| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.02.2013, 22:48
| #1 |
| |  Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Liebe Forengemeinde, ein sehr netter Kollege von mir hat sich diesen Sonntag einen Virus eingefangen, der alle Dokumente verschlüsselt hat. Laut Kaspersky Boot CD handelt es sich um den "Trojan-Ransom.Win32.Foreign.abjw" Die Dokumente auf dem Rechner heisen nun beispielsweise: GJGXUyLLpxpgQsfs oder leGoQsfAxEDsnjGoDT Wie kann ich diese Dateien wieder entschlüsseln? Wie immer sind die Daten sehr wichtig und ich wäre jedem Dankbar der mir helfen kann/will. Vielen Dank Daniel Malwarebytes Log Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.27.11 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 horst :: HORST-PC [Administrator] Schutz: Aktiviert 27.02.2013 22:33:53 mbam-log-2013-02-27 (22-33-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 232787 Laufzeit: 3 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 27.02.2013 22:52:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\horst\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 60,86% Memory free 7,83 Gb Paging File | 6,09 Gb Available in Paging File | 77,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,47 Gb Total Space | 183,73 Gb Free Space | 77,05% Space Free | Partition Type: NTFS Drive D: | 332,70 Gb Total Space | 28,14 Gb Free Space | 8,46% Space Free | Partition Type: NTFS Computer Name: HORST-PC | User Name: horst | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.27 22:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.14 10:30:17 | 009,116,152 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe PRC - [2012.12.14 10:30:17 | 003,472,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.14 10:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe PRC - [2012.04.22 21:15:06 | 000,394,352 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe PRC - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.08.31 15:33:32 | 001,545,856 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe PRC - [2011.04.01 00:29:30 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.02.22 11:38:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.01.25 19:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.11.15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.22 17:54:14 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe PRC - [2009.07.22 17:53:44 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 09:48:51 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.01.09 17:14:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll MOD - [2013.01.09 17:14:02 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\83794ccfabbb2472e26d05f07a938106\PresentationFramework.ni.dll MOD - [2013.01.09 17:13:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.01.09 17:13:43 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d33c8e6f0b71f58abb7ee6db25097127\PresentationCore.ni.dll MOD - [2013.01.09 17:13:35 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll MOD - [2013.01.09 17:13:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013.01.09 17:13:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8b5eb81362a896af2c70f97502f42013\System.Configuration.ni.dll MOD - [2013.01.09 17:13:24 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.01.09 17:13:16 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2011.08.31 15:33:32 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.08.04 10:50:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.08.04 10:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009.08.04 10:49:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2011.01.25 22:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.04.17 00:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 10:30:17 | 003,472,376 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.04.22 21:15:06 | 000,394,352 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc) SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.02.22 11:38:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.07.22 17:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2009.07.22 17:53:44 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.21 09:07:54 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.12.13 22:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.22 02:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.17 09:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010.09.17 09:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010.09.17 09:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010.09.17 09:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.09.07 10:19:38 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010.08.03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.04.17 00:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.03.02 17:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Inbox Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google Maps [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Inbox.com IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {C04B7D22-5AEC-4561-8F49-27F6269208F6} IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80195&lng=de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.gmx.net/tb/mff_startpage" FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.4 FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2011.11.09 12:10:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files (x86)\SiteRanker\firefox\ [2012.02.24 08:57:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 10:25:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ED76C299-85BC-4891-9237-74A140C28832}: C:\Program Files (x86)\RebateInformer\Firefox\ [2013.02.03 13:36:47 | 000,000,000 | ---D | M] [2012.07.14 09:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Extensions [2012.07.14 09:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.02.19 09:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\m8ccar48.default\extensions [2012.10.18 08:08:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\m8ccar48.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.02.20 09:06:33 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\m8ccar48.default\extensions\AppGraffiti@AppGraffiti.com [2013.02.19 09:43:53 | 000,492,222 | ---- | M] () (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\extensions\toolbar@gmx.net.xpi [2012.01.30 11:03:03 | 000,000,933 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\11-suche.xml [2012.01.30 11:03:03 | 000,002,419 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\englische-ergebnisse.xml [2012.01.30 11:03:03 | 000,010,525 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\gmx-suche.xml [2012.01.30 11:03:03 | 000,002,457 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\lastminute.xml [2012.05.02 15:38:31 | 000,005,489 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\webde-suche.xml [2012.03.19 10:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.16 12:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2011.11.16 12:42:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.19 10:25:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.19 10:25:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.19 10:25:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.19 10:25:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 10:25:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 10:25:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 10:25:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: iGoogle CHR - homepage: iGoogle O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll (Crawler, LLC) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL (Omega Partners Ltd) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll (Inbox.com, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found. O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKCU..\Run: [Gygoofa] C:\Users\horst\AppData\Roaming\Azutw\xyvou.exe File not found O4 - HKCU..\Run: [jwnenlmo] C:\Users\horst\AppData\Roaming\Txuftven\nnnkynlmo.exe File not found O4 - HKCU..\Run: [userj] C:\Users\horst\AppData\Roaming\userj.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323F3241-93F6-4C0B-9EE3-47A761A741B7}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73C2E180-6D7C-4BEA-9EA3-3C19E27AC15A}: DhcpNameServer = 83.169.184.161 192.168.0.1 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\rebinfo - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll (Inbox.com, Inc.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6617214d-7f82-11e2-af38-f46d04160b67}\Shell - "" = AutoRun O33 - MountPoints2\{6617214d-7f82-11e2-af38-f46d04160b67}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.27 22:51:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe [2013.02.27 22:33:08 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Malwarebytes [2013.02.27 22:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.27 22:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.27 22:33:00 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.27 22:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.26 07:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2013.02.25 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder [2013.02.25 21:42:25 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\Programs [2013.02.25 20:41:01 | 000,000,000 | ---D | C] -- C:\Windows\XSxS [2013.02.25 20:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode [2013.02.25 20:40:49 | 000,000,000 | ---D | C] -- C:\Users\horst\ERPro [2013.02.25 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Neuer Ordner [2013.02.24 13:56:27 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.23 12:51:19 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Usxhgpyvfy [2013.02.22 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Ozlee [2013.02.22 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Niuseq [2013.02.22 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Etul [2013.02.15 14:56:01 | 000,000,000 | -H-D | C] -- C:\Users\horst\AppData\Roaming\Txuftven [2013.02.15 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Reyz [2013.02.15 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Enlo [2013.02.15 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Atykhu [2013.02.14 09:09:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 09:09:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 09:09:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 09:09:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 09:09:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 09:09:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 09:09:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 09:09:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 09:09:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 09:09:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 09:09:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 09:09:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 09:09:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 09:09:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 09:09:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 15:03:37 | 000,000,000 | -H-D | C] -- C:\Users\horst\AppData\Roaming\ECE760EC [2013.02.13 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Ezuk [2013.02.13 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Emtoi [2013.02.13 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Azutw [2013.02.13 09:02:01 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 09:02:00 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 09:01:59 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 09:01:52 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.02.13 09:01:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.02.13 09:01:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.02.13 09:01:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.02.13 09:01:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.02.13 09:01:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 09:01:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 09:01:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.02.13 09:01:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 09:01:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 09:01:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 09:01:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 09:01:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 09:01:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.02.13 09:01:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.02.13 09:01:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.02.13 09:01:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.02.13 09:01:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.02.13 09:01:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 09:01:50 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.01.31 11:59:47 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\{D2818443-9CB5-4A0B-AC59-CF2F9CEA56B6} ========== Files - Modified Within 30 Days ========== [2013.02.27 22:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe [2013.02.27 22:50:48 | 000,000,000 | ---- | M] () -- C:\Users\horst\defogger_reenable [2013.02.27 22:50:39 | 000,050,477 | ---- | M] () -- C:\Users\horst\Desktop\Defogger.exe [2013.02.27 22:44:27 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.27 22:33:01 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.27 22:12:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.27 22:12:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.27 22:03:49 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.02.27 22:03:49 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.27 22:03:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.27 22:03:15 | 3151,900,672 | -HS- | M] () -- C:\hiberfil.sys [2013.02.26 15:36:36 | 000,002,270 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.02.26 15:36:29 | 000,001,243 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.02.26 07:57:39 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8 Host.lnk [2013.02.26 07:33:02 | 001,531,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.26 07:33:02 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.26 07:33:02 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.26 07:33:02 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.26 07:33:02 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.25 21:43:02 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk [2013.02.20 12:36:34 | 000,000,150 | ---- | M] () -- C:\Users\horst\Desktop\sesxyfrseeJqDNXnO [2013.02.14 09:46:22 | 000,276,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.06 14:46:58 | 000,362,040 | ---- | M] () -- C:\Users\horst\Documents\AqOexrvagsjNlaOeAEl [2013.01.30 14:11:41 | 000,013,352 | ---- | M] () -- C:\Users\horst\Desktop\GtvsraloJUxylg ========== Files Created - No Company Name ========== [2013.02.27 22:50:48 | 000,000,000 | ---- | C] () -- C:\Users\horst\defogger_reenable [2013.02.27 22:50:39 | 000,050,477 | ---- | C] () -- C:\Users\horst\Desktop\Defogger.exe [2013.02.27 22:33:01 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.26 07:57:39 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8 Host.lnk [2013.02.26 07:57:39 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8 Host.lnk [2013.02.25 21:43:02 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk [2011.11.09 15:09:50 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.08 04:39:07 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.03.08 04:39:05 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.03.08 04:39:03 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.03.08 04:37:22 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2011.01.12 17:02:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [1601.02.13 09:28:18 | 002,021,888 | ---- | C] () -- C:\Users\horst\AejXgDsajegOytnJGlDT [1601.02.13 09:28:18 | 001,521,376 | ---- | C] () -- C:\Users\horst\OrEflnjsofgLdtEfg [1601.02.13 09:28:18 | 001,053,250 | ---- | C] () -- C:\Users\horst\rLNDvgfxxNAtEyQDjT [1601.02.13 09:28:18 | 000,292,352 | ---- | C] () -- C:\Users\horst\gAagVVUdvjLyQAp [1601.02.13 09:28:18 | 000,290,156 | ---- | C] () -- C:\Users\horst\ONAVLtUDAuOadoAuOtlE [1601.02.13 09:28:18 | 000,221,257 | ---- | C] () -- C:\Users\horst\qjGEussApEltnvGgDTNA [1601.02.13 09:28:18 | 000,176,640 | ---- | C] () -- C:\Users\horst\jyXUjogeXpjAgfupNJa [1601.02.13 09:28:18 | 000,172,032 | ---- | C] () -- C:\Users\horst\oVJrsjLXofGUxn [1601.02.13 09:28:18 | 000,124,248 | ---- | C] () -- C:\Users\horst\oLTfoAvsaToEJdTa [1601.02.13 09:28:18 | 000,029,184 | ---- | C] () -- C:\Users\horst\DjvyXgTxXrEOLlEeJ [1601.02.13 09:28:18 | 000,015,865 | ---- | C] () -- C:\Users\horst\vjJsgspXtvsEqQNdsa [1601.02.13 09:28:18 | 000,013,379 | ---- | C] () -- C:\Users\horst\aXUjtEqQdlaOyGUDTouG [1601.02.13 09:28:18 | 000,012,818 | ---- | C] () -- C:\Users\horst\nyfuonxreNGnJLvsvrsr [1601.02.13 09:28:18 | 000,010,036 | ---- | C] () -- C:\Users\horst\ypyUoAuLgqdNaDnve [1601.01.01 01:00:00 | 000,243,712 | ---- | C] () -- C:\Users\horst\AppData\Roaming\userj.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.02.2013 22:52:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\horst\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 60,86% Memory free
7,83 Gb Paging File | 6,09 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 183,73 Gb Free Space | 77,05% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 28,14 Gb Free Space | 8,46% Space Free | Partition Type: NTFS
Computer Name: HORST-PC | User Name: horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{119FA9C6-D269-4C77-8976-39440E43623A}" = lport=138 | protocol=17 | dir=in | app=system |
"{1DEF9043-1413-470B-B7AC-463B9A6D6772}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{1E1DA530-6E46-49A6-BCAD-750F6B0802E2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29F43436-220E-42F4-A6B5-EB07DA193F97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32996E6E-2562-45F7-A6F4-3530D0FF9096}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3B2D6E27-6F8A-47D0-8F73-7AA9B9DB2770}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{51BDE02A-706E-4AAB-9270-8E4BD7D052AA}" = lport=139 | protocol=6 | dir=in | app=system |
"{53158159-126F-443C-8507-1D4526A6A587}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{539A08E2-2F15-44C0-96F2-3ECCFE570BB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55966B09-7615-4F13-8232-0FA2BAF80E69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{592B8AEC-D724-4384-A27F-ADCC400E9C2B}" = rport=445 | protocol=6 | dir=out | app=system |
"{7D2A4992-89DF-4E8A-8CF2-F0ABFAEA37CC}" = lport=445 | protocol=6 | dir=in | app=system |
"{93568354-1F19-475C-B4E9-19BEE5F33B92}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{941B541C-87D4-4C52-B528-D78ED09E53B7}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A313182-E5C1-4776-B0E2-30F92612D0DA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9C7B15B5-BAFB-4FBF-9E41-36A3D8B6408E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9E7D39DD-1FAA-4E28-8E09-2D7099E36D64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6E909CF-72ED-4D8B-B082-2F073055BDA2}" = rport=139 | protocol=6 | dir=out | app=system |
"{B706632E-02E5-4B00-8038-8BD25B304ED6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF8153D1-58CF-4CD7-8D1F-17B5B008FFEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA78110C-2370-4EB5-9B93-16E4CC27C9EF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{ED77EEA8-8C76-4920-837C-E78404DE76A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2554677-DA41-4E79-9EE1-BF82427342D2}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE22141D-73BB-48A6-BE71-A6364A7EC361}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{465423EC-0915-46CA-BA76-A9FC64226E5C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4A5A010A-74AF-47B0-A842-A2D799BE9646}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5345F2F6-1E95-470E-883C-D25315BE7F08}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5C72C850-6E4A-44FA-BA24-8B53451CAF53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{6C18535A-55AC-4082-8163-84DE2543A9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{71D43AB7-DF4B-48C8-A14B-2F602199ED1F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E2C447A-BC1A-41AE-9314-8FEE1D01CCFA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{8722B1C6-764D-4E43-8648-7ACDF9FAD7BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9DE504BB-94DD-435C-8B82-EDD1463191B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6CE2B8A-3326-4CC7-A7B0-A840B904C03F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C472DBE9-1B69-4915-854D-65DB98EAD538}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{E5989B42-F87B-4915-BA17-0A02295EEA79}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{2A7C58DE-B27D-441E-AB6D-501C7BE9BD2A}C:\users\horst\appdata\roaming\azutw\xyvou.exe" = protocol=6 | dir=in | app=c:\users\horst\appdata\roaming\azutw\xyvou.exe |
"UDP Query User{7AC96F82-BA39-40DC-B343-7B909E7427B7}C:\users\horst\appdata\roaming\azutw\xyvou.exe" = protocol=17 | dir=in | app=c:\users\horst\appdata\roaming\azutw\xyvou.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4543C6FA-89E7-4F1E-89A2-32F3FFEBB47E}" = Software-Edition 2012
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{99C0BA09-5F99-4A0E-B5A1-B476ED73BFA8}" = Grundstücks- und Gebäudewertermittlung
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.0.0.24
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BB3085D5-7D88-4AF2-B08E-226E26E2A169}" = Haufe iDesk-Browser
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D768CAF3-57FD-446C-BE4E-FC29DCE83B93}" = Haufe iDesk-Service
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC438CEA-210E-461C-8CB7-8CB838667A09}" = Haufe Formular-Manager
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32)
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"HaufeReader" = HaufeReader
"HIO" = HIO
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"IMV2000_is1" = IMV2000
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IrfanView" = IrfanView (remove only)
"Jewel Quest 3" = Jewel Quest 3
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Plants vs Zombies" = Plants vs Zombies
"TeamViewer 8 Host" = TeamViewer 8 Host
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.05.2012 08:22:19 | Computer Name = horst-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 22.05.2012 04:34:22 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: imv2000.exe, Version: 6.53.0.0, Zeitstempel:
0x47139f24 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
0x4ec49d10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000346e1 ID des fehlerhaften Prozesses:
0x1788 Startzeit der fehlerhaften Anwendung: 0x01cd37f58015be86 Pfad der fehlerhaften
Anwendung: C:\IMV2000\imv2000.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
edb4ea2a-a3e8-11e1-87e0-f46d04160b67
Error - 04.06.2012 09:31:44 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: Flash10d.ocx, Version: 10.0.42.34,
Zeitstempel: 0x4ae7baed Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cdaf9 ID des fehlerhaften
Prozesses: 0x760 Startzeit der fehlerhaften Anwendung: 0x01cd424c1add46e4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWow64\Macromed\Flash\Flash10d.ocx Berichtskennung:
a00f64ca-ae49-11e1-84be-f46d04160b67
Error - 20.06.2012 06:15:24 | Computer Name = horst-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
werden.
Error - 16.07.2012 13:58:19 | Computer Name = horst-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 13.09.2012 05:24:59 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fecf1b7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
Zeitstempel: 0x4e211485 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xca4 Startzeit der fehlerhaften Anwendung: 0x01cd918ba3b148ad Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: e2da7755-fd84-11e1-922c-f46d04160b67
Error - 13.09.2012 05:30:18 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fecf1b7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
Zeitstempel: 0x4e211485 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0x1bb4 Startzeit der fehlerhaften Anwendung: 0x01cd9191c6aedc52 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: a0ed4150-fd85-11e1-922c-f46d04160b67
Error - 13.09.2012 05:34:51 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fecf1b7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
Zeitstempel: 0x4e211485 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0x1704 Startzeit der fehlerhaften Anwendung: 0x01cd91926aef2a02 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 4429137f-fd86-11e1-922c-f46d04160b67
Error - 13.09.2012 05:39:27 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fecf1b7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
Zeitstempel: 0x4e211485 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xfa4 Startzeit der fehlerhaften Anwendung: 0x01cd91930ebf4f1e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: e8a9c680-fd86-11e1-922c-f46d04160b67
Error - 13.09.2012 09:18:07 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fecf1b7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
Zeitstempel: 0x4e211485 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0x4ec Startzeit der fehlerhaften Anwendung: 0x01cd91b19998711d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 748e900b-fda5-11e1-819c-f46d04160b67
[ Media Center Events ]
Error - 03.06.2012 07:28:56 | Computer Name = horst-PC | Source = MCUpdate | ID = 0
Description = 13:28:50 - Fehler beim Herstellen der Internetverbindung. 13:28:50
- Serververbindung konnte nicht hergestellt werden..
Error - 15.07.2012 07:08:21 | Computer Name = horst-PC | Source = MCUpdate | ID = 0
Description = 13:08:20 - Fehler beim Herstellen der Internetverbindung. 13:08:20
- Serververbindung konnte nicht hergestellt werden..
Error - 15.07.2012 07:08:35 | Computer Name = horst-PC | Source = MCUpdate | ID = 0
Description = 13:08:26 - Fehler beim Herstellen der Internetverbindung. 13:08:26
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 23.02.2013 07:53:35 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description =
Error - 23.02.2013 08:06:06 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description =
Error - 24.02.2013 08:54:46 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description =
Error - 24.02.2013 08:58:36 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description =
Error - 25.02.2013 04:19:07 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description =
Error - 25.02.2013 14:41:33 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description =
Error - 25.02.2013 15:36:11 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description =
Error - 26.02.2013 02:50:19 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description =
Error - 26.02.2013 10:37:15 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description =
Error - 27.02.2013 17:04:40 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description =
< End of report >
GMER GMER Logfile: Code:
ATTFilter GMER 2.1.19115 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-27 23:23:37
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\horst\AppData\Local\Temp\fgloipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007648102d 5 bytes JMP 0000000103ed2a04
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007621bbdb 5 bytes JMP 0000000103ed27b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000749fc664 5 bytes JMP 0000000103ed17b8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000749fe13a 5 bytes JMP 0000000103ed16e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000749ff8d8 5 bytes JMP 0000000103ed0df4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074a03184 5 bytes JMP 0000000103ed08c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetOpenA 0000000074a0d5e0 5 bytes JMP 0000000103ecdcdc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetConnectA 0000000074a2567e 5 bytes JMP 0000000103ecdd30
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074a25761 5 bytes JMP 0000000103ece320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW 0000000074a25865 5 bytes JMP 0000000103ed1750
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074a2632d 5 bytes JMP 0000000103ecfa54
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExW 0000000074a2f9ee 5 bytes JMP 0000000103ed16c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074a2fa49 5 bytes JMP 0000000103ed0ff8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074a5525a 5 bytes JMP 0000000103ecf2f0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007648102d 5 bytes JMP 0000000101f52a04
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007621bbdb 5 bytes JMP 0000000101f527b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000749fc664 5 bytes JMP 0000000101f517b8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000749fe13a 5 bytes JMP 0000000101f516e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000749ff8d8 5 bytes JMP 0000000101f50df4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074a03184 5 bytes JMP 0000000101f508c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetOpenA 0000000074a0d5e0 5 bytes JMP 0000000101f4dcdc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetConnectA 0000000074a2567e 5 bytes JMP 0000000101f4dd30
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074a25761 5 bytes JMP 0000000101f4e320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW 0000000074a25865 5 bytes JMP 0000000101f51750
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074a2632d 5 bytes JMP 0000000101f4fa54
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExW 0000000074a2f9ee 5 bytes JMP 0000000101f516c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074a2fa49 5 bytes JMP 0000000101f50ff8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074a5525a 5 bytes JMP 0000000101f4f2f0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [4156:1404] 0000000003ed3208
Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:2476] 0000000001f57da0
Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:464] 0000000001f57c70
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007a2bc2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007a2bc2 (not active ControlSet)
---- EOF - GMER 2.1 ----
GMER GMER Logfile: Code:
ATTFilter GMER 2.1.19115 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-27 23:23:37
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\horst\AppData\Local\Temp\fgloipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007648102d 5 bytes JMP 0000000103ed2a04
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007621bbdb 5 bytes JMP 0000000103ed27b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000749fc664 5 bytes JMP 0000000103ed17b8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000749fe13a 5 bytes JMP 0000000103ed16e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000749ff8d8 5 bytes JMP 0000000103ed0df4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074a03184 5 bytes JMP 0000000103ed08c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetOpenA 0000000074a0d5e0 5 bytes JMP 0000000103ecdcdc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetConnectA 0000000074a2567e 5 bytes JMP 0000000103ecdd30
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074a25761 5 bytes JMP 0000000103ece320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW 0000000074a25865 5 bytes JMP 0000000103ed1750
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074a2632d 5 bytes JMP 0000000103ecfa54
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExW 0000000074a2f9ee 5 bytes JMP 0000000103ed16c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074a2fa49 5 bytes JMP 0000000103ed0ff8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074a5525a 5 bytes JMP 0000000103ecf2f0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007648102d 5 bytes JMP 0000000101f52a04
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007621bbdb 5 bytes JMP 0000000101f527b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000749fc664 5 bytes JMP 0000000101f517b8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000749fe13a 5 bytes JMP 0000000101f516e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000749ff8d8 5 bytes JMP 0000000101f50df4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000074a03184 5 bytes JMP 0000000101f508c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetOpenA 0000000074a0d5e0 5 bytes JMP 0000000101f4dcdc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetConnectA 0000000074a2567e 5 bytes JMP 0000000101f4dd30
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000074a25761 5 bytes JMP 0000000101f4e320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW 0000000074a25865 5 bytes JMP 0000000101f51750
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 0000000074a2632d 5 bytes JMP 0000000101f4fa54
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExW 0000000074a2f9ee 5 bytes JMP 0000000101f516c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000074a2fa49 5 bytes JMP 0000000101f50ff8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000074a5525a 5 bytes JMP 0000000101f4f2f0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000747f1465 2 bytes [7F, 74]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000747f14bb 2 bytes [7F, 74]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [4156:1404] 0000000003ed3208
Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:2476] 0000000001f57da0
Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:464] 0000000001f57c70
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007a2bc2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007a2bc2 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
27.02.2013, 23:28
| #2 |
| | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? ADW CleanerAdwCleaner Logfile:
__________________Code:
ATTFilter # AdwCleaner v2.113 - Datei am 27/02/2013 um 23:26:38 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : horst - HORST-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\horst\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : 24x7HelpSvc
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\m8ccar48.default\searchplugins\11-suche.xml
Ordner Gefunden : C:\Program Files (x86)\AppGraffiti
Ordner Gefunden : C:\Program Files (x86)\Inbox.com
Ordner Gefunden : C:\Program Files (x86)\RebateInformer
Ordner Gefunden : C:\Program Files (x86)\SiteRanker
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\horst\AppData\LocalLow\AppGraffiti
Ordner Gefunden : C:\Users\horst\AppData\LocalLow\RebateInformer
Ordner Gefunden : C:\Users\horst\AppData\LocalLow\SiteRanker
Ordner Gefunden : C:\Users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\m8ccar48.default\extensions\AppGraffiti@AppGraffiti.com
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\24x7HELP
Schlüssel Gefunden : HKCU\Software\AppGraffiti
Schlüssel Gefunden : HKCU\Software\CToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Schlüssel Gefunden : HKLM\Software\24x7HELP
Schlüssel Gefunden : HKLM\Software\AppGraffiti
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Client
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Script
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Server
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RebateI.Rebate Informer BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RebateI.RebateInformImageGen
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{438B047C-C041-4D15-98CF-A97C6B366C28}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Schlüssel Gefunden : HKLM\Software\CToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB35C569-5624-4CFC-8043-E5139F55A073}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Schlüssel Gefunden : HKU\S-1-5-21-2779241894-3492057710-2065022195-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{ED76C299-85BC-4891-9237-74A140C28832}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.inbox.com/homepage.aspx?tbid=80195&lng=de
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80195
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80195
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80195
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80195
-\\ Mozilla Firefox v11.0 (de)
Datei : C:\Users\horst\AppData\Roaming\Mozilla\Firefox\Profiles\m8ccar48.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.97
Datei : C:\Users\horst\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [9820 octets] - [27/02/2013 23:26:38]
########## EOF - C:\AdwCleaner[R1].txt - [9880 octets] ##########
|
|
02.03.2013, 10:59
| #3 |
| /// Helfer-Team  | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Gygoofa] C:\Users\horst\AppData\Roaming\Azutw\xyvou.exe File not found
O4 - HKCU..\Run: [jwnenlmo] C:\Users\horst\AppData\Roaming\Txuftven\nnnkynlmo.exe File not found
O4 - HKCU..\Run: [userj] C:\Users\horst\AppData\Roaming\userj.exe ()
[2011.01.12 17:02:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[1601.01.01 01:00:00 | 000,243,712 | ---- | C] () -- C:\Users\horst\AppData\Roaming\userj.exe
[2013.02.15 14:56:01 | 000,000,000 | -H-D | C] -- C:\Users\horst\AppData\Roaming\Txuftven
[2013.02.13 15:03:37 | 000,000,000 | -H-D | C] -- C:\Users\horst\AppData\Roaming\ECE760EC
[1601.02.13 09:28:18 | 002,021,888 | ---- | C] () -- C:\Users\horst\AejXgDsajegOytnJGlDT
[1601.02.13 09:28:18 | 001,521,376 | ---- | C] () -- C:\Users\horst\OrEflnjsofgLdtEfg
[1601.02.13 09:28:18 | 001,053,250 | ---- | C] () -- C:\Users\horst\rLNDvgfxxNAtEyQDjT
[1601.02.13 09:28:18 | 000,292,352 | ---- | C] () -- C:\Users\horst\gAagVVUdvjLyQAp
[1601.02.13 09:28:18 | 000,290,156 | ---- | C] () -- C:\Users\horst\ONAVLtUDAuOadoAuOtlE
[1601.02.13 09:28:18 | 000,221,257 | ---- | C] () -- C:\Users\horst\qjGEussApEltnvGgDTNA
[1601.02.13 09:28:18 | 000,176,640 | ---- | C] () -- C:\Users\horst\jyXUjogeXpjAgfupNJa
[1601.02.13 09:28:18 | 000,172,032 | ---- | C] () -- C:\Users\horst\oVJrsjLXofGUxn
[1601.02.13 09:28:18 | 000,124,248 | ---- | C] () -- C:\Users\horst\oLTfoAvsaToEJdTa
[1601.02.13 09:28:18 | 000,029,184 | ---- | C] () -- C:\Users\horst\DjvyXgTxXrEOLlEeJ
[1601.02.13 09:28:18 | 000,015,865 | ---- | C] () -- C:\Users\horst\vjJsgspXtvsEqQNdsa
[1601.02.13 09:28:18 | 000,013,379 | ---- | C] () -- C:\Users\horst\aXUjtEqQdlaOyGUDTouG
[1601.02.13 09:28:18 | 000,012,818 | ---- | C] () -- C:\Users\horst\nyfuonxreNGnJLvsvrsr
[1601.02.13 09:28:18 | 000,010,036 | ---- | C] () -- C:\Users\horst\ypyUoAuLgqdNaDnve
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\horst\*.tmp
C:\Users\horst\AppData\*.dll
C:\Users\horst\AppData\*.exe
C:\Users\horst\AppData\Local\Temp\*.exe
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ |
|
06.03.2013, 19:10
| #4 |
| | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Hallo t'john, vielen vielen Dank für Deine Antwort, ich habe noch eine "blöde" Vage an Dich. Damit mein Kollege weiter arbeiten kann, habe ich die Festplatte ausgetauscht und habe das verseuchte System nun in einem USB Gehäuse. Kann ich den Vorgang von einer neuen VM Windows Installation aus auch durchführen oder muss ich die Platte wieder in das ursprüngliche Notebook einbauen? Vielen Dank Daniel |
|
06.03.2013, 20:53
| #5 |
| /// Helfer-Team | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Bitte ins Notebook einbauen. Die Tools sind nicht fuer VMs ausgelegt. |
|
28.04.2013, 16:14
| #6 |
| /// Helfer-Team | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ --> Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? |
|
09.07.2013, 19:31
| #7 |
| | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Hallo Daniel, es tut mir echt leid, dass ich mich erst jetzt wieder melde aber mein Kollege konnte mir das Laptop erst heute zur Verfügung stellen. OTL Code: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Gygoofa deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jwnenlmo deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\userj deleted successfully.
C:\Users\horst\AppData\Roaming\userj.exe moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
File C:\Users\horst\AppData\Roaming\userj.exe not found.
C:\Users\horst\AppData\Roaming\Txuftven folder moved successfully.
C:\Users\horst\AppData\Roaming\ECE760EC folder moved successfully.
C:\Users\horst\AejXgDsajegOytnJGlDT moved successfully.
C:\Users\horst\OrEflnjsofgLdtEfg moved successfully.
C:\Users\horst\rLNDvgfxxNAtEyQDjT moved successfully.
C:\Users\horst\gAagVVUdvjLyQAp moved successfully.
C:\Users\horst\ONAVLtUDAuOadoAuOtlE moved successfully.
C:\Users\horst\qjGEussApEltnvGgDTNA moved successfully.
C:\Users\horst\jyXUjogeXpjAgfupNJa moved successfully.
C:\Users\horst\oVJrsjLXofGUxn moved successfully.
C:\Users\horst\oLTfoAvsaToEJdTa moved successfully.
C:\Users\horst\DjvyXgTxXrEOLlEeJ moved successfully.
C:\Users\horst\vjJsgspXtvsEqQNdsa moved successfully.
C:\Users\horst\aXUjtEqQdlaOyGUDTouG moved successfully.
C:\Users\horst\nyfuonxreNGnJLvsvrsr moved successfully.
C:\Users\horst\ypyUoAuLgqdNaDnve moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\horst\*.tmp not found.
File\Folder C:\Users\horst\AppData\*.dll not found.
File\Folder C:\Users\horst\AppData\*.exe not found.
C:\Users\horst\AppData\Local\Temp\firefoxjre_exe-1.exe moved successfully.
C:\Users\horst\AppData\Local\Temp\firefoxjre_exe.exe moved successfully.
C:\Users\horst\AppData\Local\Temp\IPx64_1031.exe moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\horst\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\horst\Desktop\cmd.bat deleted successfully.
C:\Users\horst\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: horst
->Temp folder emptied: 84303998 bytes
->Temporary Internet Files folder emptied: 550066584 bytes
->FireFox cache emptied: 89152992 bytes
->Google Chrome cache emptied: 6754976 bytes
->Flash cache emptied: 1706 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 522472929 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 6814846 bytes
Total Files Cleaned = 1.201,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 07092013_212057
Files\Folders moved on Reboot...
C:\Users\horst\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
Database version: v2013.07.09.07
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
horst :: HORST-PC [administrator]
09.07.2013 21:45:37
mbar-log-2013-07-09 (21-45-37).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 254167
Time elapsed: 22 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.2 (07.09.2013:1)
OS: Windows 7 Home Premium x64
Ran by horst on 09.07.2013 at 22:11:19,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] 24x7helpsvc
Successfully deleted: [Service] 24x7helpsvc
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{183643c8-ee67-4574-9a38-927852e34163}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{54eca872-db2a-4c6b-bbb2-f3777c6786cc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{8736c681-37a0-40c6-a0f0-4c083409151c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{01c78433-6fdf-4e5a-a82d-b535c32e03df}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{41349826-5c7f-4bf0-8279-5daf1de6e9ae}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{604ea016-1ede-41e6-a23e-76cf8f2a4808}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{b3ba5582-79a9-464d-a7fa-711c5888c6e9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{e9bbd270-4b87-4ee2-912f-6635674986c0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{506f578a-91e1-46ce-830f-e2f4268e9966}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\24x7help
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\24x7help
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\appgraffiti
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\appgraffiti
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ctoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appgraffiti.appgraffitijs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4client
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4script
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4server
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\cshared.tb4server2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\rebinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebatei.rebate informer bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebatei.rebateinformimagegen
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\rebateinf.rebateinfobj
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\pcpowerspeed"
Successfully deleted: [Folder] "C:\Users\horst\AppData\Roaming\pcpowerspeed"
Successfully deleted: [Folder] "C:\Users\horst\appdata\locallow\appgraffiti"
Successfully deleted: [Folder] "C:\Users\horst\appdata\locallow\rebateinformer"
Successfully deleted: [Folder] "C:\Users\horst\appdata\locallow\siteranker"
Successfully deleted: [Folder] "C:\Program Files (x86)\24x7help"
Successfully deleted: [Folder] "C:\Program Files (x86)\appgraffiti"
Successfully deleted: [Folder] "C:\Program Files (x86)\inbox.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\pcpowerspeed"
Successfully deleted: [Folder] "C:\Program Files (x86)\rebateinformer"
Successfully deleted: [Folder] "C:\Program Files (x86)\siteranker"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\appgraffiti"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rebateinformer"
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{015B856F-9E8A-48E4-8A9F-6B9B93DC517A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{026666E9-CECA-4DC1-97AE-32208D550B51}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{033C8F07-3CFF-482B-B891-D628A6016B7C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{035E6B90-17E5-4160-90F0-8E7F1D54DBEC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{038C57A5-8F0E-48F0-A5FF-CD1D474357D6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{03ECC1F0-8438-40A0-9B82-174020E8975B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{04D229E5-7A92-4C08-83CD-8E079CB48225}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{05620130-13C4-4BAF-BD4D-CC44E867A6EB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{05631235-BD58-4D24-83AF-D384A8235A12}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{05A9C0EE-0B0A-4A1D-9B19-9B06F390686E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{06C60EC4-D550-4EE9-AFE1-A63DA50B73DC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{07AD8E7D-6EA9-464F-BDB8-7D03D8FD40B9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0A23DDE9-0082-42AD-B699-F6A1D85AF326}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0A4E5687-1E81-4543-936C-DBAF96508755}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0AAFDB9F-430A-46D0-92A1-3F481B8C4E3B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0AFE9750-89D3-40D8-98F7-4F702612471B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0BDBF03B-010F-4939-B78D-2F01A2F62582}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0E17B90B-C6DE-4C37-8718-FA625FBE2BC9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0F2A696B-9D6F-4590-8CE9-75A385456932}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{0F4ABD11-B53A-40B4-A351-827386B59BDC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{111B6D19-0FB0-4FF8-A122-CB608E55BF1C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1130323D-651D-432C-B0C6-9FF94118F97D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{113CAC35-89D0-400F-A1CD-166B5F93A45F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{118B8F26-4880-493A-AE9A-4BBCFA33FB9E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{12AA6C21-7831-4F3C-B0A5-F639CAF30B74}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{13046CEF-D2FF-4A2A-9AF3-696260355CCE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{134E69D8-79EC-4883-BBD3-F2047040E350}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{13950962-4BD8-439F-93A7-CCB2FB30A154}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{13CFBB87-6910-4964-91F4-A56498401BFD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{13E2E4FE-240F-4C45-9502-6F2B9D17EA79}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{143C6C18-03E7-42F0-B7F4-44B03B562249}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{144BCC3A-7413-440E-8DE8-12C5D41E010E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{147D4B2C-288C-4263-8BC0-96923FBF2F3C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{158F27FA-8CE2-4345-859F-8018EF4B9435}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{163BBEF4-CFAB-4E35-BA24-5B60303C90CB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1752550F-CAA3-4B96-9798-70D3055C9B57}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{182C8129-A651-4B00-A113-E3E647385D0F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{18509F25-2F4B-4899-9DC2-2E262D75D834}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{189AD2C4-C045-456F-91C8-27219031A751}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1B33064E-5B08-4B77-80A0-D436DCB82BA9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1B5E5B28-6F6B-4E37-ACB5-11BCC7F7E0F8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1BB5C278-B307-4E51-99C8-02912C4CB73D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1BEF7862-78AF-42EB-9AF5-2951EFA97EB9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1C4C78C7-77B5-48AD-8A76-E3A5C1F197E9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1CD9A2BE-21E4-4F87-93C4-F6B915363979}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1D15780C-FCFC-4A13-B4A9-3DACBDFF2965}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1D1A826B-4E57-4C9E-8AED-44372A8F6BB5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1D9E5DCA-22D0-473C-B57D-FA2483941306}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1E400B65-C071-4F7E-90B4-F71D87C106CA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1E719568-0341-4AA2-AB5A-285E7BCA5572}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1EB99E13-F3C8-4A52-B128-0B304B5C5DAC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{1F576606-FD49-4D9B-BC30-6ACA1685AD48}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{222B3FB1-B53E-469A-837A-938929EF8236}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{22503C2A-D205-4C84-B41A-31269575D496}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{23128B74-19E7-47FB-A39F-A3E4EB16C939}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{23ECAAEB-D5C8-43B3-8958-8CA76391C722}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{24285B98-C2C1-45E5-A148-AFA14DF16F18}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2452AD2D-F19C-4BF3-B195-C45BB35B9C33}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{24D7E314-1187-4A4E-9E30-ADAB16EB508C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{24E6585E-2C43-4A03-AD71-9668C766D446}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{256B1202-5D30-4D4A-9C99-13B50113A85C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{27251145-DD3C-4D95-8897-D5BB7A66FED1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{27B3AF9A-B0B5-4805-A19A-26B0EE98E35D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{286EBD7F-75AA-466C-9075-0E9EC3BD374B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{28FF55B4-3B0C-4CA7-AEA5-F0E6F2274B8D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2A0EA9DD-1793-4AA4-BE88-04A7C2B124AF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2A74984A-3A6C-4AC1-8EE3-9FDE5704D264}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2B175D90-A3FE-4F8B-95B2-30B5EB29D19E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2B758855-162B-4803-A5D0-ABA0C5E8E2BD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2C713A37-CBDC-475C-BE62-80C19A71E509}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2E9BC374-459A-4E06-AF58-55D9F7149E1B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{2F430392-5719-4A7B-B131-BDC611C907AC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{302E1237-BCAB-4A5B-A454-9E8AFBD4A7DC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{30D6D4D8-E147-4137-9C93-3B6C57E591F2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{314C246F-FB1F-4587-92CF-00ABDC4F5371}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{31740597-CDAD-49B3-99D9-A2EEF0FCA83B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{31C1EDFA-D516-4DD9-AAFE-0ADE8BA4249E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{323EF71B-988E-4E71-8FC0-F815636C0965}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3398A7D3-B818-4978-B2EA-3AD1274E81A0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{34427107-C7EE-4C32-BF24-E9F214269982}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3594C72A-0F44-48E7-ADD5-D991B0DD14FA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{35BE4D0C-60DF-445F-B7A3-E39E452A3FFD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{36ED0552-2908-4082-9F4B-C8091183E832}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3740342F-9F6F-4C8D-AE01-8FA9E9FE5044}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{374F9FF1-D606-4676-AFFB-B9DF5AB78540}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{387E0D20-B9DC-4C1E-899D-8C1648AA8EB3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{393B9EDC-4859-452B-87B9-DBE784F95CF8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{39673B52-910F-4C44-B3D2-8561C61C0C39}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{39BC630C-A9F7-450F-B29D-621F5B41C96D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3A28E4BE-342F-465C-A933-31754A5B5F4D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3ACD6657-1D16-4FF1-85D8-D8B85495F798}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3B078B4B-E9EB-427D-8B08-373149349A51}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3B3FE2B8-BE6D-49A1-98AC-A50D3CEA3726}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3B6AA5FF-10E9-4431-8863-856348E902D4}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3B9D939B-5A39-4106-906A-8D3EEB84E669}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3BC4103E-F050-493F-B205-C42026C0A38A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3C71CE10-6C98-494A-ABDE-8AD1E70F9C60}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3CAE5119-9A6A-4744-B35C-78306D805219}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3DADFA23-F822-4227-A6F0-87A527BA0D04}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3E181963-8E12-43C7-859F-888EFC7D81C1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3E66AD16-40ED-4E22-9523-1B90A1EF39C5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3E790BC8-CB84-4DFC-AC7E-373BDF3BDBB0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3F0AF1A7-142C-4360-846C-F75AF018F5F5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3F8766EE-4703-4C7B-873A-876C4B3F816F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3FD25C04-9A94-4395-8FC0-4936BFFA2EDE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{3FE18420-D140-4A99-98C7-B4D83F05B836}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4039E53C-F4B2-4F8C-9AA8-717E11A5B01E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{407CA7E0-168F-4022-98D0-46AE0E9F9FBB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{409ED659-0A65-4629-8E84-EBF16D1B6B85}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{419640B4-A606-4ADB-AA90-AFDF49F48BE6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{41D804EA-159C-4D44-B15B-7292278937A0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{42201B9F-1C6E-4BDA-AA17-9CBEDF482819}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{428839CE-47F6-4158-828B-B31348BCDDB7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{434A0E10-DFD5-4D10-A060-3078E4FA3176}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{442E2AC7-64E0-4C6F-9E57-B321C8141F1C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{44B417C2-FEB5-4149-9F51-55E8BBFED042}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4553EBD8-4324-496C-9D2D-A85A49CD8E66}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{45A99501-ECAA-47E7-BB0E-BF375236D5EC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{46371903-6968-4A8C-A6DB-815C368214CC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4690B344-7497-4DD9-9048-6F7F49F88D0D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{46E838EF-060A-41B3-9060-2755B0B64F83}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{47C35201-6234-456F-A8CB-1A0D3DB51BB0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{47C770A5-D63E-4F2C-A8C2-BB5D551CCBD1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{47F037F1-64FF-49E2-AADF-018361F19A24}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{48C943AC-537E-4E82-A225-493AC3BD7720}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{492F4CAC-E03D-4322-8C2A-AE6D815A8FBC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4AAEB51C-B7E7-43B7-B032-50D1CEA501A4}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4AE3E847-EC3B-4697-99D8-FDD7388ACDEC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4C9A9D14-3298-4550-9B55-87D952AA98AD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4CB46395-2B83-46FB-A5B2-2180B23DD125}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4D9512C7-DB86-4B4B-B3F0-CC2667F3ACFC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4DBC45C6-DA07-4C5F-A5D0-FEA6C92F8289}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4E029681-DF76-46C0-AC6F-BF3D0C7B47E7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4E1BA1E5-013F-4265-B4A2-1745260B0F71}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4E62612D-1689-43CD-9971-EC6761E7657B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4E64A219-6AE0-44B5-9C0A-32EC148F0F64}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{4EA75905-8731-461B-98A3-560DB64DDEFC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5051E83D-1845-4B2E-A1F6-B9832E76CCFD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5060C84E-E8EF-4BEB-A006-ECD9E439F648}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{50F56F41-E99F-422D-9A08-072D63CB389C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{518FC5BF-5AF0-4523-95C6-BC80BFA0382C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{51DE09E3-5810-411E-BB98-40741253CE3F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{51E7ADC7-A402-4D12-8215-09B5D82C50E1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{51F9D794-4F5E-4904-87C8-A9CBFE5928EA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5227B765-E785-4A23-8FB8-02992EE23327}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{52A84EA0-E4A7-49A9-85FD-BC00AF31D49E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{52C2AFBA-937D-45F5-98A8-61057116C95F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{52F8F336-E14E-4F0B-BA99-92A53E921F81}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{53E37334-9CE2-4D35-A06E-0D97DA745B79}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{546B0C57-DBAB-4993-B202-46C3380E3C43}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{551FB06F-9173-46E3-9A74-CEE40209650E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{55AE8E11-F517-44BE-83FC-EBA5BB6F6F4B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{572055F7-71CC-41F7-887C-F657ADE5A9B8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{57EA49D7-5545-4C22-ADCF-C9D2418B04FA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{58E62D4C-E983-4191-8C09-5F3D1D7F2577}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5A79019A-2EE6-4CE3-8F79-6AA4CF9C47E6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5AACE012-E400-4726-8EAB-F18C3C75C542}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5B3117DC-0D5B-46BA-BAEB-63F3F0F06DE5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5B85641C-63E5-4F9F-B868-5BE629FA5178}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5CC4E11A-7B92-4425-AD53-BB3B1294B0A9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{5DA7F854-6FE7-4117-9A61-8FB96B224552}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{60BF9367-9CC2-4AC5-BCF4-FBC84CAFB612}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{61B644A6-F3C6-43F2-A98A-5449DD2DC5E1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{61C4A34A-EFE4-4F77-A986-F3A57468FE19}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6236F636-2CC6-479B-B1DC-DD9707445147}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{62ACCD1E-9CAC-4BC3-A023-F44431E19FF1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6365C269-7610-44AB-89A5-6151142C8799}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6386C427-35AE-4530-9507-08AFC04EA125}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{63CD8F91-8998-4F30-8368-6F4ED542452A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6480F0A8-814F-4B5E-BA01-B7F0342D720E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{652E0AB8-242A-4C6E-BA45-91EEF05530E7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{653436F5-5F5F-4EDE-8FB7-6D65F0884357}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{65B8F7DB-10DC-48F1-BD14-CE57C644DAE6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{66E915F9-BCA3-47F6-A72E-24733DD51856}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{674C5F6B-747E-4A90-AE20-59351CEA3D13}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{67530ABF-6B98-49BB-937F-4AA81AA7498B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6793D44F-7048-419E-9C05-565FE77E97E7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{699CFEE1-5B07-47AA-B622-0D8CB948C146}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6B36D0E1-8E53-412F-8044-CDBD2C08519D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6BDFC61D-BE5B-4DA0-B154-9D0C2503EAF0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{6C623950-BCBC-4A54-9046-4526327702CD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7063290F-200F-47EF-8FA0-72E769239CB0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7234D681-8D0E-489B-A33A-0824E1CD9D9F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7263DAC1-56DE-4E4C-A05A-140C6D22FC13}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{72AD29F1-2FD9-4D07-B044-BD3C25D0B551}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{73976354-628F-4AB2-B229-450920FC2004}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{74363069-F036-455B-9ABB-94B6F4ED260C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{74BBB46C-DF05-49C5-BE15-636E16212235}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{75100ACC-760C-42CB-A980-7DFB9095D390}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{75130C58-C5F7-4C91-8FE2-846CB560BCDE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{751B64A6-5879-4B30-87C2-589EEA69F9E5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{755454E2-4967-416B-AB87-58B7EC4E794D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{76056613-070E-4F42-94D4-E5E04093722C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{78A4E79E-39E8-409D-8CBC-510EC3FDF8F9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{78D720A9-C906-42E2-8B65-93FF3E80910F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7AEC25BB-F701-4304-8138-A69D6943AF77}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7B1358F4-776C-4284-8152-E7EAAF2DBA38}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7B4373D5-6530-41A3-9C6C-8D85C3EE1A66}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7B48104E-52F1-42B6-AB25-0AA00E4FE5FA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7BCBF346-6C8D-427A-8AE8-C07D587A7148}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7CED4AB2-A9AE-4AF2-801A-10A31A4AC3D0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7EB9A4F0-B906-4B30-ABFB-265B9B8EA65D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7ED96272-DEF1-4A1F-BC00-CC84D32FB9F6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{7F3D0400-0753-4B45-8BC3-7C523E612CA9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8098D992-0CAD-45C2-8424-0888E84C48AC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{80BEF188-369F-4A02-A1A8-296F1B8104CB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{82BD269D-9607-4D3C-82FC-B017E6D43A16}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{82E842DE-7A3B-4374-89C7-D9CCE3AD52CC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{83949EBE-2AB9-42FF-8E69-C307E96F0631}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{83B60AE1-9032-4374-B408-1C3FC821BD81}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{841DF695-9536-453A-9157-39E32BD60F40}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{842BFB5D-FB07-485B-92C5-CC546E9ED638}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{84AB3399-E4FC-464C-9C79-1F1DDC96526C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{84DB9C37-2B9E-4EC8-99E9-A01E7FAFD0A6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{852CAFE6-8D1A-435D-B186-3FC2789EF875}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{85741D59-EE3B-4260-877B-A083ECCAB041}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{85915343-23F2-421C-8433-4FC1160A3BC4}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{85A65000-2CE2-4D9E-8B30-82EB5C5D17D4}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{869C5145-4888-40DD-A7CE-A3E7D6BE327F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{86F80C53-3225-4BFD-A74E-968512FBE4F9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{88AA8C5B-2032-4029-9E0E-3B6775E42A66}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{88C29723-2972-4C18-850E-3BE7B47113BB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8AD7B7D3-7C7F-42E3-8507-B65C5280B271}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8B5AC7B8-1A24-41FF-A0D2-5E263CC3AD8F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8D39D436-74A6-4BFE-A5AF-759551F716D7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8E05C82C-42B0-42E5-9362-6611BEB024F8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8E8B1C78-D1A0-45A2-BE31-146BCC2FBE2C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8EC7B27A-BE57-4A5B-A5CC-E86EDD4FAEA2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{8F508478-D580-4ADE-BC19-02406547768C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{90101D78-86E3-484C-975B-4A7EE6EA5226}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9039E3E5-5B3E-439D-8147-39AC6D49FE6B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{91085567-0E49-4FCD-9306-2DFCD854EBB2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{935FF7C7-D18C-41D6-8BC7-B0B8FF7F38DA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{93605185-666A-4BE1-8F39-1D3F3575C93D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{93C22D5E-AEA1-4643-9F9A-F04D92118D8A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{94A62C66-2B4D-4C4F-90AA-94CF1AF80A78}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{97877D81-0325-4DBF-8B21-24BFA9DDF3E7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{984D9D2A-EDF6-431E-9910-23E437C87800}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{999B4AC9-5C75-4F0D-857B-2C85CF84B58A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9A7C8195-4287-4CFE-BCB1-BD5D1C2AA922}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9ABFFEC2-A2CB-4709-BC0D-D258E882C8FE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9B5683CA-BF66-4F6E-B396-9AA845511A02}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9C3E2832-7EA5-4385-87FC-88BAC59C0320}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9CEE6264-570E-4B26-8BD0-1CC354AAB276}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9D34130F-23A5-4633-83DA-1CDDE65CAFF8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9E14EEE0-1228-4977-A842-3893ACD909FB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9F091765-CEF9-4551-87C1-7011696B8A61}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9F1458A4-9831-48DF-A61F-8DE380F4EBBF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9F9F2885-4A93-44AF-B4EE-3D754E3F057B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9FCFD40E-5450-4E13-AB64-9A93A84C9601}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9FE469C8-D577-4F31-BA56-0C820CB9E0F5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{9FE579CA-40A6-45BD-B8A4-E039CD544C67}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A0DF0EF2-E1DF-4089-9AAC-6A672514813B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A0F40164-0E9F-4356-AE90-461935E49520}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A171A6A7-610C-406E-B179-3DA7718228BC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A1D2FBC1-E786-4245-B62A-E9DE305D6AE8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A1F8A0EC-9D8C-459A-B4EE-5E9F2C13C703}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A2186CD5-6684-4D4B-9592-ACE0A7D4E5A8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A2944FDE-1162-4859-BE09-FB3275519A73}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A2AA98B8-A147-403C-B8B8-5DC3BA527998}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A2DA642E-6CC0-4DFC-8495-25F9D1873A45}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A439570F-538E-419C-A15C-F0F157D36152}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A481F8B1-A7F9-4145-BC52-E3BAF41C402C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A53FB92B-DCA1-4CBC-9A0A-D74C5C85671C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A56021B0-0391-4AD6-AAB0-712953E3E3BA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A5F53AF9-C555-4C14-B11F-C5F0AD34FC88}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A6562A74-8406-4B4C-9005-2776E3C1CD15}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A65AE561-563C-4410-98FE-5A5E3EA745A0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A67E9F9F-F5EB-45EA-B01B-04D9DB9B7779}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A6A49A38-8544-4560-962E-ADB8EFFEBC26}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A71B0058-5C6E-4EE7-AAB9-B639119943EF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A836B2E1-F894-4C80-92B7-3EAE235D0445}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A984DEAF-17C6-4295-BB62-CBC6B4A02D8B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{A9C856D1-E156-40EA-A68C-8AD3C1F6F3D3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AAC033B1-7832-4F5B-8260-843082B26573}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AC43CDDF-734A-413F-A3BC-AEF4950E0FD0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AC46F151-5DF9-4761-B52B-DB79E1ED886D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AC90016F-A4FB-478F-AB6D-B3F8E637EC6C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AC9369D4-363E-40CB-BB65-FDD0744B39AA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{ACB289B5-D35F-458E-837E-4D15BCBD4D3F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AE1A4499-5EC3-41EB-BCCC-19C4F90DE13B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AE31EAE2-688A-44B8-86C6-3429F6C5DB37}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AEEA4A97-EC0A-4FCE-9B4D-4D877BB979D2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{AF7A793F-A84D-4E4A-8637-37CA8A994C93}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B00FADE1-6021-4FDC-946D-5A741FCC9213}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B030DA6F-B1A8-481D-86E9-2D943BEDD37F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B0540704-256C-46E2-94A3-D5CC00EE8219}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B1BEF1B0-D985-4EB9-8D8D-2C080909B2AA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B1E93F98-F452-49DB-BA0C-871499A9032D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B1EAB351-DA93-4957-9EA9-A0152CD9BC39}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B240FB65-16C5-4FE3-A580-7696EF0FA300}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B26BBB6D-30A0-4238-AD56-4CFB94DA2FCF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B3D164ED-E528-4F90-8A2D-63113FB38916}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B4524BDD-716C-485D-BCA8-4EC2263BE830}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B4BDD813-4539-4405-BE2D-1DB2FCE1EBDA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B4E44542-1DB6-40E3-A845-45BAD556F9BC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B5281BCA-8A32-4271-A307-DEB4C420316E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B5F3AD13-B3E8-4382-BC86-77B38616C4AE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B7430050-B29B-4B44-8405-ED5456E57274}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B82DB15B-1B47-4A1F-BB7D-898F4DD863DE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B83259AA-C238-44F9-8C24-F57CDA7F90CD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B8791E6E-083F-495F-A408-ECDB1DD95F0D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B8973AEE-543C-42CC-9FCA-386510598912}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B966201D-2122-4A71-9F09-6B68F5D1605F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{B9F7CBCC-7A89-460A-AD7C-06E5E77032D9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BA6144E2-E3E9-48A0-8FFA-A54204D174F6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BA941A2B-CA87-42B9-AEE2-2018FF4CD15D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BAB53742-0E5F-459A-84D3-FF853D663649}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BAD664E6-BA86-48EF-BC4B-30FCA3D80743}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BB00A3A0-4F2D-4E98-9340-C633EE6F14AE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BB2139D7-96F9-4E8E-AEB3-50AE51BC372F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BB65C46D-D19A-416A-83F3-E8774B8900B7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BCC4486E-0E3E-4040-89DA-9A1A5089CF68}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BD153D0E-7E99-4655-9E8F-07AEA55F3BFE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BD3F9A3C-956E-4753-93D5-E6C6B9C9820C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BD45E561-3E31-4952-A8B6-7F1897174E8B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BD860D1F-5903-4490-8FC6-70D5E4D4EF14}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BDB1EDF3-4F07-4B8E-9110-66317AF25B8D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BECD95AA-7489-4BB4-88E2-4DD224DB51F5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{BFB952EE-19A9-43CB-A365-BEF80164F7C0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C0616D97-8DC0-4015-9F50-8420F51EB480}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C11A653A-F938-4BA2-AFE4-952EDCB22349}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C1B62BCB-25EA-4D22-A200-1AEAD3069BFC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C29C133E-1D39-48BB-BC38-E50D8FC27139}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C2A9A891-C3AA-4102-B5CB-650A518FA248}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C376E0FB-33CE-4AB6-8811-A6C842EBF046}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C3B641DD-9659-475F-8371-CBA9E9B19D6C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C48D1A08-4A08-47F9-8AFE-E360B72F4427}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C4CBB172-44E2-4A47-B5B3-5175820AA764}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C4D8DD8F-BA44-4552-B2A6-4B5103B3064F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C4E5C0C2-CC2A-42AC-BB08-4D5A611D20D6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C507F532-5D34-4004-ACB8-22F9BDE4A00D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C5753F16-1BAC-4875-A893-319056BEDD09}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C74820BF-D6B6-489C-B3D9-47B266F03C65}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C75D574A-653A-4804-980D-F8506FE75547}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C840FF71-746A-4F70-8F4B-AC0276C88B2C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C97991A0-653A-4BC5-9F85-CBBB53AFA1F7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{C9FDDC4B-1CE6-48C8-B129-A28EA8BDDFCD}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CB5572B8-356C-4640-9443-569C2439AE06}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CB57E9B6-76EE-4AAC-B7D1-A16AF669BBAA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CC10F449-E07D-4484-9979-0086AD3EEC16}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CCEE3E38-3DBE-471A-A7AD-4F2ECF70D935}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CDE790B5-A741-4107-818D-94D361F39667}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CE47A1FC-6EB2-47A7-8C06-2039DF88C1C3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CECC6588-607B-4E00-A8A1-A6BB8F874CAA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{CF734D8E-5C3B-48F9-8DD3-E334D4E9C49D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D0675921-5CB6-4EE2-9D40-D6D7EE83E544}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D1837D0B-DB7B-41C6-B1AB-1ADBDFCEE7B8}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D1A169A4-8D14-4EA0-9313-233154D0A495}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D2818443-9CB5-4A0B-AC59-CF2F9CEA56B6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D4BC713D-4D36-453A-B255-8B64C0C3B1CC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D5155E5F-3FC7-4957-997E-963ED75EAA08}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D5257B1F-05A6-4F18-8B6E-3E08E52AD109}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D5932939-F2C5-4804-9C8F-C6E62DB842B5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D6C6DF2F-52EF-40F5-80C9-40D786049420}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D6FC8460-D41C-4C00-B566-2EBABE2835CC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D70DA121-5199-4A50-B30A-AB59AF791F39}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D92EA4F9-32A1-4E0C-9DC0-C394B3B5A976}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D9A8D8C2-7653-4377-8D89-6CA3B90129BF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{D9EBE4F6-10EE-4170-A603-B0CF6068A560}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DA1188CC-6C96-488B-A48F-1FBCB8465E2A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DA567C99-97FE-46A1-BF63-E469FF3610B7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DA86739F-F3EA-43F5-A710-954111E3AA5F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DAC6E282-0450-48BF-A87B-A5971DF3C3C3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DAE760B4-9A9D-49D3-954C-43B245FCBB9C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DBC15C5D-455C-463D-B31B-BA9899376988}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DD4E0032-B01A-40ED-A9E2-38E9D63AAE68}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DD9028C5-49F2-4B73-83AD-A340555F253D}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DD9762B4-37C3-4237-99D0-A9A85747C609}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DDA9F38C-6D34-4901-9E06-E66DD5D616AF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DEDAC9D2-8046-462D-9ABA-A5BBB927BF65}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DF03D06C-A3FA-471F-92AB-495C0A0A54CA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DF73949B-7234-4E85-9329-0F1169343D94}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DF99FFDD-EBA7-44F3-92DA-70F989B4AF74}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{DFA5B2D3-1337-45F2-AEDF-B90698E3F941}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E2838B2D-9FC3-4161-8200-AEB01ABA5481}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E3C69BEC-824B-4763-AD29-3DB326D3F19A}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E5DB6A41-4418-4986-8DA4-81815E839F96}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E5ED1D70-D420-4B50-9A15-35B2804D10B7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E6294DF9-1482-4464-8A1A-AB074F9E10FC}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E6BF8B8D-1CA7-4EF4-8237-D45D00794273}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E746DA4B-4114-4C12-BB91-5A439F1A113C}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E75DE664-2F04-420F-B23F-BCF79F01979B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E7DBE4FF-A333-41E9-B1E6-82BAABCB3B01}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E85AE1ED-A62D-4487-8833-1F5096A35BC3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E86AEE8F-5E30-4ED4-8F2C-D104AC04123B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E8FFB9FD-DE3F-45C1-BAD4-0B48851535E5}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E9B7DDFD-2C8A-40A3-9628-F5702879E940}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{E9EC2749-EB8D-42C9-A2F1-FA29721BC776}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EA3F551A-ADC6-4C1D-AD7D-24FAD67DD5CB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EA5AB803-3B00-40F5-8A99-B458338F7049}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EA686A0C-3409-419B-89A2-85BC7F9D3F54}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EBAE1865-0967-4C27-B3A5-2C3F0B9C7DC4}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EBC981EE-5F6E-4CE1-A585-2DAF244B4959}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EC3E3737-E3B5-4C0B-AB70-16EEA9AA11E9}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{ED87E034-D190-4CF4-AD65-0EBFFD8C8A11}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EDB4685F-CA54-4838-8494-7D763618AAEF}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EDCE4B2B-069F-433D-9B5E-38E2ED7D6BB2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{EF8A453B-87CF-46BA-AF45-36B35484490B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F158389C-96FA-4069-B37C-3F80590115B1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F1D62AC5-9AF6-415E-A384-49AD7AFB7910}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F2355858-DD49-4E7D-BC4E-0C643912FB55}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F2B9ECAD-6920-4850-B28A-D8227373DBEB}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F3099D76-A7F6-468E-ADAB-D0942DE15D0B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F3234477-52F0-45EF-9866-2FD03E488C5F}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F34B4AD7-0B89-4716-B8F4-9BEC2D69861B}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F3807E2B-BD4D-4E8F-A8F7-AF4FC78C35C2}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F4256103-7666-491F-B295-86791701D8B0}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F47B0726-635F-4B62-83B6-A3A57EC93A8E}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F54B3449-DD18-4409-B358-B47AF29EE8A7}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F5CC14B9-126D-4DDA-B31F-9FAA72EDCFCA}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F5CD7442-EFFB-4332-83B5-6B8ABF114598}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F5ECE9A1-4E91-47BD-9AFF-69EFC138E818}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F664FA4F-A781-44D9-9E97-884FC6ED5DB1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F74F0087-5346-4D33-A0C5-2C766B7E2F85}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F7DA0EB3-BB5D-4796-8EBE-A8E9736893CE}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{F8A20F0A-F147-4E5F-B004-A25D2F089B30}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FB93F39D-6B95-4F8A-B10B-3190AED3EEB3}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FBB5481E-6F39-422E-B062-6E9AAB79ADC6}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FC8543CC-227B-4E64-A3B4-F03B425209C1}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FD16BDBF-9307-4130-BB75-B40E17611786}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FD4BAEDA-E437-4CD8-8849-CD1851829C11}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FD97DD6D-E6DF-4748-8283-C010F992C649}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FE73CCE7-32F9-4D0D-9349-012AA3912BED}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FF454EB7-5ED2-4E47-9D45-38ECF0688A03}
Successfully deleted: [Empty Folder] C:\Users\horst\appdata\local\{FFECE7DB-3186-4E30-AD9C-2417E7761D34}
~~~ FireFox
Successfully deleted: [File] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\user.js
Successfully deleted: [Folder] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\extensions\appgraffiti@appgraffiti.com
Successfully deleted: [Folder] C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\extensions\staged
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\siteranker@siteranker.com
Emptied folder: C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\minidumps [16 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.07.2013 at 22:15:46,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
10.07.2013, 18:25
| #8 |
| /// Helfer-Team | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? ok!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
10.07.2013, 19:22
| #9 |
| | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Super vielen Dank! Hier das ASW Log Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-10 20:14:00
-----------------------------
20:14:00.707 OS Version: Windows x64 6.1.7600
20:14:00.707 Number of processors: 8 586 0x2A07
20:14:00.707 ComputerName: HORST-PC UserName: horst
20:14:02.829 Initialize success
20:14:30.223 AVAST engine defs: 13071001
20:15:01.438 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:15:01.454 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
20:15:01.563 Disk 0 MBR read successfully
20:15:01.579 Disk 0 MBR scan
20:15:01.579 Disk 0 Windows 7 default MBR code
20:15:01.594 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
20:15:01.610 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 244189 MB offset 52430848
20:15:01.626 Disk 0 Partition - 00 0F Extended LBA 340688 MB offset 552531968
20:15:01.657 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 340687 MB offset 552534016
20:15:01.797 Disk 0 scanning C:\Windows\system32\drivers
20:15:13.014 Service scanning
20:15:45.727 Modules scanning
20:15:45.727 Disk 0 trace - called modules:
20:15:45.774 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
20:15:45.774 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005142060]
20:15:45.774 3 CLASSPNP.SYS[fffff880013b943f] -> nt!IofCallDriver -> [0xfffffa8004b1e910]
20:15:45.789 5 ACPI.sys[fffff88000f93781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b22050]
20:15:47.162 AVAST engine scan C:\Windows
20:15:51.093 AVAST engine scan C:\Windows\system32
20:18:43.789 AVAST engine scan C:\Windows\system32\drivers
20:18:55.579 AVAST engine scan C:\Users\horst
20:20:16.884 AVAST engine scan C:\ProgramData
20:21:07.210 Scan finished successfully
20:21:54.572 Disk 0 MBR has been saved successfully to "C:\Users\horst\Desktop\MBR.dat"
20:21:54.572 The log file has been saved successfully to "C:\Users\horst\Desktop\aswMBR.txt"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=126085e05a7e9f489e169c3e91428410
# engine=13257
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-28 08:25:44
# local_time=2013-02-28 09:25:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 66 85 40520270 113669794 0 0
# scanned=36228
# found=0
# cleaned=0
# scan_time=4699
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=126085e05a7e9f489e169c3e91428410
# engine=13259
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-28 11:55:47
# local_time=2013-02-28 12:55:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 66 85 40532873 113682397 0 0
# scanned=413279
# found=1
# cleaned=0
# scan_time=10431
sh=FE5AA6537A7AF2AD5A7268973DB825F5CF07DE0D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\HORST-PC\Backup Set 2013-02-18 131410\Backup Files 2013-02-18 131410\Backup files 1.zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=126085e05a7e9f489e169c3e91428410
# engine=14346
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-10 08:23:30
# local_time=2013-07-10 10:23:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 66 85 51971736 125117660 0 0
# scanned=403013
# found=2
# cleaned=0
# scan_time=7139
sh=91995D94CB0B57F540C98CF0F34FC599C7376C68 ft=1 fh=ba222c6d0688f8dd vn="a variant of Win32/Kryptik.AVXQ trojan" ac=I fn="C:\_OTL\MovedFiles\07092013_212057\C_Users\horst\AppData\Roaming\userj.exe"
sh=FE5AA6537A7AF2AD5A7268973DB825F5CF07DE0D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\HORST-PC\Backup Set 2013-02-18 131410\Backup Files 2013-02-18 131410\Backup files 1.zip"
Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Trend Micro Titanium Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Out of date Malwarebytes Anti-Malware installed! Java(TM) 6 Update 21 Java(TM) 7 Update 5 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 11.0 Firefox out of Date! Google Chrome 25.0.1364.97 Google Chrome 28.0.1500.71 ````````Process Check: objlist.exe by Laurent```````` Trend Micro UniClient UiFrmWrk uiWatchDog.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
11.07.2013, 19:54
| #10 |
| /// Helfer-Team | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Alles Windows Updates einspielen, inkl. Service Pack! http://windowsupdate.microsoft.com Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck Aktualisiere:
|
|
13.07.2013, 16:15
| #11 |
| | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Hallo t'john, nochmals vielen Dank für deine Hilfe aber ich will nochmals sicher gehen, dass wir beide das selbe Ziel verfolgen. Mir gehts eigentlich nur darum, diese verschlüsselten Daten auf irgendeiner Art und Weise zu entschlüsseln. Wir haben das System auf einer neuen Platte komplett neu aufgesetzt und alle Updates usw. eingespielt. Gruß |
|
13.07.2013, 17:52
| #12 |
| /// Helfer-Team | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? |
|
14.07.2013, 11:17
| #13 |
| | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Vielen Dank für deine HIlfe, ich habe nun auf der D: Partition doch ein Backup mit Windows Bordmitteln gefunden. Wenn ich nun eine verschlüsselte und eine original Datei habe, kann man dann damit etwas erreichen? VG |
|
14.07.2013, 11:42
| #14 |
| /// Helfer-Team | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Du solltest dir nicht allzugrosse Hoffnung machen. Die meisten Dateien kann man nur durch Schattenkopien und Backup wiederherstellen. |
|
17.07.2013, 22:32
| #15 |
| | Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? Es hat sich nun erledigt, das Windows Backup hat mir die benötigten Daten geliefert nun ist die Sache erledigt. Sagmal, wenn ich Die Platte Low Level Formatiere, kann ich die dann weiterverwenden oder könnte noch theoretisch ein Virus drauf sein? |
|
| Themen zu Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? |
| bingbar, boot, boot cd, dankbar, dateien, daten verschlüsselt, dokumente, eingefangen, entschlüsseln, gefangen, gemeinde, gen, heise, install.exe, kaspersky, kollege, liebe, microsoft office starter 2010, msn deutschland, netter, ntdll.dll, nvidia update, nvpciflt.sys, plug-in, rechner, schlüsseln, sonntag, troja, verschlüsselt, virus eingefangen, was tun?, wichtig, win32/kryptik.avxq |
Linear-Darstellung
