| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Guv und E-Mail Delivery ProblemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.05.2013, 22:45
| #1 |
 |  Guv und E-Mail Delivery Problem Hallo hatte vor einiger Zeit den BKA Trojaner auf meinem Pc hab es soweit geschafft das er bis jetzt nicht mehr aufgetaucht ist. Seit gestern wird mein E-Mail Postfach mit hunderten Mails die ihren Absender nicht erreichen können zugemüllt. Habe einige Funde mit Eset und Malwarebyts. Hätte gerne Hilfe bei der Überprüfung und Bereinigung. Danke Code:
ATTFilter OTL logfile created on: 26.05.2013 23:02:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,38 Gb Available Physical Memory | 79,94% Memory free 15,96 Gb Paging File | 14,12 Gb Available in Paging File | 88,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 690,75 Gb Free Space | 74,16% Space Free | Partition Type: NTFS Drive D: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.26 23:01:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.07 17:42:40 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.23 07:25:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.23 07:24:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe PRC - [2012.11.26 16:09:20 | 000,573,024 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.22 13:20:22 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.22 13:20:18 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2013.05.17 07:05:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.17 07:04:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.03.07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll MOD - [2013.03.07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll MOD - [2013.03.07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll MOD - [2013.01.10 09:35:48 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 09:35:37 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 09:35:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 09:35:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.16 07:11:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.23 07:25:12 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.23 07:24:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.10.14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.22 13:20:22 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.22 13:20:18 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.04 03:37:13 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37) DRV:64bit: - [2013.04.23 07:25:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.23 07:25:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.23 07:25:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.04.06 23:43:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.04.06 23:43:38 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.10 14:52:00 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.10 14:52:00 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.07.29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 37 51 61 D2 97 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE456 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.10.09 18:04:27 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Michael\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28E644A4-B088-4A69-8BBC-E031A6DFF6B8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.09.11 00:46:44 | 000,564,218 | R--- | M] () - D:\Autorun.dbd -- [ UDF ] O32 - AutoRun File - [2007.08.31 20:16:25 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007.09.06 08:18:49 | 000,004,039 | R--- | M] () - D:\Autorun.txt -- [ UDF ] O33 - MountPoints2\{e2877e80-03c0-11e1-92d7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e2877e80-03c0-11e1-92d7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe -- [2007.09.14 07:34:33 | 000,132,416 | R--- | M] (Macrovision Corporation) O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.26 23:01:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2013.05.26 22:51:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{44F915F1-BE97-403D-95A9-FAA2BE8DAF7E} [2013.05.25 23:20:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{02CF1C4B-55AC-4FE2-944A-035500DF9D72} [2013.05.25 00:10:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{22717D86-FCB1-4D72-8CDA-FF6BDB65AB17} [2013.05.24 08:19:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7188C3E8-5ADF-462E-A9F0-DA340544B362} [2013.05.23 22:07:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{CE429DE4-6BF6-4CBE-9EA7-085DA973E6DC} [2013.05.22 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B966BF51-FCAB-4AC6-85AE-928D82ECE6CE} [2013.05.21 19:21:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{60257324-7915-42A4-959F-7261D8B4849A} [2013.05.21 17:14:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{6DFEC746-BD6B-4116-8700-61D32860B826} [2013.05.21 04:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.20 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5987C990-A22B-47BD-9724-08D255AD2296} [2013.05.20 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5C747B03-84B9-4516-A7F4-A0739DD923DE} [2013.05.20 04:15:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{FC276344-0302-4744-AF02-009F3FAE1937} [2013.05.19 16:49:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{BFFE6FD9-FEA6-45A4-90AE-270E09580AD9} [2013.05.17 21:05:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F6CB7BB1-69FA-4340-8CAF-983C8A989F52} [2013.05.17 07:06:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{422930D0-B636-46CA-9F88-333297AEC370} [2013.05.16 07:07:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F3AF719B-C85F-4C1B-B746-1B21BA0A2ED6} [2013.05.14 08:08:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{5C818CAB-B0C0-4B6A-A7C8-95B22838E9DE} [2013.05.13 07:13:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{7B9AACB9-BE60-4B86-9A98-1F5A39646E21} [2013.05.12 18:16:18 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{81B73316-4FD5-41F2-BBE1-B6F607253A89} [2013.05.12 18:07:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{6D9ABE48-BBC1-4B8F-B26B-0A15ECF43B85} [2013.05.11 22:19:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{45D4BFA1-148D-49FF-9D81-4C9D2D9C5697} [2013.05.11 22:18:05 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2013.05.10 22:46:53 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{EE8D926D-EA9C-4ED5-AD88-C33C0945909A} [2013.05.10 20:27:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F47B6CB7-89F1-4437-8441-3F5A8DBEDF8C} [2013.05.08 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{F80D56F2-BF46-42C0-9743-AFD02CBB2BB3} [2013.05.07 17:43:35 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{578C940A-0C27-4290-88FE-61434C0D9F34} [2013.05.06 20:53:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{DA7ABC83-A740-4B13-B781-4F26CF971AD1} [2013.05.05 14:09:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{05F8722C-D1BE-4822-85EC-74B0F5BEC24F} [2013.05.04 13:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.05.04 03:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.05.03 17:28:36 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{12BE1E96-2F0A-407F-AEA6-934E91B72746} [2013.05.03 02:25:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\BugReport1 [2013.05.02 21:26:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B6F57F5A-C6BC-4A86-8A98-2B316FB080F7} [2013.05.01 22:32:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{B655216E-7FED-441F-83EE-E074F7589B80} [2013.05.01 03:36:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{E64DA07A-EA51-48B6-9E91-3584310479E1} [2013.04.30 00:16:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{D0C41B48-31B3-4AC0-96AD-2A8A18A0A5F9} [2013.04.28 17:16:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{0A6B2A2E-94F2-4FD6-97AE-25F05289699D} [2013.04.28 01:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ [2013.04.27 18:03:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{FEF1AC6F-13CE-4A7C-BF84-E44E344276DA} [2013.04.27 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{310F2E09-EE1B-49D1-A3BB-F1019F29C619} [2013.04.27 14:00:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{76D60E98-7EC0-451C-8A0D-EB27CA991BD0} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.26 23:01:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe [2013.05.26 23:00:26 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable [2013.05.26 22:34:12 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.26 22:34:12 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.26 22:31:51 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.26 22:31:51 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.26 22:31:51 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.26 22:31:51 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.26 22:31:51 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.26 22:28:09 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.26 22:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.26 22:25:36 | 2132,733,951 | -HS- | M] () -- C:\hiberfil.sys [2013.05.26 10:13:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3315472771-574270051-2816021824-1000UA.job [2013.05.26 10:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.26 10:07:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.21 19:13:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3315472771-574270051-2816021824-1000Core.job [2013.05.21 04:02:39 | 000,000,748 | ---- | M] () -- C:\Users\Michael\Desktop\Internet Security 2013.lnk [2013.05.17 07:02:51 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.07 17:43:26 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 14:32:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\of0dzj.pad [2013.05.04 03:37:13 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2013.05.04 03:36:02 | 000,000,660 | ---- | M] () -- C:\Windows\SysNative\.crusader [2013.05.04 02:34:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\otolfot.pad [2013.05.04 01:14:59 | 000,000,153 | ---- | M] () -- C:\ProgramData\otolfot.reg [2013.04.27 08:45:05 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.26 23:00:26 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable [2013.05.21 04:02:39 | 000,000,748 | ---- | C] () -- C:\Users\Michael\Desktop\Internet Security 2013.lnk [2013.05.05 14:31:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\of0dzj.pad [2013.05.04 03:37:13 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2013.05.04 03:36:02 | 000,000,660 | ---- | C] () -- C:\Windows\SysNative\.crusader [2013.05.04 01:14:59 | 000,000,153 | ---- | C] () -- C:\ProgramData\otolfot.reg [2013.05.04 01:14:55 | 095,023,320 | ---- | C] () -- C:\ProgramData\otolfot.pad [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.05 09:55:21 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin [2012.03.05 09:55:13 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.11.11 18:13:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.10.31 16:20:59 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.31 15:20:55 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe [2011.10.31 15:20:54 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll [2011.10.31 15:20:54 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL [2011.10.28 12:08:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.09 07:29:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft [2013.02.09 07:01:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.29 23:11:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Might & Magic Heroes VI [2012.10.09 18:04:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenCandy [2013.03.19 04:20:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoftGrid Client [2011.10.31 16:22:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TP [2012.01.17 01:02:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.05.2013 23:02:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,38 Gb Available Physical Memory | 79,94% Memory free
15,96 Gb Paging File | 14,12 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 690,75 Gb Free Space | 74,16% Space Free | Partition Type: NTFS
Drive D: | 6,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCA3834-A8CE-4356-91D4-FD165D55D3A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{1634136F-61C7-42F5-8CA8-3829FAAA15F1}" = rport=137 | protocol=17 | dir=out | app=system |
"{18E71BE3-0257-45F8-99FC-576F4594CFE9}" = rport=445 | protocol=6 | dir=out | app=system |
"{2AC7F5F2-2179-4754-A80B-9ACDBE8E5414}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{36001E02-9511-4148-A1CB-5BFBDEC106D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4093E066-F5BA-4265-97B9-E71852A0CD7F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4B92CC98-33BE-4676-B464-4C637956F827}" = rport=138 | protocol=17 | dir=out | app=system |
"{A12E3E2D-C14B-4101-BD9D-25A1F4F979C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A802133D-F076-48F8-9E71-A1787244B02E}" = lport=445 | protocol=6 | dir=in | app=system |
"{AB8C58D3-00D3-46E2-86F3-9D515B52EC19}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B000326E-D0A3-4089-99E6-C4AA7C5E7C74}" = lport=137 | protocol=17 | dir=in | app=system |
"{C407048E-1A02-469F-81DE-7C3750FEC3B8}" = lport=139 | protocol=6 | dir=in | app=system |
"{ECE6714D-8CD4-4C5E-8424-9DF3E7223BED}" = lport=138 | protocol=17 | dir=in | app=system |
"{F5C48E3C-01FF-4899-8C9A-DFE3AAC76F98}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F31979-F3CE-4CF1-9AED-A03527B0F630}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{08254108-BE65-4E94-9E72-43595BB7513D}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{0A4357EF-F1FA-471E-A460-BD6A5724CBAC}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{0DB513B7-B296-478C-9E6A-575C0C79729E}" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"{1A124D59-C4E0-472C-8C61-F37AE5D8D911}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{237B0849-502D-457A-9B2A-2BD428BE7571}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{23F2B678-9E02-4CB0-A92A-A19F01399D72}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{2FB65FF3-1DA6-4381-946C-B77CAB1201BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{300B4EA3-0E19-4C0B-95F9-295394A4278F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{396A0929-5972-479A-A738-30F8B45C51A5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{424D14F0-2AD6-4448-B0B6-47C12F1F1A84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{43E61A1D-A9E3-49E3-A5D0-E3E524BA65EF}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{46A7495F-15B2-4FFB-A6BB-377ED1F79845}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{48A6A251-401E-40C2-BB1A-4CC73F334C73}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{4A8BAA03-696F-4A92-8DC7-0273EA5C14D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{50B21174-A1D1-4F29-ADFF-1207BE8013B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52A768A5-8DFC-4B3C-BA70-7AEF2D0D8D78}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{5ECDD369-C613-4378-8EAF-E27F71C2D939}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{69A56E0F-04A6-44B0-B5BF-25FEF3127BB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{77E14D4E-403D-45C3-9B92-93F9CF2BF1A1}" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"{80D64F81-49EB-4841-A8C0-11451EC85E09}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{86CB2C5D-CE1C-4662-ADEB-324CD1398A37}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{89BFDADA-B784-44A6-913A-3219791E6515}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{90616361-8883-4F98-A042-F10F71ED71B4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{9C56BA08-EFCD-442B-8BFB-E143BF062644}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{A0D2D4B2-0561-4127-ABE4-2ED2D598596B}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{A5BCDA97-0D7F-4641-AAC2-6971017BE14F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{A74C229C-6205-404B-93F7-45EB47BD859C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A80A50C9-FBCE-4EEF-BF7E-B95FC9227D70}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{BCF98A06-365E-4769-887D-2FFA9C0BEB84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe |
"{BD0ADC10-6247-418E-AE23-BCBAA0479FB5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CB2112DE-B2ED-4182-9BDC-3D442FF41D80}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{CE176AF2-57F0-4BD5-A9D2-9B5C611637AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CEB0A350-DAE0-44D6-AB4B-7E5E7B7C82A4}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{D4587E3C-D791-4178-95B5-972734FF04A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{D6C35CCD-83C8-4E9E-90B2-D449587365BF}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{DBBC4C3C-A053-4473-890F-E23E6D166AB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EA8321CF-DC9A-43A7-BC48-68A536433B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{ED4760AE-90E4-4494-A764-CD9B9FADDC6F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{F3513547-D4F9-4FEF-8EB9-335337B35CDF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F74A392B-6122-4C62-B02B-89A7A65265DD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"TCP Query User{821A4437-9E3C-4679-8E22-4450EA2B2510}C:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe |
"UDP Query User{8F03911D-35F5-4F5D-9AA3-84CE636361B7}C:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\bugreport\bugreport.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40F95BFE-36CF-481F-B7D9-8D8F2F3369F9}" = TSDoctor
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DC0FCEDB-11AE-4D88-8633-537292C3E705}" = Commandos 3 - Destination Berlin
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BH - RT" = BH - RT
"Company of Heroes" = Company of Heroes
"ContentMod_2.6" = ContentMod2.6
"D-Fend Reloaded" = D-Fend Reloaded 1.3.2 (deinstallieren)
"Diablo II" = Diablo II
"ESET Online Scanner" = ESET Online Scanner v3
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"G3QP231012008_is1" = Questpaket 4 Update 2 Deinstallation
"Green Devils" = Green Devils
"HaaliMkx" = Haali Media Splitter
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PokerStars" = PokerStars
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Steam App 40390" = Risen 2 - Dark Waters
"WinLiveSuite" = Windows Live Essentials
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.10.2012 16:11:51 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften
Prozesses: 0xe00 Startzeit der fehlerhaften Anwendung: 0x01cda17efdeaeb5e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Pfad des
fehlerhaften Moduls: C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Berichtskennung:
91583613-0d96-11e2-ba70-5404a67f4cb8
Error - 03.10.2012 18:35:11 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0046cede ID des fehlerhaften
Prozesses: 0x13f8 Startzeit der fehlerhaften Anwendung: 0x01cda187f78028c4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
97471daa-0daa-11e2-ba70-5404a67f4cb8
Error - 03.10.2012 21:12:55 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000030 ID des fehlerhaften
Prozesses: 0x9dc Startzeit der fehlerhaften Anwendung: 0x01cda1b785596f8c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a042cebc-0dc0-11e2-ba70-5404a67f4cb8
Error - 03.10.2012 21:34:43 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xcb0 Startzeit der fehlerhaften Anwendung: 0x01cda1cd90850aa4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: abe3a05a-0dc3-11e2-ba70-5404a67f4cb8
Error - 05.10.2012 06:07:24 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000d7bb4 ID des fehlerhaften
Prozesses: 0x2c8 Startzeit der fehlerhaften Anwendung: 0x01cda2aa509d3828 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
74d16d43-0ed4-11e2-8ae0-5404a67f4cb8
Error - 05.10.2012 16:26:02 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00199b9e ID des fehlerhaften
Prozesses: 0x118c Startzeit der fehlerhaften Anwendung: 0x01cda315a0c9b95f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
e103dfaf-0f2a-11e2-9598-5404a67f4cb8
Error - 05.10.2012 16:30:44 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Name des fehlerhaften Moduls: DAOrigins.exe, Version: 1.5.13263.0,
Zeitstempel: 0x4eb1a54c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000d7bb4 ID des fehlerhaften
Prozesses: 0xb84 Startzeit der fehlerhaften Anwendung: 0x01cda337be006c43 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Dragon Age\bin_ship\DAOrigins.exe
Berichtskennung:
890f02c7-0f2b-11e2-9598-5404a67f4cb8
Error - 07.10.2012 13:43:44 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
Error - 07.10.2012 14:26:40 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
Error - 07.10.2012 14:45:16 | Computer Name = Michael-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
[ System Events ]
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Multimediaklassenplaner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 26.05.2013 16:27:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 26.05.2013 16:28:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 26.05.2013 16:29:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts)
durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 26.05.2013 16:29:07 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-26 23:27:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SM rev.1AJ10206 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwliifow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74]
.text ... * 2
.text C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74]
.text C:\Users\Michael\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2648] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074f01465 2 bytes [F0, 74]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074f014bb 2 bytes [F0, 74]
.text ... * 2
---- EOF - GMER 2.1 ----
Exploit Drop GS Trojan Agent.gen Rundll32.exe Trojan Fake.Ms Trojan Agent.gen HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run/ctfmon.exe Logfile von Eset ist leider nicht mehr vorhanden Danke für die Hilfe Muss ich die Funde aus der Quarantäne löschen? MFG Meister G Geändert von Meister G. (26.05.2013 um 22:52 Uhr) |
|
27.05.2013, 09:03
| #2 | |
| /// Helfer-Team  | Guv und E-Mail Delivery Problem Zitat:
(Reiter Logdateien) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
[2013.05.05 14:32:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\of0dzj.pad
[2013.05.04 02:34:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\otolfot.pad
[2013.05.04 01:14:59 | 000,000,153 | ---- | M] () -- C:\ProgramData\otolfot.reg
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Michael\*.tmp
C:\Users\Michael\AppData\*.dll
C:\Users\Michael\AppData\*.exe
C:\Users\Michael\AppData\Local\Temp\*.exe
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
27.05.2013, 12:55
| #3 |
| | Guv und E-Mail Delivery Problem Hallo hier erstmal die Logs von Avira und Antimalware. Hab gestern, nach Treaderstellung einige Games und nicht mehr benötigte Programme gelöscht, muss ich jetzt otl und GMER nochmal ausführen und die Logs posten, oder kann ich wie beschrieben fortfahren?
__________________Code:
ATTFilter Exportierte Ereignisse:
25.05.2013 23:24 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Michael\AppData\Local\Temp\BDF8.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Fake.Rean.2121' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ec1af47.qua'
verschoben!
25.05.2013 23:24 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Michael\AppData\Local\Temp\C77B.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Fake.Rean.2121' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '566980fd.qua'
verschoben!
25.05.2013 23:23 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Michael\AppData\Local\Temp\BDF8.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Fake.Rean.2121' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
25.05.2013 23:23 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Michael\AppData\Local\Temp\C77B.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Fake.Rean.2121' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.05.2013 04:03 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Michael\AppData\Roaming\amsecure.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a047876.qua'
verschoben!
21.05.2013 04:03 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Michael\AppData\Local\Temp\23642372.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.176162.2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '414e5797.qua'
verschoben!
21.05.2013 04:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Michael\AppData\Roaming\amsecure.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
21.05.2013 04:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Michael\AppData\Local\Temp\23642372.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.176162.2' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
21.05.2013 04:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Michael\AppData\Local\Temp\23642372.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.176162.2' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.05.2013 04:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Michael\AppData\Roaming\amsecure.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
07.05.2013 17:44 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Michael\4475414.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.R.279' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59a0b51f.qua'
verschoben!
07.05.2013 17:43 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Michael\4475414.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Reveton.R.279' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
07.05.2013 17:43 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Michael\4475414.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Reveton.R.279' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.05.2013 02:53 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\otolfot.js'
enthielt einen Virus oder unerwünschtes Programm 'JS/Agent.480412' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59c5f3a5.qua'
verschoben!
04.05.2013 02:52 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\otolfot.js'
wurde ein Virus oder unerwünschtes Programm 'JS/Agent.480412' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.05.2013 01:15 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\otolfot.js'
enthielt einen Virus oder unerwünschtes Programm 'JS/Agent.480412' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '560ad7d2.qua'
verschoben!
04.05.2013 01:15 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\otolfot.js'
wurde ein Virus oder unerwünschtes Programm 'JS/Agent.480412' [virus] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.25.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Michael :: MICHAEL-PC [Administrator] 25.05.2013 23:23:13 mbam-log-2013-05-25 (23-23-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 217264 Laufzeit: 3 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\jzd0fo.dat (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
27.05.2013, 14:51
| #4 |
| /// Helfer-Team | Guv und E-Mail Delivery Problem Bitte die Schritte abarbeiten: http://www.trojaner-board.de/135599-...ml#post1070983 |
|
27.05.2013, 16:39
| #5 |
| | Guv und E-Mail Delivery Problem otl Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\of0dzj.pad moved successfully.
C:\ProgramData\otolfot.pad moved successfully.
C:\ProgramData\otolfot.reg moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Michael\*.tmp not found.
File\Folder C:\Users\Michael\AppData\*.dll not found.
File\Folder C:\Users\Michael\AppData\*.exe not found.
C:\Users\Michael\AppData\Local\Temp\aoe3x-106-german.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\AutoRun.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\eauninstall.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jinstaller142_19.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\standalonepatcherX.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\The Godfather The Game_uninst.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp1CE2.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp230A.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp30C0.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp3F9E.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp41EF.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp5FDA.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp8046.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmp981A.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmpA285.exe moved successfully.
C:\Users\Michael\AppData\Local\Temp\tmpAA33.exe moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Michael\Desktop\cmd.bat deleted successfully.
C:\Users\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Michael
->Temp folder emptied: 328592526 bytes
->Temporary Internet Files folder emptied: 6341585741 bytes
->Flash cache emptied: 108152 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 475912285 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95672 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 2133 bytes
Total Files Cleaned = 6.815,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05272013_164759
Files\Folders moved on Reboot...
C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16576
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8570269696, free: 6570565632
Downloaded database version: v2013.05.27.05
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
05/27/2013 17:19:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800929a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa800929ab60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007d93060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8007ad9060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007d93060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d93b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007d93060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007ad7520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007ad9060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 535D54EB
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1953314816
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800929a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007c12b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800929a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800929ab60, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D2270544
Partition information:
Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 31262490
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 16008609792 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 27/05/2013 um 17:31:01 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Michael - MICHAEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Michael\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=e882c2ee-ca2a-4b36-8c2d-3152a76849b8&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
*************************
AdwCleaner[S1].txt - [2913 octets] - [27/05/2013 17:31:01]
########## EOF - C:\AdwCleaner[S1].txt - [2973 octets] ##########
|
|
27.05.2013, 17:33
| #6 |
| /// Helfer-Team | Guv und E-Mail Delivery Problem Bitte das richtige MBAR Log posten (siehe Anleitung) Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ --> Guv und E-Mail Delivery Problem |
|
27.05.2013, 20:22
| #7 |
| | Guv und E-Mail Delivery ProblemCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.05.27.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Michael :: MICHAEL-PC [administrator]
27.05.2013 17:19:40
mbar-log-2013-05-27 (17-19-40).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 232388
Time elapsed: 5 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Michael on 27.05.2013 at 21:18:15,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0151EA77-6F7C-4F2D-BDC4-EFE8E5A329BA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{017ECDCE-2CC8-499B-93CB-652492EB57CF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{021B0CEB-04C5-40EA-BD6B-630B0B80F72C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{023D7E98-F054-49EF-84FC-A808B5AEB06E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{026ADA08-6FA7-4F8B-9C8D-6FF94BD82F87}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{027BE3B6-7D11-4A49-95E7-66A4AC30A6AB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{028D8F8D-A8F4-4986-8E8B-16971B69A704}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{029FDAF1-2007-42E8-9827-0BFF3CF5A4AD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{02B149B1-AC3C-4485-B84A-FA5A6FDF0B24}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{02CF1C4B-55AC-4FE2-944A-035500DF9D72}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{02EA636A-D1A4-4711-8E88-8066E48F5BFB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{031D0614-959A-4C7C-BC51-F7418A162A01}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{03477F02-4EF4-4110-800C-759DC0F94FAC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{03EC691F-77F1-42EC-913D-A78B851DD6A7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{049C0F21-AF0A-46D1-8661-3114EF687E23}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{04D3BADF-DA25-49B4-A461-912662877591}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{04D4B7A8-A06E-473B-B192-D547D543B4D8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0566A59A-819F-4393-862A-0C55278A228C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{05AB608F-7F53-43D7-BF15-CFBBB15ABEB6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{05F8722C-D1BE-4822-85EC-74B0F5BEC24F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{063B4A8A-C54E-4750-9D05-EE0F16B0F111}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{065FBF7B-EFAD-41F4-875F-CE596EA9E599}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0674F5E1-F519-410D-A540-6ABA3FDD6979}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{068C38F4-0C0F-43DD-99E1-351AC389765E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{07CFA64F-2916-4079-82CF-73EA513912DD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{082F8BF1-81D3-4495-9B02-72F437CA7FBF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0898AC32-F46C-4FF2-B9DE-2895CAA8B94F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{089B594B-A1A6-47DB-8BBD-B7085E3258FD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{089B786B-2C71-40BE-B854-A8BC3526791B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0924014C-DBF4-485B-9185-43A53851C882}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{09AF5D22-9603-428E-8956-0901D27BDD69}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{09C10C89-FFDE-4B12-9A87-CEF9EFED9DB5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0A511864-F16F-4531-8766-03C1B837EFB6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0A6B2A2E-94F2-4FD6-97AE-25F05289699D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0A878EA7-E022-4D14-9946-89FD4D43A8DE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0AA869B2-093F-4244-9C69-35AF10027475}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0AF71F4D-629E-409E-B194-A951F9624049}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0BCA9FD7-A338-4AE7-A29E-9091CD1A19A2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0C55A0A0-A4B8-4843-949F-33F9F16B5B4D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0CC1CD70-C81F-4FB4-AE55-E164CDE2137D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0CC25522-7A35-4B4A-9A71-7D7EEBA0BCD9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0D3ABD07-D6C3-4815-BF83-3ED02A55DC5B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0DF46A3F-181D-4F74-AF3B-2FD78E1F6B65}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E762CD7-6020-49DE-8760-8D39CD0669D5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0E950A94-14C2-44C1-83EE-A28A8688C07D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0EE6E5AB-F091-469A-BAA5-BAFB23B10A9B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0F047245-62E1-4FD3-B66D-DCFE4E968972}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{0FB286D4-9716-43E6-81F0-21E46DC3B5EC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1017A19F-8368-4647-8B68-7817C971F04A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{10E4FD72-2F6E-4CD8-99C3-F2E48D5B0BBF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1101F50D-916F-4A74-8825-D26FAC4F7A07}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{115297E5-AEEE-4C00-A903-959ADED8D911}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{11890572-476A-45D3-906D-3344D26090D5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{11A79D5A-4F5C-4ED1-8F6B-6E80AECE29B1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{12BE1E96-2F0A-407F-AEA6-934E91B72746}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{12D49E0A-6DF4-4A63-8B4E-814FA82205F6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{12DBD530-8F83-47B4-94C4-58D6A7DB9499}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{14147918-C859-4E3A-B35A-7B12E5822BA5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{157DD684-1B23-4F7B-AE3B-2FE3E9F202F3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{158E7ABB-2590-406B-A4EA-814C063D247B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{163E0034-FD8F-425A-92D9-5226A52B5187}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{167D97BF-56CC-48A0-B08D-1C4B0E14A5C9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{16862D31-CC4E-46B8-B9FB-7FD4ED3C0EDC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{17745DC0-E7CC-4EB4-9E7B-750E05C5103F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{177EA65D-9AF5-49F9-8E99-F1832F30F075}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{18F30739-8EE0-428F-AD52-FE08402482D0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1903DB33-6E24-4439-8C56-5C5958CBBC8D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{196D363A-8992-4C4C-A897-94BCA6A4B957}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{19CD2A14-E3B0-46D7-B340-F91728C092AC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{19F902AA-640B-4B64-B5DA-FCBAFE6D876E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{19FC2F12-70B2-47B0-8458-2B2E05482A43}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1A15A6AD-1AA8-45E1-AAA9-146FA1B9576B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1BB295C4-8F97-4C80-9FFE-8CAD002CCC98}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1CF141F0-0AF0-4704-A2DF-96CEE2F49E49}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1D2E351F-0E02-4860-8999-146F79CAE7EA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1D4DB878-6FDA-4617-AB47-7CABE023D2D5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1DA23F04-A7E5-47D7-A998-2607CB3750BD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1E7B278F-7A95-4F1C-82E6-9F95133D94F7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1E8775D9-8A0B-4081-BF38-DBEE9617A93F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1EB4AFEA-C21B-4294-B0C2-2BC2290E158B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1EB641BD-45D0-49A2-AD86-22AFCE1F4609}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{1ECF5F73-CA91-4339-80DB-15B1AB68C411}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{202368EE-F79D-48E0-B830-7D6101F25ABD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{203CE659-2E49-4FF3-B441-52175426DC14}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{209EDE89-5E35-40EE-BAB6-117C0AD67408}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{20D3C560-61B4-4FF1-B4C1-CBF78B9E1A47}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{217B4C65-008E-4C36-8E5E-8FA69C4DFB0E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{21C2B1FA-EE32-4787-AD00-783CD15FF0D6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{21E70524-FE04-4214-95F9-5E4B2C92E59D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{222B1A35-2EC6-4ECC-816C-CA052760D54B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{223A490F-B928-4A35-8DD9-2C44C4AF1F4F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{22717D86-FCB1-4D72-8CDA-FF6BDB65AB17}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{22F0EF8D-B834-4778-9288-B89218BC4B48}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{23BB15D9-C4B7-4064-ADB4-CB5EEAB9C33B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{23E54B20-E54C-4A42-9A27-008457256550}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2462C64A-04BF-40E8-92FC-D82579AF45DF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{259C25AB-A5A4-4115-A284-C3F5B8905BC8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{259FCE16-0276-4DD7-9996-B7787166BD0E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{260EBCE0-1287-4F00-85A5-D1E9ED51A03F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{27ED0F9E-C399-4F09-815D-9A20A4D76EDC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{283C11FF-727C-4A27-A1BE-081C88D7D5CE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{288E3A47-3B15-4EBD-B13A-988163AE616E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{293F251F-0438-4F97-A863-54A34C5FEB34}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2A24D401-B83B-4B71-9B78-5672D30EB73A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2A4F4D91-67AB-4032-9FED-670B2A6711DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2ABEDD95-2D9E-4C32-9D9B-2D1B3C895C27}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2B394169-187D-4A8E-A4C4-61BC2AC75D9F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2B6B2BC0-87CC-4669-98EE-5BD65CC6F3FF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2B6D6734-3F29-4FCE-A3A1-E321054E7064}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2D9321A4-F2E1-4541-A783-6400D2E6BC92}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2E6C2BDE-8339-4C61-B166-F9689A5D9DC1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2F56B26B-8681-47EF-B5E4-D1E5946FDA94}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2FB1E478-33AA-474A-B86F-EAEB093033F9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{2FC2B418-F30B-4F56-98CA-94BD73960E4F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{302AAE70-9715-49AE-A307-41C1AD381016}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{310F2E09-EE1B-49D1-A3BB-F1019F29C619}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{311BF7E5-93F7-424E-B37A-B913424C3853}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{32298098-4CE6-419D-BECF-E7C887B7E2E7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{32BC40A9-D516-4A0F-AAF6-A75FF9CFAB63}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{32E47A1D-CCEF-4196-8F79-CE374B66C376}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{32FFF58B-9C36-40E2-A330-48DF5BD7FDC6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{33BA1EE0-DC51-4844-8443-6AB0012B01F3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{34DD7D1A-3AD9-4090-AB5E-4F71467DA858}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{355A958E-2516-4D82-B8C4-AE6E94E82ACC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{357762C4-A6CD-4E6B-8463-099EA562AC4A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{35B7EE77-842F-4EF9-ADA1-F4DDBC307BF2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{35FFA324-64AE-4060-BBBB-C3649772C993}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3612A26F-39C5-47A7-97CF-11DB0584F8AA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{364CEB3B-8CEB-427B-AC95-1BED914A4C2D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{366E9036-14B8-40DB-8285-B14873E9954F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{36A5A988-E6D8-4992-B7B4-4D0041C1E10D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3711FF60-57B7-424F-B82E-0165BE8E9296}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{38504683-9D66-4B61-B2B4-2CF57E3BA5F5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3A6350D8-BEB0-462E-9956-FBFDC556240A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3AB03452-BB4A-49A1-ADA1-4CEAF3C4F480}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3BDB45C6-D760-48D4-9B73-1B2E6C1557C9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3C44917D-9C74-4963-8DC7-7B8097A6A9B3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3CC34964-510C-4716-9EC2-DAE8A81961E3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3CC5B09D-F4FB-430F-BB0F-E794E7D655F2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3D53ECDA-925E-40DF-86D2-4B805466D121}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3E371329-5505-494B-957A-672CD499830A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3EC5266D-28BC-4F7D-A25A-070E4D136D67}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{3FE58DA2-7706-4985-93A6-E77E8D97748F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{40763355-B49D-4610-9B0C-1D48D01AF8E7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{40AD864F-0CCA-408A-B6BB-84D0CD63BC24}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{40BAA6AB-4827-4188-A24C-4B9B26ACF66B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4107C86B-449B-48C6-8356-91A360DD9351}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{41278F5F-1235-4A8A-A6BF-08B01DB4EE21}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{414487D3-7AE4-4133-9DA2-FE9924742610}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{41DDA1B9-45A0-40B7-834F-2AA4A714D917}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{422930D0-B636-46CA-9F88-333297AEC370}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4229FE43-5028-40CA-948A-5204BE2CD4F2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4254C308-CD12-41D3-ADDD-8C3C02728F37}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{42737AC8-4482-4AAD-BD9E-B682A27E2229}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{427DE144-693C-49D4-9BA1-51E2024567A7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{436C8FAD-E2A9-498E-AEC4-26A471CA8701}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{443B1613-554A-4290-9345-ACA769DEFCEB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4474B99C-68A7-47CE-B013-92DDEDB9E50A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{44D3F327-3164-40BE-86F9-6ADE736CB4FB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{44F915F1-BE97-403D-95A9-FAA2BE8DAF7E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{45160FC6-C1F3-4CBE-B711-AD86B34E43BE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{452B4057-E3DD-424B-B14B-F01002E9F97B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{45BE01E3-5F92-4F1E-9F3B-FFB0ABDDFE77}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{45D4BFA1-148D-49FF-9D81-4C9D2D9C5697}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4630561F-FA22-441A-9A24-0D0B0B223264}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{46919480-4F4D-4CEB-A516-8B3CA862C9B8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{46C4EB01-EC8A-4AFD-896B-51006FA96E16}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{47866A0F-F5F0-4DD8-9EC0-9C7A08156407}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{47FCC2CC-127E-47D1-9521-58E66870CBE9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4920EFD1-F380-4E57-9BC4-F2D29315AF68}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{493739D8-E2C7-4875-80B0-4826F9491688}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{49DDA66B-CC8A-45AD-A3C3-03071DB5F65A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4A941321-1D30-484B-8DC0-4CFAD74881A1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4ABB55A1-F4AA-4CA7-8240-D5914D09FC1B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4ADC4660-9E07-43D0-BF8A-94227E1B3B97}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4B1AD4C2-4862-4F2E-B70D-DD9C167A00CD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4B243832-E761-49F0-B6D5-7BEF8FE326A4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4B614A43-9534-4C4E-B25E-BC738426A8DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4B628F37-FB90-4379-98A0-A37C05059572}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4B9A2572-4366-4FD3-810D-F5B1834359A9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4DBFECFD-0BEB-4EB5-A161-D6C80593287E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4DC12DC9-89C0-4E27-B490-08FE85959D76}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E185679-6398-4D2E-83C2-39B6816BF453}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4E288B39-25EF-4003-AE76-04DE0D669140}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4EF1FF0D-D4B2-4499-9477-AA86EE886A51}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4F1AB97D-C916-41C5-AA12-4D41A69197EB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4FED927F-4CBB-4AB1-9C49-573CA2D14058}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{4FF14E7E-9B2A-49DE-A070-84F698F105E5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5073FF30-C797-49D6-93EE-685972F54E34}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{513596C8-1353-4A6B-A6B0-F45BD74AF297}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{51AAED73-6C61-445B-90FB-A5FDE928390A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{522525E3-CE2D-4E76-A584-40D04A65FC32}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{524FEDA9-DB98-496C-9553-F66C6BE66196}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{527B0909-11F2-4F84-9C40-0B545BE5A5EF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{52F95D61-DF1A-4FFF-8F67-B824345D4FA8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{54773482-714D-47F4-8F21-0EAC76DB5CAF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{547C8B41-017E-4397-B6B2-F998056B3CDD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{54BCAD0D-8B66-46C2-862A-17B68C7979F6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{55A21DFE-62E5-43AE-BE6D-6A78DC656972}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{55B6CA0D-F2C9-4362-A282-E9F106A87181}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{55D151A9-F965-4459-AA9B-057A81F9A617}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{567296A8-0F2A-4FA1-86EE-3246CBF738C2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{572A631C-4C75-4DEB-93CD-7E0F956CD702}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{578C940A-0C27-4290-88FE-61434C0D9F34}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{57DA5D80-D602-4256-B207-956C8792B915}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5808F704-50C9-4BEB-A067-73D8EF379D32}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5850A077-9BF3-4AA6-AFF2-B9CBB461113B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5956CEF1-91A6-46A4-9988-76FBBE0B0F9A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5987C990-A22B-47BD-9724-08D255AD2296}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{59AD6134-C1CE-4C6F-BF62-544849651BAC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5A38BCF8-ACD1-4A0A-9C7B-E2992CC22C69}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5A83D408-22F6-47B0-8E3B-E5F0BEE0CB08}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5A8421EF-5474-4B77-B093-B810B7B80EE6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5B9D02CE-C30B-4EED-BE74-EEEF910A4CF3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5BFE0D0F-0EFF-4A55-83C6-F4D05E0F394F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5C5215FA-4478-4806-AA6E-8749D1CF23E0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5C60680C-37C4-49FF-8D29-6BB9F74D8077}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5C747B03-84B9-4516-A7F4-A0739DD923DE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5C818CAB-B0C0-4B6A-A7C8-95B22838E9DE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5C8EEC66-FEC3-4B01-BCCE-4151D4A0A240}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5CE76592-2756-4809-A732-66D89D5F31E9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5CF90E1A-9B19-4C35-B994-1EB65AD4CB8B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5D800B7B-5C55-45AA-B514-62E70815F72F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5E145FED-501F-48D4-947F-D9A10BE4A247}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5ED17147-9453-421E-A18E-E6CBD32AE431}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5F16682A-C214-4AFC-8DF3-11226DF5D7D7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5FE2E6A0-FE9E-4F89-9C88-1B1646161001}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{5FE3F838-596C-45D8-8819-96E633B04907}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{60167E1C-2B45-4A73-A786-631DF17DCD8F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{60257324-7915-42A4-959F-7261D8B4849A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{60DC485B-538C-4C99-96A3-17C8A6FE0AD0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{616CAD4C-014C-4973-B097-7772D6FC88B0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6179E697-5412-42C9-8F04-6268B602565A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{61E01267-1B81-46C3-A27B-398AC0A1C51B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{61E4F9A9-0ABA-47AD-8D59-194E7D92853C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{62796B2A-E597-4213-BC14-8BCC66C818C5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{62ADDFDE-E7DC-40B5-9C9B-BD91E36413AC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6310D716-FA9D-4A35-A340-8CFDB9F7DEF5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6347B8AB-870D-4EFF-A58B-2F50CBB543BC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6366112C-EAED-42AC-895E-853EA7B7F925}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{64378A06-C759-44C4-A3D7-E6CBFE3DFB12}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{646B29F9-A99C-4672-91E7-DDE8AEDFF025}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{64858CAF-7F44-4853-8E83-F8D55C21B850}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6532D181-6AC1-424E-9678-C50E9F44C573}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6637C8E2-A130-47AA-A06C-75CC576D7068}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{664491AA-C554-41EF-9DC5-4EBE1BD26D3A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{66C0EFC6-66EB-4573-9D44-63A3F3279114}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{66E7FC2D-8595-45AA-B7C8-1D4A7FB2A422}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{671B282F-F859-4EFA-8351-058BE055571C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6823D4F5-B409-4AEF-A507-3E4F286C7A57}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{68F201F9-13BA-4222-BBE3-5201ACDCADCA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6A60D407-DA91-4CC3-8ECA-1BE85211BE62}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6AAF08E0-B7AF-4E11-B7F7-B1F0A77720CA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6B6CD567-48CC-4E85-8454-6C19F0D81CDE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6B920803-33AC-40D0-9287-9E50004A9344}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6BB362F8-286E-4E31-8380-9B18868976E0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6BD400B2-8230-48CA-A6DC-898C42756ABC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6BFF29D0-C5A7-4409-8E07-E04CBEF8907C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6C7169DE-1FE9-4470-80CC-0114A3CAE1E1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6D9ABE48-BBC1-4B8F-B26B-0A15ECF43B85}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6DFEC746-BD6B-4116-8700-61D32860B826}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6E284F38-0C70-4BC1-9AF5-F523DA885E14}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6EFCD997-ACF1-4579-8F57-70AE697E5610}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6F07962D-430A-43F6-95DA-8E23CFFE3357}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6F920687-CC76-4456-8E5C-C6826F7BC6C2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6F99017C-85E7-49BD-849F-80E0E40EF7BE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6FA8BF44-8AD1-4005-8626-35B6EB8F989B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{6FB5735E-01C0-4D1B-93BC-F0726E60A271}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{71137BA1-E19F-4AB5-9E34-698B938862C9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7188C3E8-5ADF-462E-A9F0-DA340544B362}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{72A447EF-2988-488B-98FE-575045AF2581}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{738AAE06-02DF-479C-979C-B572984F96EB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7579BF0E-F845-4F8A-81C5-1B1993CD3868}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{75EEE8E6-3D30-4D1D-BA2C-444DD930912A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7665EBC1-92D2-4032-ADF5-38D04A0842D7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{766DBC22-EF3B-489D-A050-C78C4E56BC5A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7680063D-9B6A-4ABD-ADF3-88CF6941588F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{76D3A304-6D0B-4EED-8E38-9AC65ECF347A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{76D60E98-7EC0-451C-8A0D-EB27CA991BD0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{76F582CC-F105-41BC-B626-AB3596CC02CE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{77457CB2-22D2-4512-95CD-8F94ACC6638A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7967033F-F2A1-41C5-9564-EFA63ABBD2E6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{79C2131C-C5DE-4F85-BF96-ACE2C26C37FC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7A33C1B3-730F-47A9-A95C-B44F595FC5A9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7A562509-F641-4E67-955A-43493E2D733A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7B7AF32C-086E-4818-8AEF-9E51A5644099}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7B9AACB9-BE60-4B86-9A98-1F5A39646E21}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7B9AF0D3-4877-4850-8EAB-958704FDA830}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7BED0AA0-AB0F-4803-94B0-2CB370030297}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7C52C97C-49A6-4FDB-860A-3073CFF31AB5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7C80078B-2D24-4C9C-A6EB-87FEF71724FF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7C86FBFA-9963-480C-9753-6E22D9BBF90C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7D95C0D2-8620-4782-AB0A-21AE9E60C716}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7DA61E13-F09D-45AF-89D3-5E7EC6175973}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7DD89948-AAE8-405F-82F1-8006067CA698}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7E4DFFBB-7207-43C7-97CF-979CB7B6915A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7E976CC0-2195-4F5F-B874-AF8808EC938B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7EB1244A-99F7-4B63-B236-80C3502D32C2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{7F636BEA-4723-4056-86DD-5E30078FA414}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{804F9126-450B-47E4-960D-23DDF72BAB18}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{80A9ED80-5C70-45BB-913E-D99F094AB8DE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{80BB9A59-64B0-43D9-B592-E1C2C022AB7B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{80FA897E-FB6E-42A6-A01D-F8E3F01A51B8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{819716B4-A5FC-4831-AA28-2C22D6C14940}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81B73316-4FD5-41F2-BBE1-B6F607253A89}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81E96F8B-0F95-48CB-A922-79CCA58CA927}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{81F17EF2-84E1-4B34-AE18-9303A568D45B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8224151F-2D0A-4D36-A40F-D66C6870D6D7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{82434138-26E1-46ED-BC5F-01A5C892DA16}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8290A67A-24AE-4F4D-AE36-D408E51AEB3B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{82FF4CA5-E847-42BA-9E20-5A9B85D8F1C0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{83957060-6084-4FA4-BCF0-01A9073648C6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{84610457-3AC9-4BB2-A9AC-B2BF805B8B47}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{84EF0336-1F8A-4D07-AF54-B2F42DFB8DB4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{85ACF43F-DEC3-4DA5-9163-0A121E2D64EB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{86267651-D957-407B-83E9-85701363BE9C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{86A70B9E-0045-4CAD-990D-228F42B05B28}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8726968A-839F-41C0-87E0-B5F103DDDCC0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{87584A78-85AF-42F5-A058-26B6BDD50DFB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8781CE53-2C16-4F8F-BA19-3E82E9815907}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{88C63AC2-4D2C-4D60-9B02-143B4E77D71A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{892E1321-46AD-42CD-B91A-A2D3294D95EB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{89B3CE5B-4315-4466-B3B3-D40E7B05004D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8A2BB8A1-5552-444D-90A5-066BAE31F88C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8A3A2490-B951-46A4-B166-110BD2088532}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8A3DE1A5-DF67-41B1-BB4E-1CFD78AF4E5D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8B9F3618-DBD9-45AC-88BD-C52615A3812A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8BFAFC03-A936-4648-B94F-D22FCDC62B6C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8C1DFDAC-8EC3-4FEA-8163-900F1D80CD2E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8C834E28-0109-4C42-8594-3EB180857947}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8CDC07DB-77DE-4DF3-A1C5-F63354A474E0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8D6E10E7-0070-49E8-8405-29D770C60731}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8DD93B4F-121A-4F33-A112-4E78C2ACE761}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8DFAEED5-4BDE-4F6C-9F9B-9D1589960E52}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{8DFC7592-A141-4148-89E8-E151F95B5EEB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9010A00F-938A-4C87-8603-EFD130EF3D03}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{90D8CCE6-04DA-40D1-9071-800D9FE2A51C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{91247578-A9EC-4F98-A761-FCFB42D4BC3E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{913BEDDE-3043-4B31-AABE-9E5DB1C0A4D3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{919259F6-88D9-49AA-8771-54720D99A546}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{92338130-FC92-46D5-86D1-4F2886395239}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{924A9274-3C07-4279-BA5E-8737F32EB253}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{924FFCE9-CBD1-4FD7-AB63-47B539065872}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9278D1C1-C37D-445C-8D28-50671E309DCE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{93280AC3-1FCF-4CFE-8913-9A0536E1AEDD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9549B13B-2EFB-4110-83CD-AD8832D0B6AD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9549DEC8-00FA-4952-A2EA-E26CEA9BADB3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{96A03970-0C76-4E8F-8825-66C3AAB0D21E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{974E768F-39E2-49B1-8352-06852363764A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9787415B-4E23-43D4-B942-F2B8F60C0609}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{982F6D93-7BEE-4F89-BAA0-CA533303BA42}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9848823B-F6E4-456F-A9AF-E6CC4794A31F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{98A28421-1CAA-4674-99E9-EC9A0ACB418B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{98C9CF5A-F475-4212-885A-BD700B44F69E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{995257A3-C73D-4229-8B46-63BF60E5EF1C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{999198BA-50A4-41C0-A532-E0FD13ED37AE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{99EDFFDA-5523-448F-84B8-0A715AA2448E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9B5D294D-FAFA-436A-9EDD-079D64886281}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9B5F6B93-1F3B-4B0D-80CC-9FA8D7E704DC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9BC26A7F-DC70-4A80-899E-EEBE498FCDE5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9BC6FD37-2E28-475A-8A7E-56C1BCC329C2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9BF9B106-007F-4370-8237-9A637ABA2984}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9C17D669-6064-451D-BB43-9B8E150A0971}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9CA0EA8C-C6D2-4AB9-B1AE-5B8D6A3422C1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9E330F50-7CCF-4A03-A203-2997D9F52A51}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9EA2FE79-E69E-4524-BE49-64D62DD69FE5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{9F05903C-231D-4E03-A6F0-4E5CA1AEB740}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A057E80B-4DF4-461F-A1B1-699B458EBAE7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A097A3D6-C40E-4D9F-86D2-11D3A3EA6C18}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A0B0CA96-482E-4F06-9B73-83FA80416B43}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A128CFB9-287A-4BCF-9AA5-DDC61260E205}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A185A7E9-4088-4AF7-9C79-6E818A587A25}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A2940CF0-128E-4335-9304-7C5D687466E9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A2C908D8-4276-41EB-A742-2ADDE1999AAC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A31C9B86-5FBC-49A9-99D1-9350C1DDDA74}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A32AC6FE-6B48-4CE6-B6A7-3A536EF71ED6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A34DFD25-BF4B-4198-BBB7-70DC630C2A3E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A3579799-D93F-4A75-843B-CBC08A7EAEF9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A395B680-F58D-48BE-8340-EE3725EAA1B0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A3E7C053-54AA-430C-AB31-74A9DBF3C2A5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A47A0CF7-86FC-41F9-9BB4-29E16A41C3FB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A49A5E73-5A10-4BE5-AA46-D173B6316A31}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A4C6FD8E-A908-440A-B831-47AD1F5C67EF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A54F5174-7639-4C3B-AB0D-FE5F3DEAED07}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A5648568-F12E-4819-928E-E3DA33DED889}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A5AACA59-F19A-4ED3-8939-9D49C5FC00C5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A6F96CDB-1FFD-4D0B-9C73-0EFCC80959E7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A722698A-B528-41E6-A18F-2C28A81DC24F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A734D32D-FDAF-41AD-A110-DFDF595455C6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A76B8317-6A01-42B9-8F85-292717A1C672}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A771454C-AD66-453B-8FE0-00101499F9DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A794543F-D70C-4D7A-BC78-2891AB2F4DA2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A7B68EB7-ADEC-4594-AA35-E083FF78AB1E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A7D65EBE-5FD7-48AC-A9AD-ED081F85AC29}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A8334759-FED0-413B-9F82-49A0DFB4C4FE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A84A2D85-8866-4D06-B6AC-251F7FE1EBDC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A877426E-3232-454F-AF2B-847650E6E5EE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A8E2158E-EB85-4F05-B128-C5C5DC5B24B1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A91FC547-1757-4C7D-8B1F-5DBCCA8CA9DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A9C909E9-A6FD-48FE-A78D-3D6D09B608B2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{A9E86264-8470-4487-93CD-FF3DC06B0D98}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AA07145E-5C02-427A-A429-A5C257758901}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AA295E88-9579-4DE1-86A2-8365AEC12FB8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AA60D055-C1D9-4450-9109-1DA18659AFB7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AA666BAD-0760-4260-A506-D74A3ADF7A9A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AA7D9EA4-F31C-4F8F-943D-46455BFF3C9F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AAEE7806-F36D-45F8-82E6-184B2B4355E5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB1AD207-432D-4410-8871-2723BB83D916}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB4C8AA9-DA25-45B9-BEC0-8382BC6DAA84}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB69414C-4980-4D2F-A03F-3667C06EF60B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB723D4C-CEA9-4BF3-8C01-06C540E0AAAD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB8241B3-B75A-4CDF-8756-3AB2CCCEAC46}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AB82476A-23CC-467B-A501-E39E4848B505}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AD0BA3ED-61CB-44E9-8761-C9881F46AB58}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AD778594-ADEC-4003-97B1-8BBB9CB629AB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ADDD2999-C015-4CEE-AFA5-A73E37FF967B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ADF5DDCC-0D31-4B7F-AAD3-C30D6E3D2B75}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ADFF3ED5-F1C8-477B-9AAB-F8D3EC121CD5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE0934D8-D64C-43DE-9D36-5BA0B92D0F53}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE324FD0-2874-47F4-96A3-3C159F1101DB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AE54F246-8A8B-4E81-B19E-86DB1FD3C827}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AEAA85F1-B9A0-40B2-B6E9-E09BF0C74008}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AEF56708-E84C-4E52-B1C5-5C4FE6E6C434}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AF0521CE-A500-4A52-9FD6-9B6DCFAD013E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{AF7D37F5-B6CC-4962-BFAF-CEF199C36B2B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B048F978-CD33-4E02-865E-1EC860A05C8B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B088ADB8-B335-4677-849E-CFB47CC7CDCB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B0B525F1-ED79-4BA2-B631-25DFC6977594}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B1833842-9A3F-4636-86E0-B75179073E48}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B21084A3-146C-457F-B58E-C36B5229A01E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B3A25673-4731-45AB-B5F4-1EEA5731D986}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B3C8BB0D-92CA-4A8D-B2EB-41D23CB7A6FD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B3FB8A01-E501-407B-8092-723F0D7D17A8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B415E5B2-2B64-4B99-B7B2-DDBC75FBE17A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B42209D7-0994-423E-A2DC-7292E54C57AC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B45B1A78-E4A5-4563-ACA0-93CC2E441979}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B55CC2C4-7533-4AA2-9F36-3C8032B5E020}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B5653050-C7BF-45D0-9CE5-8807EC6F4DD0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B583FF9F-9A59-4B8A-A88A-516E19D80713}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B655216E-7FED-441F-83EE-E074F7589B80}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B6F57F5A-C6BC-4A86-8A98-2B316FB080F7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B6F9DB04-DB25-4628-97D2-954109D40421}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B7647BE4-29C9-4D92-AE28-65998D566D26}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B8133E5E-E71B-478E-89E3-15DB0EED81C3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B966BF51-FCAB-4AC6-85AE-928D82ECE6CE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B9B0DFFF-FF9F-41CA-AC80-959779FB9EB9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{B9BE2034-EBC8-4FEF-8155-6CFA8D916DCE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BAECAC96-3E64-4761-AE15-0360813C6A66}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BAFAA14A-5490-4C11-9476-9608249AB147}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BBB385CB-FCFA-4891-AAE1-F4B7FCB91607}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BBC2BDA3-F6DD-4EFE-9513-5CB0D70733DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BBC993BC-DDE7-4792-9EF0-4FA5B16E9EEF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BD2914A3-0CF9-4996-A9DB-874C6B7F10E1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BD47F8B9-DD9B-4822-B841-51414D1F8BE4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BD58D8CA-B86D-4105-B299-92593596E84A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BE6F0E4C-B16A-4DBF-8E63-34FDB1EF98BE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BE804F3E-0580-4BCB-96E7-C50D1AA4F086}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BEE6DB5E-30DC-45BC-A52E-6909555AED60}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BF2F9E0E-2228-46CC-A8A0-554F68EC3336}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BF3233E2-3ECA-4EA2-837A-E097DD36DA57}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BF76FB5D-C597-4A0A-B7C6-9FCD86348286}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BF7CA1C9-EE3B-4059-9C65-A28CAA83B7F9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BFE04C3A-5BC8-4F2F-A845-DBCB9ADF55C3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BFE5774D-9C2B-4A34-81CD-A0689BE6BAD8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{BFFE6FD9-FEA6-45A4-90AE-270E09580AD9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C1EEACA2-5DC6-48D9-B4B7-F31FA2DA34B7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C230DEA8-D3E9-44E4-9D3D-C7289194BCE7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C2A4A18B-EE46-41B7-BF33-0A9AF595468F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C38BC1F6-5C45-4573-8233-4028829D2408}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C3C39BA7-BB16-4CC0-8A0B-283B616E03F8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C42966F6-7C71-4919-8C92-AD5E7BC0D435}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C4698A80-8487-4FDB-A438-FAADC357455B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C48C3486-47E2-4989-BD1B-47592B320947}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C540D179-68ED-48DE-ABB9-8D92687E7FEE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C5A817AB-DD30-403A-9B98-43B417556A64}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C60E7F21-4B20-4AF4-805A-7B2B0C4654DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C63D4944-1652-412B-937F-82F4582889BB}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C6532ECC-4DD7-4D3A-A962-2AF0A73B4A1D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C65EA7B5-6742-4D5F-92C1-B392653D795E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C66C62A7-DD1A-4D55-9D7D-2A8CE0D72D0D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C6BF343F-BD7F-4109-961E-E94F6C5AB7B6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C7304288-E80D-43B6-8F74-B20A738421C1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C7ADFBF5-423F-45F7-AA8A-DF848218AE68}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C83B21F2-D7BA-4AE1-8B12-B704B2551BA7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C8FBFBCD-DF00-48AD-85B9-F7D6777FF85E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{C99F98BC-A125-48BA-BFC4-70AC91B0963E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CA5E53F3-ADAB-4927-A928-6EDFA99545D7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CA6DF742-D15A-43ED-B150-9A482951D09E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CA8745E3-EBB9-4AA5-B58C-5D70839E5855}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CBA95518-9CA9-42FF-859D-5A5C4565FC1F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CBBB69C7-AF56-4EDF-A8CD-0706C5692EDE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CBCE66D9-8EF1-4098-A5BF-CA29EEF729BD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CC25B46C-8E16-46AC-A529-9A4A8CA3C65A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CC34B056-D9EA-41A8-ABF5-F323AA9BF583}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CDF9E505-CC3E-4819-A6AF-A97913C4C489}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CE429DE4-6BF6-4CBE-9EA7-085DA973E6DC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CE65BC7F-6B2C-4F72-ACDF-F8C42B36BFD2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CE6DD9E2-9DFB-4DC3-ADE6-43086C6E49D1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CEBB0969-BAA9-455B-AD78-FBDB427B536A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CEE88089-2368-4822-882E-B91E5511FC8E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CF2752D6-7DFE-40D7-A36E-6012BD59371F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{CF3FB48A-E5B1-4FE8-9C61-3C8B1810A81F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D04644E8-4036-4867-87FE-03D482F92571}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D04CB051-92D2-4641-BB12-3491A05C58BD}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D0ABCEDA-9ED7-4C8D-A71C-9997A87D7F22}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D0C41B48-31B3-4AC0-96AD-2A8A18A0A5F9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D0F91C33-77AC-4704-9BE1-2CD38937B3F9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D18F5B24-C579-49E6-BE90-392D6C81927D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D1BD6D12-5905-400C-B070-A791774B74CC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D2F2ADF6-68CC-4D5E-AA16-896EA53D3A66}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D30C486B-E424-4740-B6E1-640941E74256}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D327EA1D-EE7A-4BE5-A854-3FE44A0C8B42}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D3D469AA-5500-4799-B9E3-9D3431460795}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D3F809A4-2E85-4BB8-A71C-457BFC1E7A5A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D43F09B0-1828-4824-90D7-BC7F492875A4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D599AB46-BAB0-40C8-8811-F6AFD35386A4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D5B28B1C-A454-4EA4-93AB-7850F507B033}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D613E821-D160-4696-8ABA-C61D3E601787}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D6854A64-E3B8-4DA3-9DFF-66E4F1558D56}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D717C318-54B8-483B-BEAB-587062536FC6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D7A71454-1D77-44C4-AA82-5C03C40D99A1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D7B310F0-2659-4F21-9F75-A3C81243D703}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D7F19832-4BBD-4123-B0C0-A169827B7298}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D82641D0-50F9-4071-A44C-9E796A978E1F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D82DCDF7-7EB6-470E-8CE1-45D737198AC8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D8340EB4-8672-4A93-9480-CDD33E0ABE81}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D85DE62E-FBDE-48B5-84F2-D1375171683A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D8CAE65A-0151-4849-8A3D-804BD89D65A0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D8DBE644-BB36-42C8-9EA3-C95514E1E13E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{D9ED5E04-D807-4446-AA0F-CA37E27BEB26}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DA7ABC83-A740-4B13-B781-4F26CF971AD1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DA9D7AE1-FEA3-4A10-A329-92408DB0F13A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DAE6ACC9-3F2E-4B35-AB9E-6069934546DE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DAF35BE4-0C75-4CFB-BD33-044E808E00E2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DBA961CB-55E9-4785-97BB-4BB8AF1C96BE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DC968B44-D1E6-421D-B0D9-BB9A3C1A185F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DD51D586-080F-4F02-A9AC-A9158AA9F4FC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DE8BBC62-D452-476E-BF82-94B2B58C0934}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DF65032B-B091-420E-ADDD-6335311AD183}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{DFF633E5-1623-41E1-B144-E9E68174DEDC}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E050F07B-5033-49FF-9B44-D8C48DE2A223}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E08F212F-6953-461E-9BBB-95F5578706BA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E1CD2CA4-D0DB-4020-8956-16E713713B5F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E2283E66-CF40-4F13-B26C-380EE0810754}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E2C3A162-2FB0-4CC0-8E2B-6AD2B4E97853}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E2E6F89F-CDCC-46C7-91BF-B755E5E2CBB6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E2F33A69-98A2-41B5-9DF7-427325F16C49}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E3AC0BAE-0B2D-432A-8078-942DF6D92EF6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E4BA81BE-220D-4F50-8814-EEE19F146B48}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E510BF98-3529-4801-B308-EC5423295D56}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E5C01CBD-206D-4411-B437-F3067574B1DA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E64DA07A-EA51-48B6-9E91-3584310479E1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E69DC3B4-9038-4E1A-BFA2-98DCBE7652C0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E73B0565-9440-4571-87CE-5184462858E2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E7636476-A60C-4324-AB37-1ACD41100C08}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E78B1930-3DD5-46D4-82ED-C03EC36DFE6E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E879E41D-8481-46BF-99B6-8E222FE41C4E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E8F83646-9102-4B20-854E-0FA141920CDE}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{E96CC9B5-142A-4030-B173-FF7C5706E7C5}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EA6741B5-C0C0-496F-B4FC-A561EDD0D925}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EA7A5E30-6EAF-43C8-B178-D1754DE8A05E}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EAF6C1BC-B30B-4D97-A8E9-80DDC05A07A4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EC34628F-057C-4F86-B295-AD08D7CFD6C0}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EC901754-2AF6-4337-ABC4-7E76F2806844}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ED8F4021-81A8-47C0-A6CB-3338AFDE0FE1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{ED9A397C-988A-4309-ADBC-3EACA5474C21}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EDC9C6C9-4BED-45C9-B6DB-1022B7DE59EA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EE8365A4-27AC-44C4-8BA3-456C6497D115}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EE8D926D-EA9C-4ED5-AD88-C33C0945909A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{EF3C30FE-FBAE-4EF7-9731-3B3FA0C18A03}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F08B8787-90E3-45E3-806A-22185D04EF89}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F0965195-68D5-452B-8E13-2B5EB5507C97}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F10B3C84-D76F-4ED5-BBC0-0D42D621BF1A}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F127F9F0-07A6-4BFC-997C-FA8D77EB4565}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F2AF32A1-6337-4F7A-B778-915D46B3E74B}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F3631CC9-298C-467E-8177-5626A4DA5E63}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F3A7D56F-0817-4941-A24D-E4FDBE56B318}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F3AF719B-C85F-4C1B-B746-1B21BA0A2ED6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F47B6CB7-89F1-4437-8441-3F5A8DBEDF8C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F5517C9F-D72E-43E8-B2C1-626D4302D078}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F5D83348-389D-449E-9EE0-59B887025908}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F62F8986-9275-46EA-99D3-8B9F0BCE7FF9}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F677056E-5B50-4C28-A489-33A00DED87E1}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F6BC3CF9-8124-4AFC-869A-9D7DC0DEB6E8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F6CB7BB1-69FA-4340-8CAF-983C8A989F52}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F7216B63-337F-4ECE-9ECF-E8CA81B0DEF4}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F77756E4-4564-4868-8EF2-1E198B05D956}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F7B81FCA-27AA-43DB-B704-4CEB328BE8C2}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F80D56F2-BF46-42C0-9743-AFD02CBB2BB3}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F88B3665-A7D9-4F4D-82EB-20E9C2B923E6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F8AAEF30-1C9A-4A55-9630-4163D191AE5F}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F9202B3D-BF65-4E45-BA1F-4565197FED99}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F9627DE6-6EAD-4B32-8A4C-83E67447EE6D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{F9735BE6-67DE-4CCC-9E63-1DEB70C232FA}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FA646D56-8EF5-466C-BE4A-E3C25FD4E52C}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FB16C49B-C58D-4462-B950-61E44D3F19D8}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FB4BD19E-3D0F-4F12-A664-2E3888008472}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FBA7F116-27E1-43B3-8654-A824676C6C3D}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FC1E28E3-45B6-4732-AC2A-25BA916ECEE6}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FC276344-0302-4744-AF02-009F3FAE1937}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FC87D0EC-2281-43C9-BA55-FB26F89E0EF7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FEB6BDC8-DE69-440D-AD51-C8AEB195E4B7}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FEBBAC2D-5E3F-43F2-B385-461D88AD10FF}
Successfully deleted: [Empty Folder] C:\Users\Michael\appdata\local\{FEF1AC6F-13CE-4A7C-BF84-E44E344276DA}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.05.2013 at 21:20:06,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
28.05.2013, 10:08
| #8 |
| /// Helfer-Team | Guv und E-Mail Delivery Problem Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
28.05.2013, 22:33
| #9 |
| | Guv und E-Mail Delivery ProblemCode:
ATTFilter -----------------------------
18:41:23.816 OS Version: Windows x64 6.1.7601 Service Pack 1
18:41:23.816 Number of processors: 4 586 0x2A07
18:41:23.816 ComputerName: MICHAEL-PC UserName: Michael
18:41:24.471 Initialize success
18:47:40.581 AVAST engine defs: 13052800
18:49:55.404 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:49:55.404 Disk 0 Vendor: SAMSUNG_HD103SM 1AJ10206 Size: 953869MB BusType: 3
18:49:55.498 Disk 0 MBR read successfully
18:49:55.498 Disk 0 MBR scan
18:49:55.513 Disk 0 Windows 7 default MBR code
18:49:55.513 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:49:55.529 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
18:49:55.545 Disk 0 scanning C:\Windows\system32\drivers
18:50:04.515 Service scanning
18:50:21.316 Modules scanning
18:50:21.316 Disk 0 trace - called modules:
18:50:21.332 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:50:21.332 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db0060]
18:50:21.332 3 CLASSPNP.SYS[fffff880019a143f] -> nt!IofCallDriver -> [0xfffffa8006c90d40]
18:50:21.347 5 ACPI.sys[fffff88000f5e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077b6060]
18:50:22.049 AVAST engine scan C:\Windows
18:50:23.874 AVAST engine scan C:\Windows\system32
18:52:54.433 AVAST engine scan C:\Windows\system32\drivers
18:53:03.840 AVAST engine scan C:\Users\Michael
18:57:27.077 AVAST engine scan C:\ProgramData
18:58:26.965 Scan finished successfully
18:58:47.651 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
18:58:47.651 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=54ca165b574b044597784719ee90563e
# engine=13939
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-28 07:32:50
# local_time=2013-05-28 09:32:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 10942 140437275 3733 0
# compatibility_mode=5893 16776574 100 94 2985879 121399420 0 0
# scanned=163927
# found=0
# cleaned=0
# scan_time=3597
Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.6001) Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Reader 10.1.7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
29.05.2013, 11:48
| #10 |
| /// Helfer-Team | Guv und E-Mail Delivery Problem Aktualisiere:
Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
29.05.2013, 15:06
| #11 |
| | Guv und E-Mail Delivery Problem PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Browser nicht erkannt Flash (11,7,700,202) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 11,0,0,0 ist aktuell. Zurück Tools: StartSeite PluginCheck Secunia Online Scan Weiterführendes: Java Updaten und Einstellen Secunia Personal Software Inspector (PSI) Family: TR/Agent |
|
29.05.2013, 17:40
| #12 |
| /// Helfer-Team | Guv und E-Mail Delivery Problem Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung Die Reihenfolge ist hier entscheidend.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
30.05.2013, 00:49
| #13 |
| | Guv und E-Mail Delivery Problem So habe soweit alles abgearbeitet, hatte bis jetzt nur ein Nutzerkonto habe jetzt ein 2. zugelegt.Wie bekomme ich jetzt alle Einstellungen und Programme in das 2.Konto? Soll ich bei Malwarebyts und Avira Funde in der Quarantäne löschen? Mfg |
|
30.05.2013, 10:01
| #14 | ||
| /// Helfer-Team | Guv und E-Mail Delivery ProblemZitat:
Zitat:
wuensche eine virenfreie Zeit  |
|
30.05.2013, 18:40
| #15 |
| | Guv und E-Mail Delivery Problem Besten dank für deine Hilfe. |
|
| Themen zu Guv und E-Mail Delivery Problem |
| akamai, antivir, avira, benachrichtigungsdienst, dvdvideosoft ltd., e-mail, firefox, flash player, homepage, iexplore.exe, install.exe, js/agent.480412, logfile, microsoft office starter 2010, plug-in, problem, realtek, registry, secunia psi, security, svchost.exe, systemereignisse, tr/crypt.xpack.gen, tr/fake.rean.2121, tr/kazy.176162.2, tr/reveton.r.279, trojan.agent.gen, trojan.fakems, trojaner, windows |
Linear-Darstellung
