Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   C:\ProgramData\lsass.exe (https://www.trojaner-board.de/127244-c-programdata-lsass-exe.html)

laxattax 19.11.2012 17:01
C:\ProgramData\lsass.exe
 
Hallo! Habe heute den österreichischen Polizei-Virus eingefangen. Taskmanager liess sich nicht öffnen, habe daher im abgesicherten Modus (mit Netzwerkverbindung) gestartet und Spybot drüber laufen lassen. Der hat 4 Dateien gefunden, die m.E. nichts mit dem Trojaner zu tun hatten. (diese sind namentlich leider nicht mehr abrufbar). Danach wieder normal gestartet, normaler Systemstart möglich, und die Trojaner-Board Anweisungen befolgt. Malwarebytes hat folgendes gefunden:
Infizierte Dateien: 2
C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\laxgruende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Danke im Vorhinein für eure Hilfe!OTL Logfile:
Code:
OTL logfile created on: 19.11.2012 16:11:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\laxgruende\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 63,70% Memory free
5,73 Gb Paging File | 4,35 Gb Available in Paging File | 75,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 126,67 Gb Free Space | 44,70% Space Free | Partition Type: NTFS
 
Computer Name: LAXGRUENDE-PC | User Name: laxgruende | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.19 15:59:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\laxgruende\Downloads\OTL.exe
PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\laxgruende\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.04.08 13:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011.04.07 16:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.06.29 05:00:16 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010.04.30 15:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010.04.06 21:35:04 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010.04.06 21:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
PRC - [2010.01.15 16:26:52 | 003,873,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009.11.30 04:41:08 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
PRC - [2009.11.12 01:55:30 | 000,203,776 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2009.11.04 06:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.10.20 15:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.07.22 13:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009.07.14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009.07.13 04:04:26 | 001,656,112 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2009.05.12 23:50:32 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009.05.12 23:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.17 03:30:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.17 03:30:02 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.17 03:29:41 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.17 03:29:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.07.31 02:08:04 | 000,016,872 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2012.01.10 20:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.07.22 13:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.27 09:49:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.07 16:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.07.01 23:35:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.30 15:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010.04.06 21:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2009.11.30 04:41:08 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.11.04 06:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.10.20 15:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 04:04:26 | 001,656,112 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009.05.12 23:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009.03.02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.07.21 11:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 11:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.09.17 12:27:32 | 000,023,696 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasusb.sys -- (synasusb)
DRV - [2010.04.06 21:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.02.26 09:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.02.02 23:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.01.22 09:29:12 | 000,316,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.17 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.04 11:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009.07.02 01:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009.06.30 12:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009.06.15 19:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009.06.11 15:23:06 | 000,064,640 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2009.06.11 15:22:26 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2009.05.28 16:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..extensions.enabledAddons: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010.06.24 11:37:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 09:49:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 09:49:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2010.06.24 11:37:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 09:49:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 09:49:40 | 000,000,000 | ---D | M]
 
[2010.06.30 12:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\laxgruende\AppData\Roaming\mozilla\Extensions
[2012.10.23 19:42:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\laxgruende\AppData\Roaming\mozilla\Firefox\Profiles\sr8x4tn7.default\extensions
[2010.12.01 09:09:34 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\laxgruende\AppData\Roaming\mozilla\Firefox\Profiles\sr8x4tn7.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010.10.27 08:33:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\laxgruende\AppData\Roaming\mozilla\Firefox\Profiles\sr8x4tn7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.27 09:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.27 09:49:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.06.29 05:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.03.16 07:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 10:06:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.16 07:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.16 07:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.16 07:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.16 07:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\laxgruende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\laxgruende\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DD864DA-5929-4615-A9EC-3D6A62277009}: DhcpNameServer = 192.168.43.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE9319A9-DDB1-4C66-83E5-C15BC55BCE45}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{25809656-3e3e-11e1-981a-a4badbd47758}\Shell - "" = AutoRun
O33 - MountPoints2\{25809656-3e3e-11e1-981a-a4badbd47758}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7defd0e5-3bb7-11e1-862f-a4badbd47758}\Shell - "" = AutoRun
O33 - MountPoints2\{7defd0e5-3bb7-11e1-862f-a4badbd47758}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7defd0f5-3bb7-11e1-862f-a4badbd47758}\Shell - "" = AutoRun
O33 - MountPoints2\{7defd0f5-3bb7-11e1-862f-a4badbd47758}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.19 10:06:47 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Roaming\Malwarebytes
[2012.11.19 10:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.19 10:06:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.19 10:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.19 09:51:21 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{214050EA-D22B-4B13-A0FB-937F4982675F}
[2012.11.19 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{71116B11-6496-4C5A-BDAF-AF8C046CE17E}
[2012.11.18 12:45:14 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{2617DD4D-6773-4C1E-81F9-82CF0FA7AB06}
[2012.11.18 00:43:36 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{42E788DB-078A-4850-BEA7-1AE9223476D6}
[2012.11.17 03:00:29 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{9A945937-B99F-44EC-911C-E80053DF1374}
[2012.11.16 11:36:00 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{5954954D-48B8-467F-BAB6-D501273606C6}
[2012.11.15 23:35:48 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{1156C604-4F2A-4E8D-801B-041203E8ED1B}
[2012.11.15 11:35:34 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{16EBAA79-3F8E-41EB-A545-E73E8FAE26B3}
[2012.11.14 20:17:14 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{6FE4806D-5CB3-4690-94B6-4F5CAE8D1928}
[2012.11.14 08:17:02 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{30A64537-0659-43A7-B8A8-AC9EF4C7504D}
[2012.11.13 23:57:51 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{86EC1E6D-0F16-4CA9-94A5-836C4F7AF08F}
[2012.11.13 08:19:00 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{340CF801-FA53-49B0-9C61-967022FA51F6}
[2012.11.12 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{10B38BB6-C4A5-4D61-8E18-3C9ED5780A71}
[2012.11.11 23:05:46 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{70F4997F-5F24-4020-8196-B20E4351D643}
[2012.11.11 11:05:30 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{058A5B2B-EC52-48D9-A93A-B6503094E8B4}
[2012.11.10 22:53:02 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{45D1486D-60BE-43CC-82F1-FCB31D3CB1D6}
[2012.11.10 10:52:48 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{FC0C4CD1-346F-4BA8-BC6C-72386726819A}
[2012.11.09 11:33:44 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{03780473-BE1C-42EA-8C8A-A79939428759}
[2012.11.08 22:00:02 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{48B3E3C4-025B-4DF3-BB7E-5C1989B8CA1D}
[2012.11.08 15:44:31 | 000,000,000 | --SD | C] -- C:\Users\laxgruende\Documents\Eigene Datenquellen
[2012.11.08 09:59:38 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{36CC420D-4811-405E-A313-D8D031AF28ED}
[2012.11.07 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{46FA7FB9-9808-40D4-9E51-440D0235556D}
[2012.11.07 08:20:55 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{23A021B0-BFFF-4614-9299-0E879D682B82}
[2012.11.06 11:42:27 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{467E945B-4E71-4DDF-A3EE-62CCDEED1D8A}
[2012.11.05 23:08:00 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{12A80BFA-388F-4517-B506-91A4B64DD292}
[2012.11.05 16:32:47 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\Documents\DJing
[2012.11.05 11:07:24 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{24D3310C-7FC4-4172-BD5F-805C8E9B6D49}
[2012.11.04 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{BECA3418-28D6-46E2-B33B-6CA5BCD446D3}
[2012.11.04 10:10:38 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{F375DC66-D3E6-4B8F-A93D-8A3781464E61}
[2012.11.03 11:38:42 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{E7216C7A-FACF-4B42-A5A5-D0D1FE10C581}
[2012.11.02 23:38:46 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{AE7EBAAA-1B4F-41FC-A61E-DCC48181AC53}
[2012.11.02 10:46:27 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{E2A79AF2-F230-4E5B-AC5B-977DB9B44C62}
[2012.11.01 22:34:49 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{515CB7B9-A2CD-4F5A-AA4D-FB66ACD223C8}
[2012.11.01 09:06:31 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{CB5CA233-28F7-418F-8F2F-B3BA2F639469}
[2012.10.31 08:22:35 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{414FDC58-3F8F-4083-BF56-169DF7F47FE5}
[2012.10.30 13:06:05 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{4E057541-CD27-442A-8868-5937DD32F30E}
[2012.10.30 01:06:10 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{9954CA34-297E-4352-9D23-C1A645148C1E}
[2012.10.29 09:28:28 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{1CE5AA8C-A2E1-4BF4-980C-758F24D35DC7}
[2012.10.28 22:44:48 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{D5319A03-359D-48E8-98C5-DC5EE75D4EBF}
[2012.10.28 09:57:20 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{43ABE192-D49E-4611-997C-27E8056D8050}
[2012.10.27 21:56:47 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{E4B89C74-B9A4-4B5F-BA80-5405679E92EA}
[2012.10.27 09:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.27 08:24:43 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{BE2F6C70-5860-49AF-8A21-9BB307790B40}
[2012.10.26 20:24:23 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{0EF794AA-4325-456A-8D63-F08D1B66C9F6}
[2012.10.26 08:17:33 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{57A3FBF1-02C7-48AD-AD16-05FB4A2EADAB}
[2012.10.25 18:58:15 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{D5C0E79A-47FF-4D72-9A0F-D41FD1F5540A}
[2012.10.25 01:56:56 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{2FF53603-5DCE-4394-8BF6-6EC72DA683C9}
[2012.10.24 10:39:58 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{52BFF762-EE0E-4596-B45E-84807953F3CD}
[2012.10.23 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{74F00725-2864-41E0-A208-7559683D7DC7}
[2012.10.23 10:33:36 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{061C44B2-3146-46F9-871C-DAFAB3EE3FA4}
[2012.10.22 22:33:10 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{469B55DE-07AA-4D29-9576-A4DF5868F35A}
[2012.10.22 08:02:45 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{DA1268C6-D73D-4644-BB6B-7ADF72B0716A}
[2012.10.21 14:08:34 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{3848206A-93CF-43BF-9018-684AAA9C10EE}
[2012.10.20 23:50:10 | 000,000,000 | ---D | C] -- C:\Users\laxgruende\AppData\Local\{B3718DB1-23CD-4ACC-99C0-4282EE3D5D1C}
[1 C:\Users\laxgruende\Desktop\*.tmp files -> C:\Users\laxgruende\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.19 15:58:46 | 000,000,000 | ---- | M] () -- C:\Users\laxgruende\defogger_reenable
[2012.11.19 15:56:43 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.19 15:56:43 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.19 15:56:43 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.19 15:56:43 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.19 15:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.19 13:04:33 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 13:04:33 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 12:56:35 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.19 09:29:44 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.17 03:27:08 | 000,439,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.15 13:07:43 | 000,219,588 | ---- | M] () -- C:\Users\laxgruende\Desktop\watch.htm
[2012.11.12 12:49:26 | 000,028,886 | ---- | M] () -- C:\Users\laxgruende\Desktop\Gender_taxonomy.htm
[2012.11.08 10:41:03 | 000,265,735 | ---- | M] () -- C:\Users\laxgruende\Desktop\Schaefer2011_Filmsprache_und_Filmanalyse.pdf
[2012.11.05 11:08:50 | 000,213,367 | ---- | M] () -- C:\Users\laxgruende\Desktop\search.htm
[2012.11.05 11:08:48 | 000,131,396 | ---- | M] () -- C:\Users\laxgruende\Desktop\Getreide.htm
[2012.11.02 13:07:59 | 000,156,647 | ---- | M] () -- C:\Users\laxgruende\Desktop\Androgyny.htm
[1 C:\Users\laxgruende\Desktop\*.tmp files -> C:\Users\laxgruende\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.19 15:58:46 | 000,000,000 | ---- | C] () -- C:\Users\laxgruende\defogger_reenable
[2012.11.19 09:25:03 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.17 03:03:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 03:02:42 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 13:07:37 | 000,219,588 | ---- | C] () -- C:\Users\laxgruende\Desktop\watch.htm
[2012.11.12 12:49:19 | 000,028,886 | ---- | C] () -- C:\Users\laxgruende\Desktop\Gender_taxonomy.htm
[2012.11.08 10:41:03 | 000,265,735 | ---- | C] () -- C:\Users\laxgruende\Desktop\Schaefer2011_Filmsprache_und_Filmanalyse.pdf
[2012.11.05 11:08:48 | 000,213,367 | ---- | C] () -- C:\Users\laxgruende\Desktop\search.htm
[2012.11.05 11:08:26 | 000,131,396 | ---- | C] () -- C:\Users\laxgruende\Desktop\Getreide.htm
[2012.11.02 13:07:58 | 000,156,647 | ---- | C] () -- C:\Users\laxgruende\Desktop\Androgyny.htm
[2012.01.22 20:07:13 | 000,937,543 | ---- | C] () -- C:\Users\laxgruende\P1010108.JPG
[2012.01.22 20:07:13 | 000,934,022 | ---- | C] () -- C:\Users\laxgruende\P1010107.JPG
[2012.01.22 20:07:13 | 000,014,252 | ---- | C] () -- C:\Users\laxgruende\image002.jpg
[2012.01.10 21:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 21:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 21:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 20:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 20:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.11.04 09:42:22 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2011.09.01 15:01:53 | 000,000,079 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.09.01 15:01:51 | 000,001,843 | ---- | C] () -- C:\Windows\System32\RC98E1A0.dat
[2011.09.01 15:01:50 | 000,000,030 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2011.07.06 15:22:09 | 000,007,644 | ---- | C] () -- C:\Users\laxgruende\AppData\Local\Resmon.ResmonCfg
[2011.06.23 10:03:50 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2011.06.21 13:20:00 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2011.06.21 13:19:59 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2011.01.20 10:53:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.01.20 10:15:32 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.01.20 10:15:32 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.19 13:43:25 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.01.17 13:09:13 | 000,316,224 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS
[2011.01.17 13:09:13 | 000,260,032 | ---- | C] () -- C:\Windows\System32\drivers\GrabsterSeries.C86.SYS
[2011.01.17 12:54:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.12.01 10:51:25 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.12.01 10:40:48 | 000,004,104 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2010.11.29 14:58:33 | 000,007,168 | ---- | C] () -- C:\Users\laxgruende\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.12 19:04:18 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.06.30 21:49:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.02.21 01:33:01 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\Amazon
[2012.07.07 08:57:24 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\Audacity
[2010.12.02 10:04:04 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\avidemux
[2011.01.03 18:13:24 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\BitComet
[2012.07.31 11:29:33 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\BSW
[2010.06.30 12:11:29 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\DigitalPersona
[2012.11.19 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\Dropbox
[2010.10.27 08:32:57 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.03 12:12:19 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\EurekaLog
[2012.07.07 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\F4
[2012.07.05 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\FreeFileSync
[2010.07.12 18:56:57 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\Gutscheinmieze
[2010.09.24 08:43:18 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\ImgBurn
[2011.03.30 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\IrfanView
[2011.07.02 17:40:33 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\KlebezettelNG
[2011.01.17 12:58:14 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\MAGIX
[2010.12.01 10:40:49 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\MOVAVI
[2010.10.17 17:35:52 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\pics
[2011.02.10 20:18:35 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\Seagate
[2012.09.23 17:38:11 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\SoftGrid Client
[2010.12.02 10:28:12 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\Softplicity
[2011.06.23 10:29:49 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\Steinberg
[2010.06.30 13:17:32 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\TP
[2011.01.18 09:45:33 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\TuneUp Software
[2011.01.29 12:16:16 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\uTorrent
[2010.11.29 11:48:46 | 000,000,000 | ---D | M] -- C:\Users\laxgruende\AppData\Roaming\WinAVI
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 19.11.2012 16:11:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\laxgruende\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 63,70% Memory free
5,73 Gb Paging File | 4,35 Gb Available in Paging File | 75,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 126,67 Gb Free Space | 44,70% Space Free | Partition Type: NTFS
 
Computer Name: LAXGRUENDE-PC | User Name: laxgruende | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029EF8F3-1A2B-4A68-9846-04589D4BF223}" = rport=137 | protocol=17 | dir=out | app=system |
"{0660AFB9-7689-445D-A68A-9578B6ED4C15}" = rport=139 | protocol=6 | dir=out | app=system |
"{4843B4EF-5BAC-4ACC-BBF9-93AA0D958AFA}" = lport=137 | protocol=17 | dir=in | app=system |
"{4C061D9A-C377-4F40-A6A1-9CAFE7E26AB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{50695623-CB27-4E04-B915-185F7FFAE3C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79FC230F-A8B3-4DD8-8DB9-AB4B44E95880}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{942828ED-54A5-4DB1-8C76-35AE551E9375}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A0395127-9D85-4CA2-9806-E52B033C4942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A5EAFE4F-B586-48BF-8B2A-53EBCEC80117}" = lport=139 | protocol=6 | dir=in | app=system |
"{A6D388E6-EF51-4034-A806-A8ED69C39F0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{B3809294-514A-48E6-96DB-ABF695C5A7A7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BCFF7F72-4955-44E8-88D5-9C08DE656140}" = rport=138 | protocol=17 | dir=out | app=system |
"{C7E7C468-C27C-4E45-87FD-9E3FB83B3B88}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CD94CF4C-49F9-4B32-B867-F21FF141D5B5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D022DA27-B7FA-4347-A388-ECA397DA6B30}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DEA1B308-EDA9-4045-97EA-056B83D50833}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1A45496-CD61-497F-A5D9-0B5FE04C7EC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5830EF7-284B-4E6A-A1F3-E4357D1E9688}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F81E0267-5E89-4BF5-9E53-63D1757E4A34}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E8E73C-9093-42F8-B132-EB5231106E87}" = protocol=17 | dir=in | app=c:\users\laxgruende\appdata\roaming\dropbox\bin\dropbox.exe |
"{13617A80-0E56-4E07-AAD4-BB0B41026E78}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{1C2E4FF4-7C1D-46CB-B5E6-FDEB492630BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25B72851-7198-4347-89E2-883929DE9CC0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2C434358-A3F4-404A-98E2-607C5A0D8E8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32A9738A-E196-4D35-967F-BA63A7387168}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{38B843CE-B627-44C0-AC1C-CFB18E00AF06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{40FA1FFF-93EE-4C4F-B73F-3896AA53340E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{47DD86D9-2919-4B97-AA4F-02AFE99EB3EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7E79437E-2130-4C4B-A021-025295520255}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{8ADA9FBB-2D80-4F5C-A4DC-607598619BB1}" = protocol=6 | dir=in | app=c:\users\laxgruende\appdata\roaming\dropbox\bin\dropbox.exe |
"{8F03433E-36F2-477D-9ED4-A7676255BE19}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9381172F-F13B-4C0B-A4D2-230ED093F71A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9684F450-CEE4-41B5-82B1-40790813156C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B07883B-3F2A-448D-BD9F-CC4136E62CE3}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{A862483E-9578-4139-8475-EE7ACBFB49B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B47843D2-69D5-40F2-A172-31BB12538131}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{B7670D5B-B588-4C24-8820-94817F4654B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BEBA0339-06E7-4E92-BFD4-9A69F253C589}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{C1671593-36BC-4D3B-920B-FBC768837441}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{CE16FDBB-D91D-4C06-BCBC-E1FB90B168CB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D0EF9F54-81E4-45E1-95E4-7D15A227EF38}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{FC2B98BD-4DF6-498A-9C35-2076EF91BC20}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC94AF62-3203-46B8-A43E-A9E061A74240}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"TCP Query User{1A6E08B8-A8FC-4744-B2CD-5DA8D97770BB}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{61010AE3-4EEB-4C7A-B3CC-34AD4426DFD0}C:\users\laxgruende\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\laxgruende\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{92047A1A-26E9-4979-8FCD-05CA39311F5C}C:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"TCP Query User{BA8A78D2-C293-4A3A-8120-6BEC43281FE1}C:\program files\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe |
"TCP Query User{C9930612-3C3D-48A3-BCFD-F1DEF7684150}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EEAA02AA-9744-41EB-BF10-A091497946C7}C:\program files\klebezettel ng\klebez.exe" = protocol=6 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{0C412EA2-478D-4680-AC73-B50B5A3F0B9E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{25D1B9D6-6C08-41BE-A055-6BFC967ED2CA}C:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"UDP Query User{4049D9E2-97CC-4B3C-BB8A-FD31F637BA12}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{408EDF90-906A-46F5-92C3-86798FA2F10A}C:\program files\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\scantopcactivationapp.exe |
"UDP Query User{5587FDC5-90CB-456B-82FA-15F740853372}C:\program files\klebezettel ng\klebez.exe" = protocol=17 | dir=in | app=c:\program files\klebezettel ng\klebez.exe |
"UDP Query User{59D80364-5E1F-4014-9245-673BF1441B51}C:\users\laxgruende\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\laxgruende\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8AE086-030F-4EF4-B705-63F8130B043E}" = DigitalPersona Personal 4.01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = GlobeTrotter Connect
"{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC474F86-9A17-4BCB-8B15-11ABFD5B7F95}" = Dell Backup and Recovery Manager
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7B4C7E0-078F-42D6-90B2-001400795416}" = NWZ-S750 WALKMAN Guide
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.47 (March 12, 2011) Version v2011.build.47
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6200FF8-999D-4C58-9047-08D2E065BDBB}" = Steinberg Cubase 6
"{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF45002F-2205-4116-BB51-2D015F436CAC}" = Steinberg HALion Sonic SE Content for Cubase LE AI Elements
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7800A8-575E-4776-95A5-A9D904A85D5F}" = Steinberg HALion Sonic SE
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DW WLAN Card" = DW WLAN Card
"eLicenser Control" = eLicenser Control
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"f42012" = f4 2012
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreeFileSync" = FreeFileSync 5.5
"Google Calendar Sync" = Google Calendar Sync
"GRABSTER SERIES" = GRABSTER SERIES V1.0.0.65
"HP Photo Creations" = HP Photo Creations
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LameACM" = Lame ACM MP3 Codec
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mp3-2-wav" = mp3-2-wav converter 1.14
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"p.i.c.s. Rätsel-Generator" = p.i.c.s. Rätsel-Generator
"RealPlayer 12.0" = RealPlayer
"ST6UNST #1" = ACSynchro
"Sweet Home 3D_is1" = Sweet Home 3D version 3.4
"SynTPDeinstKey" = Dell Touchpad
"Tunatic" = Tunatic
"VLC media player" = VLC media player 1.1.0
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.02.2012 16:55:24 | Computer Name = laxgruende-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 
 
Error - 09.02.2012 17:22:17 | Computer Name = laxgruende-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 
 
Error - 09.02.2012 17:56:38 | Computer Name = laxgruende-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
 
Error - 11.02.2012 19:31:28 | Computer Name = laxgruende-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 
 
Error - 12.02.2012 05:30:32 | Computer Name = laxgruende-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 
 
Error - 12.02.2012 16:28:59 | Computer Name = laxgruende-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 
 
Error - 12.02.2012 19:37:50 | Computer Name = laxgruende-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
 
Error - 13.02.2012 16:22:27 | Computer Name = laxgruende-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 
 
Error - 14.02.2012 12:53:29 | Computer Name = laxgruende-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
 
Error - 14.02.2012 17:44:00 | Computer Name = laxgruende-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 
 
[ DigitalPersona Pro Events ]
Error - 05.08.2011 08:48:39 | Computer Name = laxgruende-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 05.08.2011 08:48:45 | Computer Name = laxgruende-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 08.02.2012 17:35:20 | Computer Name = laxgruende-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
[ Media Center Events ]
Error - 07.03.2012 14:36:48 | Computer Name = laxgruende-PC | Source = MCUpdate | ID = 0
Description = 19:36:48 - Fehler beim Herstellen der Internetverbindung. 19:36:48
- Serververbindung konnte nicht hergestellt werden..
 
Error - 07.03.2012 14:37:02 | Computer Name = laxgruende-PC | Source = MCUpdate | ID = 0
Description = 19:36:53 - Fehler beim Herstellen der Internetverbindung. 19:36:53
- Serververbindung konnte nicht hergestellt werden..
 
Error - 07.03.2012 15:37:10 | Computer Name = laxgruende-PC | Source = MCUpdate | ID = 0
Description = 20:37:10 - Fehler beim Herstellen der Internetverbindung. 20:37:10
- Serververbindung konnte nicht hergestellt werden..
 
Error - 07.03.2012 15:37:19 | Computer Name = laxgruende-PC | Source = MCUpdate | ID = 0
Description = 20:37:15 - Fehler beim Herstellen der Internetverbindung. 20:37:15
- Serververbindung konnte nicht hergestellt werden..
 
Error - 07.03.2012 16:37:26 | Computer Name = laxgruende-PC | Source = MCUpdate | ID = 0
Description = 21:37:26 - Fehler beim Herstellen der Internetverbindung. 21:37:26
- Serververbindung konnte nicht hergestellt werden..
 
Error - 07.03.2012 16:37:34 | Computer Name = laxgruende-PC | Source = MCUpdate | ID = 0
Description = 21:37:31 - Fehler beim Herstellen der Internetverbindung. 21:37:31
- Serververbindung konnte nicht hergestellt werden..
 
Error - 07.03.2012 17:37:43 | Computer Name = laxgruende-PC | Source = MCUpdate | ID = 0
Description = 22:37:43 - Fehler beim Herstellen der Internetverbindung. 22:37:43
- Serververbindung konnte nicht hergestellt werden..
 
Error - 07.03.2012 17:37:51 | Computer Name = laxgruende-PC | Source = MCUpdate | ID = 0
Description = 22:37:49 - Fehler beim Herstellen der Internetverbindung. 22:37:49
- Serververbindung konnte nicht hergestellt werden..
 
Error - 09.03.2012 06:41:41 | Computer Name = laxgruende-PC | Source = MCUpdate | ID = 0
Description = 11:41:41 - Fehler beim Herstellen der Internetverbindung. 11:41:41
- Serververbindung konnte nicht hergestellt werden..
 
Error - 09.03.2012 06:41:50 | Computer Name = laxgruende-PC | Source = MCUpdate | ID = 0
Description = 11:41:47 - Fehler beim Herstellen der Internetverbindung. 11:41:47
- Serververbindung konnte nicht hergestellt werden..
 
[ OSession Events ]
Error - 30.03.2011 04:22:52 | Computer Name = laxgruende-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3287
seconds with 1980 seconds of active time. This session ended with a crash.
 
Error - 15.10.2012 13:15:39 | Computer Name = laxgruende-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2598
seconds with 1260 seconds of active time. This session ended with a crash.
 
[ System Events ]
Error - 19.11.2012 04:42:44 | Computer Name = laxgruende-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 19.11.2012 04:44:50 | Computer Name = laxgruende-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 19.11.2012 04:44:50 | Computer Name = laxgruende-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 19.11.2012 04:44:50 | Computer Name = laxgruende-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 19.11.2012 04:47:08 | Computer Name = laxgruende-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 19.11.2012 04:47:08 | Computer Name = laxgruende-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 19.11.2012 04:47:08 | Computer Name = laxgruende-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
 
Error - 19.11.2012 04:49:02 | Computer Name = laxgruende-PC | Source = DCOM | ID = 10005
Description =
 
Error - 19.11.2012 07:54:26 | Computer Name = laxgruende-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 19.11.2012 10:53:35 | Computer Name = laxgruende-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
 
 
< End of report >
--- --- ---







GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-19 16:40:16
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0
Running: 33q5j55g.exe; Driver: C:\Users\LAXGRU~1\AppData\Local\Temp\ufdciaog.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT 90FD0BD6 ZwCreateSection
SSDT 90FD0BDB ZwSetContextThread
SSDT 90FD0B77 ZwTerminateProcess
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E52A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8C4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E9362C 4 Bytes [D6, 0B, FD, 90] {SALC ; OR EDI, EBP; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82E939CC 4 Bytes [DB, 0B, FD, 90] {FISTTP DWORD [EBX]; STD ; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82E93AA4 4 Bytes [77, 0B, FD, 90] {JA 0xd; STD ; NOP }
 
---- Devices - GMER 1.0.15 ----
 
Device \Driver\BTHUSB \Device\0000008f bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
 
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000091 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
 
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619f65e84
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619f65e84 (not active ControlSet)
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
 
---- EOF - GMER 1.0.15 ----
--- --- ---


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
laxgruende :: LAXGRUENDE-PC [Administrator]

19.11.2012 10:16:19
mbam-log-2012-11-19 (10-16-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202935
Laufzeit: 12 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\laxgruende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

t'john 20.11.2012 05:52
:hallo:

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
:OTL
O4 - HKLM..\Run: [] File not found
[2012.11.19 09:29:44 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
 
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\laxgruende\*.tmp
C:\Users\laxgruende\AppData\Local\{*}
C:\Users\laxgruende\AppData\Local\Temp\*.exe
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

laxattax 20.11.2012 10:05
HI T-john!
Danke für deine Hilfe!

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\laxgruende\*.tmp not found.
C:\Users\laxgruende\AppData\Local\{00062C74-50A3-449F-AEDF-7B33E7FCC7AA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{002D2D5F-2BF2-496F-9067-98491901B10F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{01796DB7-90DE-496B-A669-9CC49098497B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{0346AFE5-B892-4897-8B9B-65C93E1E6616} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{0354180A-B6C0-4EDB-95A0-C80F1E8C9E61} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{035C5BDF-53DD-4F6E-974F-A7FB63649D27} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{03780473-BE1C-42EA-8C8A-A79939428759} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{055144C7-44B1-415A-BD37-3908A36D5FB9} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{058A5B2B-EC52-48D9-A93A-B6503094E8B4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{061C44B2-3146-46F9-871C-DAFAB3EE3FA4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{0786AA44-7493-4689-B594-36D376ACBA5E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{08523C8D-834B-4870-8E53-A256706C9B55} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{09776857-8003-467B-ACBD-3534501F20A8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{09A713CF-AD17-4BC3-B13F-13EE90178EFA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{0A2DA2F3-B08B-4797-9CFF-0D9017F843E5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{0C230FD2-4895-44A6-8D4B-C4DB0F628D3F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{0C989764-1D4A-4E0F-AB15-EBA80A5343C3} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{0CA1E839-CEB5-4FBD-9352-CFCFEA1ECB7A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{0D6712BF-77C4-4900-B308-2C45B9DDF1BB} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{0D74AF58-F6DB-4F03-86FB-F1E65E8E38BD} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{0EF794AA-4325-456A-8D63-F08D1B66C9F6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1052028D-DB74-418C-9ADE-52BF29F90799} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{10B38BB6-C4A5-4D61-8E18-3C9ED5780A71} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1156C604-4F2A-4E8D-801B-041203E8ED1B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{124FCC8D-3A43-4EDA-8A30-4673B18610BA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{12A80BFA-388F-4517-B506-91A4B64DD292} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{132366C9-9521-476D-B03B-71A5B23E4440} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{133D26AC-F745-44F2-A74B-599A5BEAFC36} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{137E1A68-94CC-44BB-819E-BF1A5DA9C335} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{142D50CE-3907-4D2B-AFD7-4193F4FEC14A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{146136FC-BCED-4CB5-9BF7-AAF2BF673260} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{150A2F09-5BA2-41BE-A524-BEB13FD27305} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{16EBAA79-3F8E-41EB-A545-E73E8FAE26B3} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{171D3ADE-D51B-44B1-BF5A-EF96D06AD151} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{18D2EF4B-B183-47E3-9629-04413D1780CD} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{19C2F23B-0297-419A-9264-5D367FCC3882} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{19C79A70-6CAB-43C8-BC9C-9416063E03C7} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1AD7E679-D765-455F-AD51-91273B5198FB} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1AE2DCC0-C92D-4770-847F-5CDDA4C7CC2F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1B8D2C5F-CAEA-4733-9568-6CCBFE249F7F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1CE5AA8C-A2E1-4BF4-980C-758F24D35DC7} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1D1B061A-0FE2-4057-B048-BACDE70D30F5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1D41C076-58C6-4D0B-AA23-65ECC749F790} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1D7B5BE2-4F27-4707-AE1D-8C7B3478BB0D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1D85EB2C-24C9-42DA-8E8B-52993E667536} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1DDA34B5-9D02-441A-8EFF-F8DFADC5AFD9} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1E877656-3FDF-49CE-9BD2-E0C0A96B62FB} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1F44C0E2-DD42-4245-9AFD-55B42656C8F1} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1F67EF1A-AB94-4D66-B391-D7A67558CCDC} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1FC73F2F-81EF-42CD-847F-9A467BC98BE4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{1FFA3FAF-33C3-4419-8D1D-F0C7E7514E82} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2038B027-1DD2-4856-8FC3-F03B28ED2916} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2081DE6F-BCA0-4EA2-BC60-B7F7196FF081} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{212679A3-62C8-41FC-90F6-4F337C8C7EAB} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{214050EA-D22B-4B13-A0FB-937F4982675F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{21DE2C71-F376-48CB-B018-56E868260F7A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{22F40CBA-B253-4024-A2E7-A0AEE75FF099} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2366817C-C525-40E5-ADBA-FD9E0B0FD71C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{23A021B0-BFFF-4614-9299-0E879D682B82} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{23D13774-A1E3-498B-9954-83AF96458EB0} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2408067B-77F2-4719-A1C6-EB0F48924F9A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{24103621-4655-4F64-9DFC-992AB3D74820} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{244D9FE0-6B62-41EB-9250-BC1ECBB33B39} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{24D3310C-7FC4-4172-BD5F-805C8E9B6D49} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{25549483-EF71-4B09-87A5-A4B713DD6F79} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2617DD4D-6773-4C1E-81F9-82CF0FA7AB06} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{271FE808-D089-47BC-A72C-07BC52428FD2} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{278661C1-AC1F-4021-AB90-2EA631EC4D16} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{28EF1A9C-F710-4EB0-887B-336E234C05C2} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{29B82400-5689-47CD-9723-F40253A1BDBA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{29CAD5B7-2616-46DD-8821-321FA2448EA6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2A9D468F-48D2-4C2E-BF65-76E15F31B2C6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2AB53312-28DC-4126-BF53-7F7ACA43CA5A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2B0C6899-26B2-44F7-B236-6E338EBF1E6B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2B6982CA-F2D4-4A1E-90A8-B975A79A2CB5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2CF65612-FA78-4E92-9C52-2F13E36EAD53} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2DD93E13-512A-4182-AC2F-B9ADB8E5008F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2E224F35-DA0A-4E98-B09C-79C95CEFB758} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2E848ACE-98E7-4705-A85D-CBF0BBA71368} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2E89B277-AA64-4327-BECC-AA8572DC9AAA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2EFF6B7C-F447-4729-8B3C-2FA1093CED87} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2F3EA85C-E38B-4C23-8B57-2EE490DA468C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2F466BD8-A02A-49D4-958B-862CD5A44F00} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2F5F24E7-2C0E-44A8-9AF8-06D2A1627383} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{2FF53603-5DCE-4394-8BF6-6EC72DA683C9} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{30A0F705-55DD-4D50-89D3-9354D9CE1D29} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{30A64537-0659-43A7-B8A8-AC9EF4C7504D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{31F6727E-6225-48A0-8856-E1B5091BDB9F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{326CDF51-69D5-4323-9895-CA2C43FDC6FA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3296A220-0EBA-4E86-BC86-86DD690F723A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{32B957FE-7F4B-47FE-9C3F-922F51AE04F1} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{32C1AEF3-E1BF-456F-BD8D-E82EC37793E4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{32E81A9A-88C1-4629-9D9B-25A925235479} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{33C1FD65-099B-4D00-906E-48E2C7BCD869} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{33F77E22-458C-47B6-978F-5BD044EF27E6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{340CF801-FA53-49B0-9C61-967022FA51F6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{34997B52-16D7-4872-9DD5-41C720B35BC4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3606C7FD-5A33-4F0D-8CFE-CB73146BE806} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{36798664-5BB1-46D1-8F60-E7320B87E753} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{36CC420D-4811-405E-A313-D8D031AF28ED} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{370E2CE9-7BFA-48F5-BFCC-069B92D07A47} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3735378A-2AAF-4E6F-B638-8F91B819AFB0} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{37478141-0A02-4F9B-B8C2-81B133250032} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{37598FB3-EE1D-4E19-9F10-D5744C72ABE7} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3848206A-93CF-43BF-9018-684AAA9C10EE} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3854421D-5121-4C95-9BFF-A311D756BDC4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3A098492-4E12-46F1-B57D-1684BEFB4E30} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3AA14688-4A31-4A58-AC08-A8B971FCD8DA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3B28C119-13F8-4406-ADE3-34112B06BDDD} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3B38DC9E-A78D-4DDB-8A90-09738127C2C1} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3B43C3E1-CC1F-4F55-9A29-DB9FAAC341AA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3BDE0C6D-B2B3-46D6-89B7-E9A1F110C7DE} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3D47DB3D-61DD-4A3A-8FD2-23604DAE667C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3E321709-80E0-4F9F-ABA3-6BDBF1681D04} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{3F225116-8C5C-4D46-8710-5C22D2E663C2} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{407D5BFF-E6E6-423B-A6AE-C7DFFD48CD72} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{414FDC58-3F8F-4083-BF56-169DF7F47FE5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{41815C56-5597-498A-B41F-C93720B0B14F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{41FBCCD5-E3C3-427D-ABBB-7778F1B7759E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4293164E-060E-4FEB-9D6A-3C716DEEC19B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{42D85AD4-1BF0-483A-8B22-BEF233139648} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{42E788DB-078A-4850-BEA7-1AE9223476D6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{43ABE192-D49E-4611-997C-27E8056D8050} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{444D3A31-29A7-4DD1-8AED-4E3034570C53} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4489AAAE-3C96-439E-8E60-CD5536437362} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{44A8B0D3-0C22-4707-B68C-D841838E7F74} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{45D1486D-60BE-43CC-82F1-FCB31D3CB1D6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{46173272-EA5C-46E0-B76D-1CB1D78CED73} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{467E945B-4E71-4DDF-A3EE-62CCDEED1D8A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{469B55DE-07AA-4D29-9576-A4DF5868F35A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{46FA7FB9-9808-40D4-9E51-440D0235556D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{476F33F5-6534-4246-A034-A9D529457AC2} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{477075AE-EEE0-46B7-9CED-7745606BD854} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{483DEF69-50BE-4F14-8FE0-254C51D2E5D0} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{48B3E3C4-025B-4DF3-BB7E-5C1989B8CA1D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{493E742C-7D4F-411C-AA49-A49B58562440} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4AED8561-68ED-460E-922A-71D6CBCD9FA4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4BE668ED-6D21-4092-9293-E6C04FACD162} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4C769B48-CEAD-4D87-AF26-9529A70DA487} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4CA7E37B-7DDD-4593-A2EB-A77E9AF5CD44} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4CCB86B0-0A2E-40FB-B73D-88BDCD217F68} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4CF3FF02-A5BA-48B2-9342-1AA16173EB8B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4D793D3F-444B-4CB3-9DD8-BF2CDF31DA5D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4DFA6D68-D910-4A0B-9689-62EC7B98F251} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4E057541-CD27-442A-8868-5937DD32F30E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4E2A4733-1458-45B4-A4CE-7F315DFDD51E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4E669697-C9FB-4B37-AFD1-99B0636BA160} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4F6B5DCE-A699-41D9-9A6B-F22B2757E21E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{4F82951B-2750-498F-B703-C2064287156C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{501664A6-4C94-4E71-A2B7-6E8305899083} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{50A7B802-0414-4236-8DBC-26DFD3326A2F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{513E4B46-3F4E-4F9B-BBE6-36ADB78038A3} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{515CB7B9-A2CD-4F5A-AA4D-FB66ACD223C8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5234B143-CBFC-493D-A3CD-5EDE2A462EB4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5274AE88-61C6-4DA8-9E98-0B051A79521D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{528CA151-EAB0-471F-9575-69A5F5F3B6E5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{52BFF762-EE0E-4596-B45E-84807953F3CD} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{53ABB0BC-1D56-4AD8-A5B8-E157F157FFDF} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{53E47F66-7982-4519-9F32-65F15055E577} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{551739DE-9CBA-4608-A478-398DCCA8CFDB} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{55CC2B5D-C19A-4C17-A150-38FB99D4902E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{55DA5885-8227-4D0D-824D-5F78F07231BA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{564970DA-9232-42A5-89F6-20D7E3BC035B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{56FFE918-07E9-4767-8F17-AA3A15702043} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{57175DED-E18D-411C-9515-B52DA6EFAF63} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{573C9BC0-E434-4DF7-8D4A-8CA760986231} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{57585BF2-F1D4-40E7-99EE-A6B1EB7710EF} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{57A3FBF1-02C7-48AD-AD16-05FB4A2EADAB} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5950BDC4-724D-432A-BC8A-E6D9B7FA7CE5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5954954D-48B8-467F-BAB6-D501273606C6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{59786D2B-76EC-459A-83BD-CC3EF7AE8CF6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5A8C46D4-E03E-4E67-9A57-95D23895A3D9} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5BD9A972-4A01-484F-8BCB-12EEDD7BFF7F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5BF05A51-B1AD-4B38-B610-552DFDD98A22} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5C24853C-D7C3-48A3-94A0-8155CFDB1DAC} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5D357998-C037-4965-BC97-A81B464D06EF} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5DBCE800-F668-42E3-BED3-0AD4B3B7DE3C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5E05CD36-84C1-4179-B236-5672CF3F6D19} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5F05E8FE-5106-4173-8472-C748033D7780} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{5F8B346E-DC03-4C12-84A7-70A3BB198BB1} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6024EC0C-613E-4926-8D5F-0704AEACA07D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{609B15EE-C8BA-426D-8E60-834976DD9FE8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{60F55177-9839-4451-A8F9-A376FE07CB3C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{61E06F24-BA53-4ACC-84A1-858A635D77A9} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{62803C99-3B15-4757-ABB9-E903C8255AD4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{62807075-2EA7-4470-BB27-F3D56B9BE018} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6320B417-8F86-45AB-B9FE-3EBE352A7A71} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{63EAFC62-20B6-4F6C-BD55-64C27E6A9E40} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{66B22FD0-4C67-452A-8A4E-C22F97652C22} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6806F785-8E34-4E2F-815D-385DF77C81B5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{680ED63C-9E71-42F7-9D4C-27B30DA77E71} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{68255898-76CB-4F45-AFCC-FEA10BBDDCDC} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{683C50B8-D11A-4D56-9375-8316C4CCA897} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{68522979-6972-43BB-BF73-8030EA93A590} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{68C96839-3FF8-4FBA-8A2B-4F9CDD66CA98} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{69BEBE44-0486-424B-BF29-75505FB65468} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6A559CD0-0444-4347-A2FA-56526DF95D61} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6A799A25-6064-4BAC-AFFE-46992C5C51E1} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6BBC8AE8-CC65-48E0-85DF-A5755196F17F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6C36E0CE-B4DA-4830-A644-E9F6B7C4698F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6CBC288D-B8BB-46DA-8933-43ECC601818A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6CD9CBF4-CD51-44E8-8920-DB44BA580F27} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6D61B558-0022-4761-AC3A-381C379C3FEA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6DB8DA72-2A2E-4DEE-BE2E-BF62C173BB0E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6DFC1FB3-4234-4E12-B74B-4A4D85B8BDA2} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6FE095DE-0088-46A7-8C78-00704F880C24} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{6FE4806D-5CB3-4690-94B6-4F5CAE8D1928} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{70890376-50D4-4983-A87A-AB5D212AFF78} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{70AB992C-403E-4A1A-8F5F-DF0205790A52} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{70C3F9D7-2E62-404E-9F27-5B69139219E5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{70F4997F-5F24-4020-8196-B20E4351D643} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{70FE1BAD-2CBC-4065-B3EA-A1C94642E732} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{71116B11-6496-4C5A-BDAF-AF8C046CE17E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{719D4539-7679-423F-9F54-2C0A17B0A956} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{71BD3111-87B3-486F-BAD6-623D37BA2F1A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{73F70CDF-4F08-498F-AA6F-19FB63F42A25} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{744C6A0C-3813-4BF4-B762-9F091E6C3A43} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{74F00725-2864-41E0-A208-7559683D7DC7} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{765FC1E6-BFCC-412E-8A92-C106589B898F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{768CBDD9-C838-427E-952E-9A14934715F8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{76CC0861-B2D6-4E52-B601-3FDB4BE82FF8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{76F15A0E-0333-4CC1-A640-DE0C5B86E07E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{76FB3AE0-5BD8-43D1-87DC-1464E7143AEA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{770F146F-EA40-43F1-A0BE-A9C60CDAF835} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{7793C66D-174D-4A8C-9A42-F0B18F43C1DD} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{77BEEEF3-B754-4AFB-8E98-0323275673AC} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{77CFD352-A0D7-48CE-B83A-CACCEA10DB62} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{790A5CE8-BCBB-47A5-A33A-6D3AAC56762D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{7AAFEDFD-3FCF-4E94-B29C-A26EDDC61585} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{7E3C2A7A-8561-4AD5-BEB4-16B388317E60} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{7F44820D-12F6-4EBF-90EE-ED8E4CD57487} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{7F796499-C7E1-401A-B289-0F48810B0343} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{7F862AE9-9D6D-44EE-A9A7-8CAC3F00B826} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8010E3D0-8E42-47B1-A3B2-8D3D6B1CB041} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{801212C6-1B53-4A83-B5E0-48ACE17D518E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8020C47C-8D4A-4DE5-B6DF-6FDD0A7C8A6C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{80ADFF5D-3F85-41D4-9FC8-0454EC38228C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{81D13541-DC65-4880-BA44-5ABA821A34DD} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{824F5833-EA1C-4E1D-B2B9-73AB8CC53F3C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8383DF7E-ADE9-4593-B3BF-D9055718BF67} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{84AA8EDE-0B48-418B-A0DD-15BFA85A4D2F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{855C5609-E74E-4BF3-B41B-F19606D61F6B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{856BFFDB-3901-46CD-BBFF-FFF10A4F4122} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{856ED1C2-2CCD-4FE5-ADCC-4C32EEFA91B8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{85EA6628-27BD-4522-B75E-659100ECD033} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{861063A1-2E5F-4F36-9BD4-EBED2617590D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{86EC1E6D-0F16-4CA9-94A5-836C4F7AF08F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8956F4DC-5526-4296-B6EE-EA0EAC78FB93} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{89C22C75-6B6D-4CBC-AB50-D388D30DCE5C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8B6580D2-3A4D-41DF-80EF-485DDDF25439} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8B806D4C-2F0F-4468-BE40-B2ED70826B40} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8BAFBB29-264B-4FA6-B027-0531BC59D3F1} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8C880C0F-2906-4BDF-8B84-3455126C8451} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8CEB79C2-44F2-48A1-AF42-DF30A4C47F78} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8CF1FE5E-F210-446C-AE83-0DE852192C37} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8E1C9555-1A86-4CEB-8FF3-F588ABD18BDF} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{8E9B0213-BEF0-4DD3-BEB3-870E07331712} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9053808E-989B-4E91-A72C-093441DD3C84} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{90AE268D-A11C-4A88-A04D-D331FEB42E3D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{92C01ABD-5307-41E8-BDB2-58E16AEE212D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9392C3F7-A5E0-41A0-B587-191B4753F869} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{944DA861-C66A-4490-ADA9-59AB0DD6191C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{94B6F4FF-74D7-4CF9-B6E6-57B7B81B12E8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{958D3884-4E44-47C4-A4C2-F91C0FD841A9} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{95CFF804-537D-497C-8BF9-3B29D31401D6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{97DC74A5-B856-49DC-89CA-F40E591804CB} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9872C131-5AAA-49DD-AB46-277697267856} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9914AEAC-1B12-4F5F-87A2-40AEC02A715E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9952C56C-A643-438E-8AFC-4498DAB8484E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9954CA34-297E-4352-9D23-C1A645148C1E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{99CD1953-D0C3-4B63-A7B5-47937096DBE6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{99EC4DDA-5D0C-4B3B-8954-97934209C497} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9A3C8606-62AA-4B05-9507-C286F6FAC089} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9A52E347-C751-411F-8F9D-AC8895D4E0EC} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9A945937-B99F-44EC-911C-E80053DF1374} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9B6571D6-9511-449A-A478-9AD83AC3E504} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9B6DCE18-4989-49BD-A9ED-09FCE47146E9} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9D1189C4-D2B5-4426-B71C-5EA6362D143B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9D1A70B5-2CE1-4B96-AE5B-198AB514111E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9D3EAE30-EA71-4FFD-A139-AB800836AD00} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9E0B143D-A942-4A47-B7A3-201C10C22442} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9F138397-922B-43EC-B425-61EF3F7A9793} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{9FE8F04E-02DA-431E-BA1B-4CC97962A7F6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{A143ECEF-617F-4903-BFD1-192D314DC599} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{A1A29449-D8EC-45B4-A334-8C6F22475876} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{A37FCBF3-B10A-4BF6-AED0-799CD10A7A4F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{A3F94C33-ABC5-4BB9-A43C-C115FBC66EA8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{A670FC22-6756-4458-AB14-EF51CE24B92B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{A8D03A0D-8A90-48BB-A1C8-F80E12386449} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{A9C835BD-2FD2-49B4-B98D-98B143491C22} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{AA690E47-EF29-4375-86C3-DCEC5C207073} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{AAE982A9-0E08-423D-ACBB-F6CCE1BA8AF5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{AAF44B9E-8871-4C3E-9E06-C66CB14752F0} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{AB08FC5A-0605-4712-A51D-ED039BB26057} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{AB51576A-4ADE-4757-B530-FFA47DA3EAD3} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{ABCB26AF-64F9-4D98-94F0-19F5D446BF0E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{AC23BD28-CAFC-49A7-8346-9D60B0571183} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{ACD25320-8AEE-4CBA-99EB-735F0F041AFB} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{AE7EBAAA-1B4F-41FC-A61E-DCC48181AC53} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{AFBD59DA-4E66-4855-836D-9B5FFED0581A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{AFD6F44C-93B1-4EF0-A3B4-74249C7D83B4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B071681C-917E-4D0C-B08F-A703C238F784} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B199A403-3194-4335-90AE-1F41A644D6CE} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B313A2B0-F757-4175-A252-B6FBDE8D40C6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B33BD6A1-A918-4EC3-8BF9-E423FDDC2AB4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B3718DB1-23CD-4ACC-99C0-4282EE3D5D1C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B4874B43-80BD-462C-B59A-479BF67F9943} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B4B245FE-6D3F-4EEF-B403-6E7C5ACCE692} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B53B199E-8405-4748-BC74-0CCB23D78EF5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B5973B4D-1487-4F0C-BAE3-B01808ED50C8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B5B92BD5-275D-4DAD-98A9-52EC82746F26} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B5D0F606-270A-46F4-B68A-D1723A9CFA4C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B6B5952D-6B9E-4BB0-A05B-953631294062} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B6CFF1F4-8533-4FE6-BF89-6A193A611878} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B70BCE5E-3316-4929-A5EB-5EFAFCCF37A5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B7377CF9-CDDF-4BAD-BB62-22BD8C475642} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B8825C24-A388-4D3A-8D18-3350372B5368} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B90A42A2-D73B-407C-94A1-096E633B3B69} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{B94086B1-41DA-4A1C-A1F5-375057EF0BD2} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BB351620-6052-4391-8E32-5CE3928B8B20} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BB667635-083B-4879-9613-99979E392963} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BBB1DBFA-8C67-4057-801B-70B8B494487D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BD0C586B-DA73-41AD-B04F-EA6C204FF3A7} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BD71D9CB-FA55-43C0-9800-6F7E5C46DBCE} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BDD36BC8-2A56-413F-B15D-28419DE45B95} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BE2F6C70-5860-49AF-8A21-9BB307790B40} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BECA3418-28D6-46E2-B33B-6CA5BCD446D3} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BF6FCE4D-6E5E-417C-928D-7366A00C298E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BF93A7DF-F2F0-4A20-A8E7-A94C198FE799} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{BFEE068A-B9D7-4EF6-96BF-6BED192C8E5C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C11CC88D-901D-418E-ADC9-8C03AF264B6F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C14B2570-95CF-466C-9921-5335D589DEF3} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C2AFAE48-C095-461C-8D07-5BC1B2602984} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C2B8D78F-FC4A-4F66-B205-CD62ECBC92D3} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C3272BF1-FB7F-435B-9FA1-5F1C63AA24E0} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C3753A0C-ACCD-4F88-86CC-55540ACE6048} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C3E66725-F1E3-4571-9EEC-E5DF86B11452} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C52F206F-F291-4F32-A322-EFF640DF0F18} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C60D3EDD-D14C-4776-8D21-EEDA4F1D8790} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C63BB400-7257-438C-9C7A-A6374C4BC4F8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C815D31D-AA89-4E88-87D1-4508903813C8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C8615743-D8B3-4F2C-A180-C12892BA0062} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C913EF3C-5549-4478-93CA-A180785656E7} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C91AA204-DFE8-452C-9170-DDD635B5E17A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C95FDC00-F2C4-4F8C-9717-7AF08036D589} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C9CB665F-7A0B-47E8-BAAA-6E745131AA65} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{C9D59EC2-F212-4A25-B7D6-BD0FBFC887D6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CA480536-37E4-4EC6-864E-BF2C9F28ECC5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CA5D50C5-6370-418F-A7A8-1E52645B6894} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CB5CA233-28F7-418F-8F2F-B3BA2F639469} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CBCE5364-5DE1-475E-AE4E-525EE7F536E1} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CBF1B5EB-ECCD-4B2C-A27C-CE73A5F689D5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CD9F0163-2397-4FA8-9105-C34463E7CBE7} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CE04AC66-8DB6-41DC-8DF4-037B7E6D4756} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CE059A2C-358A-4DFC-AF92-EAFC06F36E1C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CE277F44-A814-4ACD-9D7F-9990B72FE500} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CEEB3603-A5D0-41AE-8411-058FEBEF4221} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CF29935E-F7DC-4571-AF0A-B4561950968A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CF436553-771E-4B29-8064-748EEEEBFC9D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CFDA9B7B-C60E-4FEE-BCB8-79E7EE911E78} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{CFFF91B0-B550-4128-BB9F-07BE4BDD1869} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D0C0DFD2-ECAD-403D-9F50-8216B1E52D41} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D0EB5FA0-3D47-4A46-8149-680616ECB521} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D14819FB-41D7-4BFB-BDB8-2E4DCC9DD1A7} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D20D4DA5-B5E2-414B-A62C-8A01DAAA1EC8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D22096D3-272A-4005-B254-B7920EAAA95B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D2945373-627D-489F-9935-D65C430460FD} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D349BD93-200A-4972-91EA-6DAA75007E4E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D3608C6F-092F-4D55-B137-E7609BACC0DD} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D3F08E02-420A-4EB7-8C30-DDAB4CCCEB81} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D3F2A3F7-E17F-48D3-87A0-778B5B7B88C6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D40B170F-38C0-469B-8BEC-5A9D2D815DB9} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D46DEC45-5529-48E2-B71E-74485A1AAAA6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D4884813-1569-4560-B82A-91821AEB00E3} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D509E9DA-7DDB-454A-B139-21BF1538DDBF} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D5319A03-359D-48E8-98C5-DC5EE75D4EBF} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D5C0E79A-47FF-4D72-9A0F-D41FD1F5540A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D6012F09-543D-4565-BF09-02EC69E07D3C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D6A49B1D-A57E-4E21-8A1E-9E3CE17776E0} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D70A017B-5C5E-464E-8FE5-215A98B491D4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{D8D28683-EEBE-4909-A854-0B98974CDD7C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{DA0A0BF5-949D-4007-9053-50BEB90EA696} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{DA1268C6-D73D-4644-BB6B-7ADF72B0716A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{DB2AD481-C06F-4A67-9EDD-CED9ED2793D4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{DB8D767E-53D1-41E4-88B0-8FF72FE32769} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{DBB18EA9-23DF-4552-BD42-829CCB97F6C1} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{DF9DA244-26EA-4EF0-917E-E0FF3BA660CD} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E02747AB-5357-4755-839B-BF4EE80A8DC2} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E10292BA-9626-40AA-B08C-C71EF1D72861} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E197DB9E-C6BC-4F32-9A67-2269D0723A6F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E21A87F1-CCF1-4D6C-B008-49B46B421FFF} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E2A79AF2-F230-4E5B-AC5B-977DB9B44C62} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E2AD53EB-EC45-492C-9EA9-5B6B690B2433} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E2D070D4-8E6D-41C5-9C6B-EF42F2AA8A4C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E3051B7E-959F-493A-BCC2-DA0E17B40365} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E372D5A6-C99B-4202-BF7B-5E9D11BF9A5B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E4353C87-C3FD-4080-88F6-25E1534B0E2B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E43E4682-F1D3-4BCA-A0F4-255B250ABB2F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E4B89C74-B9A4-4B5F-BA80-5405679E92EA} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E6A0AA98-D561-47D0-A3AE-9919F11FDCF6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E7216C7A-FACF-4B42-A5A5-D0D1FE10C581} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E83D594C-5389-4D3A-843D-B709B917C8AC} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E86FC0DB-8FA9-45C8-944A-B2BFE942A1E9} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{E8F32C29-0423-474E-A26C-B85E9645AC8F} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{EBB48F34-181A-42C9-A6C5-8A3692ED289C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{ED4EE292-A529-4865-97A2-33CFFB8EC42D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{ED73D3AE-E820-4EAB-9C61-6EA2B5F13531} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{EDE79D5B-3C1E-4198-AAA0-D333726D22B0} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{EEDF0966-BBFD-442D-B589-5262CEE0C1A8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{EF041FDD-28CF-4293-8A4A-E01DB611F6D6} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{EF4323C2-D479-4F6E-8D81-4C05D7C6C07E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{EFC68325-7F71-4087-90AC-BE44D6410115} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{EFF7470E-18FD-42DF-AB67-D1F1AE8037D5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F20BE290-8416-4DB3-9F73-FB5FFBE38243} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F20C3747-BF55-4BBA-8CDD-C1C5D2DC44C2} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F340625D-E583-46BA-8B04-91F1278B803B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F36FE05B-5B18-47D9-9B75-CB1D8692290E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F375DC66-D3E6-4B8F-A93D-8A3781464E61} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F387643D-3B9F-4EB9-A6A6-A5F7D6DA0C13} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F43928B7-9FF6-422E-8927-5749B1FDA9F3} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F44FAB2B-5D0C-4ACF-9F5E-B9FEA2904874} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F44FD283-C7B8-4FE2-983E-EC2C7F53E1B4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F481F66B-4D44-461B-9903-7E3825904BA3} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F4AAE15F-5CD7-4E03-B280-FBAA971EC185} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F4CD8CCA-C414-4AB0-935A-273A3CD2F01A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F58BD040-C8C6-4F42-868E-E98A1DD6587B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F5F43185-5287-4F45-86E8-5AEBFDE93E47} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F687BD0D-8B03-49EC-8BD0-195722C390E8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F6BA4516-6C2B-4346-912A-B3888153158E} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F6F6ED9B-EE37-46CD-9381-3952E641916B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F78FB21D-125B-41D8-B422-0C184312A20A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F7948B2C-FBCB-46AC-8000-6040398FF48A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F7EAA038-DA18-481E-9A71-22C5BE33C6D4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F883C0A8-AE2F-4932-A338-787DCF0B2AC4} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F8A31F67-AF9C-4CCD-BD99-C7294A6679C5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F8FDC2B3-9C1D-4E0D-8790-3EF38542DC51} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F90A214A-9397-476A-8605-6B078000C48C} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{F95A1AF7-3D6A-4135-AC28-04B51F4CC17B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FA2D91EB-B5CB-4E6A-B12A-7157FA8947B2} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FA6CABE5-F976-492D-BBB5-6876C311A318} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FA83A05A-830C-4748-9010-F4D267D7B0BC} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FA95CA23-3769-4019-969E-A9DB3CDC0582} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FB00A438-2B23-4021-BBA3-02A5652A823A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FB362943-26BE-4999-B9F9-B0FC98E6B817} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FB63D221-0CAB-4113-AD19-D4698D30ECD5} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FB728070-AD5C-4058-852D-82CEAF17072B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FB95C214-5535-4AF3-BB42-5F04EE4C1C5B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FC0C4CD1-346F-4BA8-BC6C-72386726819A} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FC88CC8C-AB45-4631-A28C-493EA2DB329D} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FD2B644E-6D7D-46E2-95D2-F4D9A6C911A7} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FE6C8002-B1EE-4531-8D51-20D7C79DB7C8} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FEA67BA7-16FF-47CA-AF56-5F23B87673D2} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FF2FDE0F-CC3B-4778-A89F-14C3CC9DB318} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FF3EB45E-7D05-4915-B77C-4308933A0E62} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FF4C72B3-A709-4F9A-8A18-FB001D47D87B} folder moved successfully.
C:\Users\laxgruende\AppData\Local\{FF54EB8A-C8B9-4C44-8AB9-E679BD278943} folder moved successfully.
C:\Users\laxgruende\AppData\Local\Temp\DataCard_Setup.exe moved successfully.
C:\Users\laxgruende\AppData\Local\Temp\MSN5DE9.exe moved successfully.
C:\Users\laxgruende\AppData\Local\Temp\ResetDevice.exe moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\laxgruende\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\laxgruende\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\laxgruende\Desktop\cmd.bat deleted successfully.
C:\Users\laxgruende\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: laxgruende
->Temp folder emptied: 3759015 bytes
->Temporary Internet Files folder emptied: 979653325 bytes
->FireFox cache emptied: 61114580 bytes
->Flash cache emptied: 75990 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56484 bytes
RecycleBin emptied: 4467193 bytes
 
Total Files Cleaned = 1.001,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11202012_094231

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Malwarebytes Anti-Rootkit hat keine Malware gefunden -> kein Clean-Up nötig sagt er.

Soll ich trotzdem noch den AdwCleaner laufen lassen?

lg lax

t'john 21.11.2012 02:58
Weiter mit Schritt 3!

laxattax 21.11.2012 22:10
Code:
# AdwCleaner v2.008 - Datei am 21/11/2012 um 22:04:03 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : laxgruende - LAXGRUENDE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\laxgruende\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\laxgruende\Documents\Software

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Ask&Record
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Conduit

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default
Datei : C:\Users\laxgruende\AppData\Roaming\Mozilla\Firefox\Profiles\sr8x4tn7.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1006 octets] - [21/11/2012 22:04:03]

########## EOF - C:\AdwCleaner[S1].txt - [1066 octets] ##########

t'john 22.11.2012 06:46
Sehr gut! :daumenhoc

Wie laeuft der Rechner?


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

laxattax 22.11.2012 23:40
Hi,
Der Rechner läuft gut, soweit nix zu bemerken. Ausser dass Antivir gestern java/jogek.kg gefunden hat - Quarantäne. Könnte mit dem blöden jucheck.exe zu tun haben, dass ich gestern? doch installiert hab weil mir die ständige Fragerei auf die Nerven ging. Seitdem obegenannte Datei in Quarantäne ist will er jucheck wieder installieren.

Code:
Emsisoft Anti-Malware - Version 7.0
Letztes Update: 22.11.2012 18:11:04

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn:        22.11.2012 18:12:45

C:\ProgramData\Avira\AntiVir Desktop\INFECTED\49483d42.qua -> (Quarantine-8) -> json/Option.class        gefunden: Java.Exploit.CVE-2010-0840.F (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\49483d42.qua -> (Quarantine-8) -> json/Parser.class        gefunden: Java.Exploit.CVE-2010-0840.F (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\49483d42.qua -> (Quarantine-8) -> json/SmartyPointer.class        gefunden: Java.Exploit.CVE-2010-0840.F (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\49483d42.qua -> (Quarantine-8) -> json/ThreadParser.class        gefunden: Java.Exploit.CVE-2010-0840.F (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\49483d42.qua -> (Quarantine-8) -> json/XML.class        gefunden: Java.Exploit.CVE-2010-0840.F (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\56f51cad.qua -> (Quarantine-8) -> testesta.class        gefunden: Exploit.Java.CVE-2012-5076.C (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\56f51cad.qua -> (Quarantine-8) -> testestb.class        gefunden: Exploit.Java.CVE-2012-5076.C (B)

Gescannt        435242
Gefunden        7

Scan Ende:        22.11.2012 19:24:48
Scan Zeit:        1:12:03
lg,lax

t'john 23.11.2012 00:47
Sehr gut! :daumenhoc


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

laxattax 23.11.2012 12:05
Ah, blödes Problem: Hatte Antivir deaktiviert aber der tägliche Suchlauf ist trotzdem angesprungen als ESET bei 28% war. Damit hab ich nicht gerechnet.
Jetzt ist ESET stehengeblieben. Bisher 1 Fund: a Variant of Win32/SoftonicDownloader.A application.

Soll ich ESET stoppen und nochmal von vorn starten??

Danke.

Edit: ESET sucht jetzt doch wieder weiter. Antivir hab ich gestoppt.

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8f4656291040404e994461590e6acc14
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-23 02:38:15
# local_time=2012-11-23 03:38:15 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 549008 90196454 171940 0
# compatibility_mode=5893 16776574 100 94 3858 105295782 0 0
# compatibility_mode=8192 67108863 100 0 3880 3880 0 0
# scanned=156776
# found=1
# cleaned=1
# scan_time=16904
C:\Users\laxgruende\Downloads\Software\SoftonicDownloader_fuer_spybot-search-destroy.exe        a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

t'john 23.11.2012 21:02
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

laxattax 24.11.2012 10:52
Java 7 Update 9 runtergeladen. Nur die Einstellungen kann ich nicht ändern, weil: In der Systemsteuerung kann ich Java nur deinstallieren, was anderes bietet er nicht an. Wenn ichs übers Startmenü als Admin starten will öffnet sich kurz ein DOS-Fenster und schliesst sich sofort wieder. Wie weiter? DANKE!

Java funktioniert wohl nicht richtig. Beim Öffnen einer Internet-Seite kam nun folgende Meldung:

Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".


<!-- Web.Config Configuration File -->

<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>


Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.


<!-- Web.Config Configuration File -->

<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>

bitte vorigen Eintrag ignorieren, konnte die Konsole jetz öffnen.

Plug in-Check 1:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 16.0 ist aktuell

Flash (11,5,502,110) ist aktuell.

Java (1,7,0,9) ist aktuell.

Adobe Reader 11,0,0,379 ist aktuell.

nach Deaktivierung des Plugins:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 16.0 ist aktuell

Flash (11,5,502,110) ist aktuell.

Java ist Installiert aber nicht aktiviert.

Adobe Reader 11,0,0,379 ist aktuell.

lg, lax

t'john 24.11.2012 21:39
Sehr gut! :daumenhoc

damit bist Du sauber und entlassen! :)

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?

laxattax 25.11.2012 01:29
Vielen Dank!! Noch eine Frage: Hab vor dem 1. Posting den defogger gedownloadet und die CD/DVD-Emulatoren mit DeFogger deaktiviert weil ich dachte dass ich vor Helfer-Anleitung die Anleitung an alle Hilfesuchenden im Forum befolgen soll. Soll ich das wieder rückgängig machen und wenn ja, wie?
lg lax

t'john 25.11.2012 07:10
Du kannst im defogger auf Re-Enable klicken.

wuensche eine virenfreie Zeit ;)

laxattax 25.11.2012 10:34
Vielen vielen Dank für deine profesionelle Anleitung! War sehr angenehm und lehrreich :applaus:
lg lax


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131