BC-EBE5AAB937F8} - System32\Tasks\{EF9407A3-1D1C-40B6-A64E-B8165A0069A5} => C:\Program Files (x86)\KaraFun\KaraFun.exe
Task: {8A10AFC1-682F-442D-8BCE-734ED2AC7CF9} - System32\Tasks\{F84D1C96-27B2-41E8-9D1B-88ABF4714C71} => C:\Program Files (x86)\KaraFun\KaraFun.exe
Task: {A3E2E909-F446-48CB-AB8B-BA1EC52BF399} - System32\Tasks\{B4903DAC-9DED-4C22-978C-BAB8456F4A4A} => C:\Program Files (x86)\Monte Cristo\TV star\TV Star.exe [1999-10-05] (Vision Park)
Task: {A76C0736-7593-4188-B1D3-35CB36F92FB5} - System32\Tasks\{34B7E4F2-F51F-45C4-AB64-06BD704EF80C} => C:\Program Files (x86)\EA GAMES\Die Sims 2 Apartment-Leben\TSBin\Sims2Launcher.exe [2008-07-26] (Electronic Arts)
Task: {B60FE59D-DE03-4730-A3E6-5F18212FC04B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-18] (Google Inc.)
Task: {B9A7D412-0283-4DBF-B01B-895F7071F6C3} - System32\Tasks\HPCeeScheduleForAnja => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {C409806D-A69E-49E9-B1AE-D9CC81E947DA} - System32\Tasks\{B3C3C770-37FE-45D3-BE42-393B387041AD} => D:\Crack\Sims2EP8.exe
Task: {C4FF5174-558E-4153-B7DB-B78B45E46B31} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001UA => C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10] (Google Inc.)
Task: {CAE40733-A415-4E64-81F0-D7137D098399} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4120671964-2979887947-499652283-1001
Task: {CDFBFD16-BCC7-45E7-B0DA-1D5AA16956C4} - System32\Tasks\{CBEAD9E9-B382-4827-A589-FBE6766AAED1} => C:\Program Files (x86)\Monte Cristo\TV star\TV Star.exe [1999-10-05] (Vision Park)
Task: {DBF59D42-F33B-46E8-B63E-AC0616CC6AC2} - System32\Tasks\Google Updater and Installer => C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-10] (Google Inc.)
Task: {F4333FA2-4EC0-4B59-8FD7-437859DCBF84} - System32\Tasks\{2961CCA1-364D-41F0-8C54-F5D2A3008D8E} => D:\Crack\Sims2EP8.exe
Task: {F6A986D4-57FB-43C7-BF44-ED1D581CD389} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {F97F617B-2020-4B50-AB37-C587EFCD281C} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
Task: {FAEE5C7B-05F9-4B89-BACF-2E274558F81F} - System32\Tasks\{BA40C938-7BD6-41DF-97D3-A3867FA6564F} => C:\Program Files (x86)\Monte Cristo\TV star\TV Star.exe [1999-10-05] (Vision Park)
Task: {FB11F153-3B38-4FB0-B963-CEE73C1FD812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001Core.job => C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4120671964-2979887947-499652283-1001UA.job => C:\Users\Anja\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForAnja.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-10-29 20:20 - 2013-10-10 19:14 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-08-17 21:39 - 2013-01-04 09:28 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
2013-11-13 18:51 - 2013-10-05 21:22 - 00875008 _____ () C:\Program Files (x86)\SRWare Iron\libglesv2.dll
2013-11-13 18:51 - 2013-10-05 21:25 - 00102912 _____ () C:\Program Files (x86)\SRWare Iron\libegl.dll
2013-11-13 18:51 - 2013-10-05 20:12 - 00861696 _____ () C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: McAfee Inc. mfewfpk
Description: McAfee Inc. mfewfpk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mfewfpk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2013 09:44:10 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (11/15/2013 07:04:43 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (11/15/2013 03:48:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x67ba6c6a
ID des fehlerhaften Prozesses: 0x1310
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (11/15/2013 03:43:08 PM) (Source: Windows Installer 3.1) (User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.

Error: (11/15/2013 00:14:12 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (11/14/2013 04:43:32 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7

Error: (11/13/2013 08:27:16 PM) (Source: McLogEvent) (User: NT-AUTORITÄT)
Description: MCSCAN32 Engine Initialisation failed.
Engine returned error : 7


System errors:
=============
Error: (11/15/2013 07:11:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.

Error: (11/15/2013 07:11:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Wireless Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/15/2013 07:11:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Wireless Assistant Service erreicht.

Error: (11/15/2013 07:11:18 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.

Error: (11/15/2013 07:10:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/15/2013 07:10:49 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (11/15/2013 07:10:35 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.

Error: (11/15/2013 07:10:10 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (11/15/2013 00:15:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Software Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/15/2013 00:15:58 PM) (Source: DCOM) (User: )
Description: 1053hpqwmiex{F5539356-2F02-40D4-999E-FA61F45FE12E}


Microsoft Office Sessions:
=========================
Error: (11/15/2013 09:44:10 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 7

Error: (11/15/2013 07:04:43 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 7

Error: (11/15/2013 03:48:15 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d6727a7unknown0.0.0.000000000c000000567ba6c6a131001cee211b54df894C:\windows\SysWOW64\explorer.exeunknownf4965183-4e04-11e3-9dcf-e02a8249b4ae

Error: (11/15/2013 03:43:08 PM) (Source: Windows Installer 3.1)(User: )
Description: WindowsFür diesen Befehl ist nicht genügend Speicher verfügbar.

Error: (11/15/2013 00:14:12 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 7

Error: (11/14/2013 04:43:32 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 7

Error: (11/13/2013 08:27:16 PM) (Source: McLogEvent)(User: NT-AUTORITÄT)
Description: 7


CodeIntegrity Errors:
===================================
  Date: 2013-10-10 22:34:16.085
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-10 22:34:16.085
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-10 22:34:15.405
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-10 22:34:15.245
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-10 22:34:15.235
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-10 22:34:15.205
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 12:55:02.816
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 12:55:02.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 12:55:02.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-06 12:55:02.722
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 62%
Total physical RAM: 1788.56 MB
Available physical RAM: 678.88 MB
Total Pagefile: 3577.13 MB
Available Pagefile: 1555.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.79 GB) (Free:41.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (The Sims 3 Super) (CDROM) (Total:2.26 GB) (Free:0 GB) CDFS
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0D16673C)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================
         
Stystem-Look

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 22:17 on 15/11/2013 by Anja
Administrator - Elevation successful

========== filefind ==========

Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Local\Babylon\Setup\Babylon.dat.vir	--a---- 11198 bytes	[13:16 22/01/2012]	[21:27 08/08/2011] 0EA4B325AEDED4466C4CF6F8DAE88ECF

Searching for "*clsoft ltd*"
No files found.

Searching for "*ICQToolbar*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll.vir	--a---- 1054520 bytes	[18:28 30/06/2011]	[09:49 21/11/2010] 92C8692C478E2747E9EA0860F18E2E0A

Searching for "*RightClick*"
No files found.

Searching for "*Media Finder*"
No files found.

Searching for "*ICQ6Toolbar*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ICQ6Toolbar\icq6Toolbar.ico.vir	--a---- 28662 bytes	[18:28 30/06/2011]	[09:44 21/11/2010] 085B2028F97E47C0367AB0187775F806

Searching for "*MagniPic*"
No files found.

Searching for "*yourfiledownloader*"
No files found.

Searching for "*Ilivid*"
C:\Users\Anja\Downloads\iLividSetupV1 (1).exe	--a---- 823576 bytes	[15:46 02/08/2012]	[15:47 02/08/2012] (Unable to calculate MD5)
C:\Users\Anja\Downloads\iLividSetupV1.exe	--a---- 2075104 bytes	[15:16 23/08/2011]	[15:17 23/08/2011] D454EF00B25ABDF86C7CC4EE22EFCED3

Searching for "*OpenCandy*"
No files found.

Searching for "*facemoods*"
C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_21823\facemoods.crx	--a---- 32791 bytes	[18:20 10/10/2011]	[14:26 18/05/2011] 9E7C9CAB9B453DCAFE62A3A114E6293C
C:\Users\Anja\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_21823\CRX_INSTALL\style\facemoods_chrome_1.0.1.css	--a---- 1915 bytes	[18:20 10/10/2011]	[18:20 10/10/2011] 932E88939025DEA549719B7FFB869668

Searching for "*privitize*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\Extensions\ffxtlbr@privitize.com\content\privitize.css.vir	--a---- 2327 bytes	[10:09 02/04/2013]	[10:09 02/04/2013] 6797822166784AA73A75491AC52F42BE
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\Extensions\ffxtlbr@privitize.com\content\privitize.xul.vir	--a---- 1170 bytes	[10:09 02/04/2013]	[10:09 02/04/2013] F6944A563D9ED1704BF071A716A49A26
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\searchplugins\privitize.xml	--a---- 1378 bytes	[23:10 22/03/2013]	[10:09 02/04/2013] 03FEBC85CF49CB91E6A99FE0351509C0

Searching for "*Searchqu*"
C:\ProgramData\SecTaskMan\_searchqudtx5D2D0	--a---- 269 bytes	[10:54 20/05/2013]	[10:54 20/05/2013] 9A8EA10B05BAA10F00634A546E5DFBA8
C:\Users\All Users\SecTaskMan\_searchqudtx5D2D0	--a---- 269 bytes	[10:54 20/05/2013]	[10:54 20/05/2013] 9A8EA10B05BAA10F00634A546E5DFBA8

Searching for "*Softonic*"
No files found.

Searching for "*DataMngr*"
C:\Users\Anja\AppData\Local\Temp\jrt\datamngr_del.reg	--a---- 386 bytes	[18:45 13/11/2013]	[03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

========== folderfind ==========

Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Local\Babylon	d------	[18:21 13/11/2013]
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\Babylon	d------	[18:21 13/11/2013]

Searching for "*clsoft ltd*"
No folders found.

Searching for "*ICQToolbar*"
C:\AdwCleaner\Quarantine\C\ProgramData\ICQ\ICQToolbar	d------	[18:21 13/11/2013]

Searching for "*RightClick*"
No folders found.

Searching for "*Media Finder*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\Media Finder	d------	[18:21 13/11/2013]

Searching for "*ICQ6Toolbar*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ICQ6Toolbar	d------	[18:21 13/11/2013]

Searching for "*MagniPic*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MagniPic	d------	[18:21 13/11/2013]

Searching for "*yourfiledownloader*"
No folders found.

Searching for "*Ilivid*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Local\Ilivid Player	d------	[18:21 13/11/2013]

Searching for "*OpenCandy*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\OpenCandy	d------	[18:21 13/11/2013]
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\OpenCandy\OpenCandy_B3096BD3CD704E0997FBC573FDE502C2	d------	[18:21 13/11/2013]

Searching for "*facemoods*"
No folders found.

Searching for "*privitize*"
C:\AdwCleaner\Quarantine\C\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\Extensions\ffxtlbr@privitize.com	d------	[18:21 13/11/2013]

Searching for "*Searchqu*"
No folders found.

Searching for "*Softonic*"
No folders found.

Searching for "*DataMngr*"
C:\Users\Gast\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_datamngrUI.exe_c84a1dded5ec2afda304de5a7d366a8762716d_13223448	d----c-	[19:58 14/08/2012]
C:\Users\Gast\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_datamngrUI.exe_c84a1dded5ec2afda304de5a7d366a8762716d_cab_0c9f4b51	d----c-	[13:13 27/12/2012]

========== regfind ==========

Searching for "Babylon"
[HKEY_USERS\Gast\Software\BabylonToolbar]
[HKEY_USERS\Gast\Software\BabylonToolbar\BabylonToolbar]

Searching for "clsoft ltd"
No data found.

Searching for "ICQToolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\ICQ\ICQToolBar]
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\ICQ\ICQToolBar]
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\ICQ\ICQToolBar]

Searching for "RightClick"
No data found.

Searching for "Media Finder"
[HKEY_CURRENT_USER\Software\Classes\MF]
@="URL:Media Finder"
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Classes\MF]
@="URL:Media Finder"
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001_Classes\MF]
@="URL:Media Finder"

Searching for "ICQ6Toolbar"
No data found.

Searching for "MagniPic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0DF6233-C349-4297-A07C-8B6B0B3C40C5}]
"DisplayName"="MagniPic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0DF6233-C349-4297-A07C-8B6B0B3C40C5}]
"CategoryName"="MagniPic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASMANCS]

Searching for "yourfiledownloader"
No data found.

Searching for "Ilivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1 (1).exe"="iLivid Install"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation                                                                                                                                                                                                                                                "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1 (1).exe"="iLivid Install"
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation                                                                                                                                                                                                                                                "
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1 (1).exe"="iLivid Install"
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation                                                                                                                                                                                                                                                "

Searching for "OpenCandy"
No data found.

Searching for "facemoods"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com\facemoods]
[HKEY_USERS\Gast\Software\facemoods.com]
[HKEY_USERS\Gast\Software\facemoods.com\facemoods]
[HKEY_USERS\Gast\Software\facemoods.com\facemoods\instl]
"tlbrSrchUrl"="hxxp://start.facemoods.com/?a=gppc&f=3"
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com]
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com\facemoods]
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-501\Software\facemoods.com]
[HKEY_USERS\Gast\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-501\Software\facemoods.com\facemoods]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com]
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com\facemoods]

Searching for "privitize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{B13DEF35-A6D3-42ED-8C55-3CF74B4AF6D2}]
"ProfileName"="PrivitizeVPN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{B13DEF35-A6D3-42ED-8C55-3CF74B4AF6D2}]
"Description"="PrivitizeVPN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0000200000F0000F078A32B5D0A926EF115275565E88A12DB777C7A1BAD638952FE4579C0FEBD8E88]
"Description"="PrivitizeVPN"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0000200000F0000F078A32B5D0A926EF115275565E88A12DB777C7A1BAD638952FE4579C0FEBD8E88]
"FirstNetwork"="PrivitizeVPN"

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\Gast\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\Gast\Software\DataMngr]
"Folder"="C:\Program Files (x86)\Searchqu Toolbar"
[HKEY_USERS\Gast\Software\DataMngr]
"Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
[HKEY_USERS\Gast\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"
[HKEY_USERS\Gast\Software\DataMngr\IEBHO]
"DNSUrl"="hxxp://www.searchqu.com/web?src=derr&appid=341&systemid=406&q="
[HKEY_USERS\Gast\Software\DataMngr\IEBHO]
"404Url"="hxxp://www.searchqu.com/web?src=404&appid=341&systemid=406&q="

Searching for "Softonic"
No data found.

Searching for "DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCD83A6F-89FA-431C-8262-C01CA90E0DB0}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"
[HKEY_USERS\Gast\Software\DataMngr]
[HKEY_USERS\Gast\Software\DataMngr]
"DLLPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll"
[HKEY_USERS\Gast\Software\DataMngr]
"Path"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr"
[HKEY_USERS\Gast\Software\DataMngr]
"ShortDllPath"="C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll"
[HKEY_USERS\Gast\Software\DataMngr]
"ShortDllPath64"="C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll"
[HKEY_USERS\Gast\Software\DataMngr]
"UIPath"="C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe"

Searching for "         "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation                                                                                                                                                                                                                                                "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{45057FCE-5784-48BE-8176-D9D00AF56C3C}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{54BC13DC-BF47-47D1-8F56-1E08E9F7FF6C}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{71828142-5A24-4BD0-97E7-976DA08CE6CF}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{75F18610-BDC0-45BD-B31F-DFD90F244030}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{C7F0A92A-ED56-4CD7-ADD3-5D5F11DACDD9}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{B3F8E60B-DF77-4104-88AC-F5919C64649A}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{6AB00271-515B-4a4d-8A6E-9E66BF96A437}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
        </Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}">
                <Descriptor descriptorID="{9C8680ED-C0A6-4700-ACDF-B24C979511E0}"/>
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{768BD93D-63BE-46A9-89
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11083014020579&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11121825050069&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001B794178&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1.00&0#]
"DeviceDesc"="X38             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1709&0#]
"DeviceDesc"="X38             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1.00&1#]
"DeviceDesc"="X38 SD          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1709&1#]
"DeviceDesc"="X38 SD          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11083014020579&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11121825050069&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001B794178&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1.00&0#]
"DeviceDesc"="X38             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1709&0#]
"DeviceDesc"="X38             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1.00&1#]
"DeviceDesc"="X38 SD          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1709&1#]
"DeviceDesc"="X38 SD          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11083014020579&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_8.07#11121825050069&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001B794178&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1.00&0#]
"DeviceDesc"="X38             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38&REV_1.00#USBV1709&0#]
"DeviceDesc"="X38             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1.00&1#]
"DeviceDesc"="X38 SD          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ODYS_MP&PROD_X38_SD&REV_1.00#USBV1709&1#]
"DeviceDesc"="X38 SD          "
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation                                                                                                                                                                                                                                                "
[HKEY_USERS\S-1-5-21-4120671964-2979887947-499652283-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Anja\Downloads\iLividSetupV1.exe"="iLivid Installation                                                                                                                                                                                                                                                "

-= EOF =-
         
Von Avira kam noch ein kleiner Kurzbericht (unten rechts), dass dieselbe Adware (wie zuvor gefunden) aufgefunden wurde. Ich drückte den Button "entfernen", bin mir aber nicht sicher, ob es wirklich entfernt wurde. In diesem Fall müsste dies vielleicht über die Log-Dateien sichtbar sein.

Bericht von Avira:

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 15. November 2013  22:36


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ANJA-HP

Versionsinformationen:
BUILD.DAT      : 14.0.0.411     55393 Bytes  10.10.2013 19:14:00
AVSCAN.EXE     : 14.0.0.383    968776 Bytes  10.10.2013 18:14:05
AVSCANRC.DLL   : 14.0.0.225     62024 Bytes  10.10.2013 18:14:05
LUKE.DLL       : 14.0.0.383     65096 Bytes  10.10.2013 18:14:07
AVSCPLR.DLL    : 14.0.0.383     92232 Bytes  10.10.2013 18:14:05
AVREG.DLL      : 14.0.0.383    250440 Bytes  10.10.2013 18:14:05
avlode.dll     : 14.0.0.383    512584 Bytes  10.10.2013 18:14:05
avlode.rdf     : 13.0.1.48      27867 Bytes  13.11.2013 17:14:24
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 18:14:08
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 18:14:08
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 18:14:08
VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 18:14:08
VBASE004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 18:14:08
VBASE005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 18:14:08
VBASE006.VDF   : 7.11.103.230  2293248 Bytes  24.09.2013 18:14:08
VBASE007.VDF   : 7.11.111.18  3598336 Bytes  06.11.2013 15:08:26
VBASE008.VDF   : 7.11.111.19     2048 Bytes  06.11.2013 15:08:27
VBASE009.VDF   : 7.11.111.20     2048 Bytes  06.11.2013 15:08:27
VBASE010.VDF   : 7.11.111.21     2048 Bytes  06.11.2013 15:08:27
VBASE011.VDF   : 7.11.111.22     2048 Bytes  06.11.2013 15:08:27
VBASE012.VDF   : 7.11.111.23     2048 Bytes  06.11.2013 15:08:27
VBASE013.VDF   : 7.11.111.150   168448 Bytes  07.11.2013 15:08:27
VBASE014.VDF   : 7.11.112.47   247808 Bytes  08.11.2013 15:08:27
VBASE015.VDF   : 7.11.112.139   323584 Bytes  11.11.2013 15:08:27
VBASE016.VDF   : 7.11.113.39   221696 Bytes  13.11.2013 17:14:22
VBASE017.VDF   : 7.11.113.40     2048 Bytes  13.11.2013 17:14:22
VBASE018.VDF   : 7.11.113.41     2048 Bytes  13.11.2013 17:14:22
VBASE019.VDF   : 7.11.113.42     2048 Bytes  13.11.2013 17:14:22
VBASE020.VDF   : 7.11.113.43     2048 Bytes  13.11.2013 17:14:22
VBASE021.VDF   : 7.11.113.44     2048 Bytes  13.11.2013 17:14:22
VBASE022.VDF   : 7.11.113.45     2048 Bytes  13.11.2013 17:14:22
VBASE023.VDF   : 7.11.113.46     2048 Bytes  13.11.2013 17:14:22
VBASE024.VDF   : 7.11.113.47     2048 Bytes  13.11.2013 17:14:22
VBASE025.VDF   : 7.11.113.48     2048 Bytes  13.11.2013 17:14:22
VBASE026.VDF   : 7.11.113.49     2048 Bytes  13.11.2013 17:14:22
VBASE027.VDF   : 7.11.113.50     2048 Bytes  13.11.2013 17:14:22
VBASE028.VDF   : 7.11.113.51     2048 Bytes  13.11.2013 17:14:22
VBASE029.VDF   : 7.11.113.52     2048 Bytes  13.11.2013 17:14:23
VBASE030.VDF   : 7.11.113.53     2048 Bytes  13.11.2013 17:14:23
VBASE031.VDF   : 7.11.113.82   138752 Bytes  13.11.2013 17:14:23
Engineversion  : 8.2.12.142
AEVDF.DLL      : 8.1.3.4       102774 Bytes  10.10.2013 18:14:02
AESCRIPT.DLL   : 8.1.4.166     516478 Bytes  13.11.2013 17:14:24
AESCN.DLL      : 8.1.10.4      131446 Bytes  10.10.2013 18:14:02
AESBX.DLL      : 8.2.16.26    1245560 Bytes  10.10.2013 18:14:02
AERDL.DLL      : 8.2.0.128     688504 Bytes  10.10.2013 18:14:02
AEPACK.DLL     : 8.3.3.4       758136 Bytes  29.10.2013 19:23:53
AEOFFICE.DLL   : 8.1.2.76      205181 Bytes  10.10.2013 18:14:02
AEHEUR.DLL     : 8.1.4.744    6283642 Bytes  11.11.2013 15:08:30
AEHELP.DLL     : 8.1.27.8      266617 Bytes  11.11.2013 15:08:28
AEGEN.DLL      : 8.1.7.20      446839 Bytes  13.11.2013 17:14:24
AEEXP.DLL      : 8.4.1.100     369016 Bytes  11.11.2013 15:08:30
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.10.2013 18:14:02
AECORE.DLL     : 8.1.32.2      201081 Bytes  11.11.2013 15:08:28
AEBB.DLL       : 8.1.1.4        53619 Bytes  10.10.2013 18:14:02
AVWINLL.DLL    : 14.0.0.225     23624 Bytes  10.10.2013 18:14:05
AVPREF.DLL     : 14.0.0.225     48712 Bytes  10.10.2013 18:14:05
AVREP.DLL      : 14.0.0.225    175688 Bytes  10.10.2013 18:14:05
AVARKT.DLL     : 14.0.0.225    257096 Bytes  10.10.2013 18:14:03
AVEVTLOG.DLL   : 14.0.0.383    165960 Bytes  10.10.2013 18:14:03
SQLITE3.DLL    : 3.7.0.1       394824 Bytes  10.10.2013 18:14:07
AVSMTP.DLL     : 14.0.0.225     60488 Bytes  10.10.2013 18:14:05
NETNT.DLL      : 14.0.0.225     13384 Bytes  10.10.2013 18:14:07
RCIMAGE.DLL    : 14.0.0.225   4786760 Bytes  10.10.2013 18:14:07
RCTEXT.DLL     : 14.0.0.225     67144 Bytes  10.10.2013 18:14:07

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_528687de\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig

Beginn des Suchlaufs: Freitag, 15. November 2013  22:36

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV64.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'atibtmon.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '184' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE64.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'AESTSr64.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess 'agr64svc.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPDrvMntSvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpHotkeyMonitor.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'mfevtps.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'myAgtSvc.Exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesService64.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'mcshield.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'TuneUpUtilitiesApp64.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqWmiEx.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPWA_Service.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'iron.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'iron.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'iron.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SystemLook_x64.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '34' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Anja\Downloads\iLividSetupV1 (1).exe'
C:\Users\Anja\Downloads\iLividSetupV1 (1).exe
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '549507f0.qua' verschoben!


Ende des Suchlaufs: Freitag, 15. November 2013  22:38
Benötigte Zeit: 01:51 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    776 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    775 Dateien ohne Befall
      1 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
         
Ich habe Firefox deinstalliert und nutze jetzt Iron. Firefox kann nicht mehr installiert werden (ist mir persönlich aber nicht so wichtig). Ich habe das Gefühl dass mein Laptop allgemein schneller startet.

Alt 16.11.2013, 09:47   #9
M-K-D-B
/// TB-Ausbilder
 
Avira hat Trojaner tr/mediyes.gen gefunden - Standard

Avira hat Trojaner tr/mediyes.gen gefunden



Servus,



Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Zudem musst du dich von zwei AV Programmen verabschieden.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.





Schritt 1
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast:
Code:
ATTFilter
Kaspersky
Avira
McAfee
         
Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die anderen über Systemsteuerung => Programme deinstallieren / Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."




Schritt 2
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
AppInit_DLLs:    [0 ] ()
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
C:\Users\Anja\Desktop\Continue Zip Extractor Installation.lnk
C:\Users\Anja\Downloads\iLivid*.exe
C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5berzbu4.default\searchplugins\privitize.xml
C:\ProgramData\SecTaskMan\_searchqudtx5D2D0
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\ICQ\ICQToolBar" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Classes\MF" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0DF6233-C349-4297-A07C-8B6B0B3C40C5}" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASAPI32" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASMANCS" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7" /f
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4120671964-2979887947-499652283-1001\Software\facemoods.com" /f
Reg: reg delete "HKEY_USERS\Gast\Software\DataMngr" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCD83A6F-89FA-431C-8262-C01CA90E0DB0}" /f
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 4

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 5
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 22.11.2013, 14:25   #10
M-K-D-B
/// TB-Ausbilder
 
Avira hat Trojaner tr/mediyes.gen gefunden - Standard

Avira hat Trojaner tr/mediyes.gen gefunden



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Antwort

Themen zu Avira hat Trojaner tr/mediyes.gen gefunden
avira, benötigte, durchgeführt, gefunde, langsamer, laptop, logfiles, löschen, quarantäne, scan, system, system32, tr/mediyes.gen, troja, trojaner, virenscan, weiteren, windows, works



Ähnliche Themen: Avira hat Trojaner tr/mediyes.gen gefunden


  1. Trojaner Mediyes.Gen
    Plagegeister aller Art und deren Bekämpfung - 24.08.2015 (14)
  2. Avira hat Trojaner gefunden
    Log-Analyse und Auswertung - 02.12.2014 (22)
  3. tr/mediyes.gen wird von avira nicht entfernt
    Antiviren-, Firewall- und andere Schutzprogramme - 28.05.2014 (5)
  4. TR/Mediyes.Gen gefunden!
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (5)
  5. Windows7 64bit / Avira findet Trojaner TR/Mediyes.Gen6 und TR/Kryptik.avp.20
    Log-Analyse und Auswertung - 28.12.2013 (8)
  6. WIN 8: TR/Mediyes.gen, von Anitivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (13)
  7. TR/Mediyes.Gen und Adware/InstallCore.ead gefunden bei Suchdurchlauf
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (18)
  8. Trojaner Mediyes.Gen
    Log-Analyse und Auswertung - 28.11.2013 (10)
  9. Trojaner Mediyes.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.11.2013 (13)
  10. TR/ATRAPS.Gen und TR/Mediyes.Gen von avira in Qurantäne genommen. Was nun?!
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (1)
  11. Trojaner von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.04.2013 (9)
  12. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  13. d3dyohe0i.dll - Rootkit.Mediyes.A Virus gefunden - und jetzt?
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (5)
  14. 9 Trojaner via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.11.2011 (5)
  15. 25 Trojaner/Viren gefunden mit Avira - Was nun tun?
    Mülltonne - 22.07.2011 (4)
  16. Avira hat Trojaner und Würmer gefunden
    Log-Analyse und Auswertung - 14.04.2011 (1)
  17. 5 Trojaner mit Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.11.2009 (40)

Zum Thema Avira hat Trojaner tr/mediyes.gen gefunden - Ich habe am 29.10.2013 einen Virenscan mit Avira durchgeführt, da mein Laptop langsamer erschien. Avira fand den Trojaner tr/mediyes.gen Da ich beim Löschen immer sehr vorsichtig bin, habe ich ihn - Avira hat Trojaner tr/mediyes.gen gefunden...
Archiv
Du betrachtest: Avira hat Trojaner tr/mediyes.gen gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.