| |
| |||||||
Log-Analyse und Auswertung: Trojaner Trojan.Ransom.FGen entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.08.2012, 19:54
| #1 |
| |  Trojaner Trojan.Ransom.FGen entfernen Guten Abend, auf einem unserer Computer hat sich gestern Abend ein Trojaner (offensichtlich namens Trojan.Ransom.FGen) eingeniestet, der den kompletten Bildschirm mit dem Hinweis "Wegen Verstoss gegen das Gesetz der Bundesrepublik Deutschland gesperrt" blockierte. Ich konnte den Trojaner mit MalwareByte entfernen und würde mich sehr freuen, wenn jemand sich einmal die Scans ansehen könnte, ob der Computer jetzt virenfrei ist. Dafür herzlichen Dank im Voraus! Viele Grüße, Andreas MalwareByte Scan: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.28.02 Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Irochka :: IROCHKA-VAIO [Administrator] 28.08.2012 09:19:16 mbam-log-2012-08-28 (09-19-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 401577 Laufzeit: 1 Stunde(n), 3 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Irochka\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\Irochka\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Irochka\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 28.08.2012 19:38:52 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Irochka\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 72,99% Memory free 7,68 Gb Paging File | 6,79 Gb Available in Paging File | 88,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,75 Gb Total Space | 219,95 Gb Free Space | 76,18% Space Free | Partition Type: NTFS Computer Name: IROCHKA-VAIO | User Name: Irochka | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Irochka\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes,DefaultScope = {656F534B-CB2B-4BFA-96C2-AD26A36A22DF} IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes\{4419DA01-D67D-4413-AE23-031228F60C22}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes\{656F534B-CB2B-4BFA-96C2-AD26A36A22DF}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deDE352 IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes\{6E16E1BA-7A6D-455F-AB4C-71F0B34D7238}: "URL" = hxxp://services.zinio.com/search?s={selection}&rf=sonyslices IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.25 14:18:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 00:57:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.25 14:18:16 | 000,000,000 | ---D | M] [2011.09.05 10:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irochka\AppData\Roaming\mozilla\Extensions [2011.11.11 13:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.11 14:56:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.03.19 00:57:45 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.14 20:36:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.14 20:36:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.14 20:36:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.14 20:36:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.14 20:36:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.14 20:36:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=SVEA O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3:64bit: - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1204554181-1409427882-90293359-1000..\Run: [sdchange] C:\Users\Irochka\AppData\Local\Microsoft\Windows\4891\sdchange.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://wlanvpn.uni-potsdam.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A561DD80-AC55-4A71-97A6-4AC08F3638A8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.28 19:37:54 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Irochka\Desktop\OTL.exe [2012.08.28 09:18:25 | 000,000,000 | ---D | C] -- C:\Users\Irochka\AppData\Roaming\Malwarebytes [2012.08.28 09:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.28 09:18:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.28 09:18:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.28 09:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.28 09:13:53 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.08.27 22:09:10 | 000,000,000 | ---D | C] -- C:\Users\Irochka\AppData\Local\{129B36BF-A02C-40F0-939D-988CF984192E} [2012.08.27 03:10:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.27 03:10:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.27 03:09:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.27 03:09:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.27 03:09:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.27 03:09:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.27 03:09:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.27 03:09:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.27 03:09:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.27 03:09:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.27 03:09:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.27 03:09:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.27 03:09:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.26 18:35:49 | 000,000,000 | ---D | C] -- C:\Users\Irochka\AppData\Local\{369A051E-7737-45AE-988D-600E16966D76} [2012.08.26 17:23:29 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.26 17:23:15 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.26 17:23:15 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.26 17:23:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.26 17:22:57 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.08.26 17:22:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.26 17:22:47 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.26 17:22:47 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.26 17:22:36 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.26 17:01:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.08.26 17:01:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.08.26 17:01:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.08.26 17:00:53 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.08.26 17:00:53 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.08.26 17:00:53 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.08.26 16:59:34 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.08.26 16:59:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.08.26 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Irochka\Desktop\Mama Bilder [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.28 19:38:02 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Irochka\Desktop\OTL.exe [2012.08.28 09:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.28 09:14:32 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys [2012.08.28 00:51:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.28 00:48:18 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012.08.28 00:05:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.27 22:15:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.27 22:15:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.27 03:36:02 | 000,448,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.27 01:04:09 | 1172,819,968 | ---- | M] () -- C:\Users\Irochka\Desktop\Metel.1964.DVDRip_WarezCity.ru.avi [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.26 18:40:27 | 1172,819,968 | ---- | C] () -- C:\Users\Irochka\Desktop\Metel.1964.DVDRip_WarezCity.ru.avi [2011.06.01 18:30:22 | 000,000,000 | ---- | C] () -- C:\Users\Irochka\AppData\Local\{C5978FED-4690-4E45-940E-3AA1943789A2} [2011.05.30 15:13:41 | 000,000,000 | ---- | C] () -- C:\Users\Irochka\AppData\Local\{B8474221-439F-4139-B3DB-0E7D78E8AA25} [2009.11.08 21:03:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.08.2012 19:38:52 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Irochka\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,84 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 72,99% Memory free
7,68 Gb Paging File | 6,79 Gb Available in Paging File | 88,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,75 Gb Total Space | 219,95 Gb Free Space | 76,18% Space Free | Partition Type: NTFS
Computer Name: IROCHKA-VAIO | User Name: Irochka | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1204554181-1409427882-90293359-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05793B2D-EF1E-4E92-90A5-DBAE4A40254F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0E86A022-0579-44A4-94CC-D25794AA39FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C0231B2-0475-42A9-8746-8F6029AF5B0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23425020-4728-41CF-9E5D-88ED831F4279}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B74331E-D409-4D9C-9FDB-63EB12572695}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C7FCDA7-7C71-4CD7-976B-EFA94523DF4D}" = rport=445 | protocol=6 | dir=out | app=system |
"{30F09E9C-C9BF-45AB-B4E0-FF7C8915FF8F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3D09719A-B063-41BB-A239-E91950C8D3F6}" = lport=137 | protocol=17 | dir=in | app=system |
"{5494AA37-5E71-4605-AB98-F11DB5D90947}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{57D648B6-A162-4E17-AE6E-A1005867B397}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{690A1CA3-6C7B-4D6B-A57F-47D7D07FAF5C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75F2D695-ACE3-4255-AF18-183B20942C7F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7ED65158-29F6-40DC-AA4A-E4099B2A606A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8600FB57-5252-4F05-ABBB-24D600E2E1D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{925D39EC-BDF0-4C51-80B8-5EF15EC8E8BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E282E1F-9617-4963-904D-84D2F0B05692}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{ACBED154-DD66-49E2-8DAA-7053537FC01A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B73DBCB6-2850-486D-9477-33C7E31249BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{C313888D-7861-4BF5-8E5F-2648035C06C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6319C2A-5A63-44AF-A965-C16565760E88}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CA5F4BE4-A7AC-4C67-9298-EA1F3165EABC}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA99615F-9F01-4D9F-8C8D-A5FC75FE3E29}" = rport=138 | protocol=17 | dir=out | app=system |
"{CE9A576F-5DEB-4193-9405-1D7B53E92EF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7D790F4-D3A8-4A73-B22E-AD0EE3BE5862}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D99DA631-CD2F-4BCC-88B1-F46F15DB9933}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DD313ACE-1236-4F96-9D8A-A58B7DF03F4A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E5FF30DB-8CF4-4AB4-A8F0-006B19D91836}" = rport=139 | protocol=6 | dir=out | app=system |
"{F36CE021-D53B-42EE-86CC-E52A9183CF68}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032A4663-E900-4820-9D8C-FB3C48A36F11}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0D6DA020-C6CC-443B-A7EB-0D19DF27AB40}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1438DBAD-2D63-4165-AF6A-A9BAACC1F511}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{19736A87-0CA0-4188-A082-7A9F22B72205}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{230FFF0C-B5F5-4287-AB58-C0D4AB8CDF5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{319A4A4F-DC4F-423F-8E39-129ADA114C8D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35F27814-004F-4910-9403-1A635CAD0242}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{38A15991-D257-47E7-8ACF-C1D79922FDDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{467180C4-39D6-4FA3-AE9F-ACB7386FC609}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{46E9F0B1-0877-4D18-A122-BC266A731188}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{50FEF292-0F4F-4D7F-8FF5-DC4E823B8627}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{52E130FB-FCE2-449E-A23C-E2C2FEA024E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{57AC8F54-1526-49B0-A6A5-F5F974C8E288}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{592A40BD-666A-4DA9-B3AC-432ED00DF419}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{5A37DD6E-8E9A-4C3B-A2B8-DEE23D0BD4ED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AC74D4F-C936-401B-B603-7999661B70A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5B99BF89-DF7D-4FCB-A78A-94B4D81106EA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5EBA08D0-8449-4CE9-B4DE-A17B8344E393}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{6343EF33-3004-453E-8D76-01BD7069D077}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{641CE545-5906-4EEA-9489-EDDC8640DA3F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{714842AF-CB0C-4EC4-A54B-26780F4B3A48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{73B96553-A9AE-482D-92B2-4B48BB3CA171}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7DC69F1A-65FA-46A1-A547-A66E64429B32}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{7FD7016C-39FE-4365-B906-E7690E294593}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FDB17C8-3195-4D4F-9D97-5D3622E26DF4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{82DCA038-BB43-4D79-B8A1-D5FED7D064C3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{91156841-529A-467C-BC78-5316BA6DA389}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9CDEF9C5-6EFB-4883-AC2A-31C241780765}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A0762E43-A017-444F-B1FC-2FFFA51C2B64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{AB5502D8-3191-4151-8463-118F61FBF144}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B23F7858-6576-4BDC-BE59-A6115CE0228D}" = dir=in | app=c:\users\irochka\appdata\local\temp\7zs01bf\setup\hpznui40.exe |
"{B52D7233-C1CD-4786-8B76-6B467CE687A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{B72E12C5-2C4A-4AD9-B855-C2DF8A84D705}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{B8906448-CB70-4CAE-B143-690A9E6378E5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B8DCF05F-6A77-4717-A082-DFF42CB54889}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C13C33A9-1F04-4FF2-830C-8A626E46D970}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3BCE25C-DE61-42B0-990F-957B35DFB632}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{C92C630F-025A-4C90-8FFF-053465F05B76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C9DB40A8-C56D-45F0-B1F9-8ACC6682125E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CAC6CA30-91F8-4890-B73E-54D64F94AE4A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CB7E3045-A5BF-4C1A-8BFB-BE6B6D3AEAD4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE346345-139B-461D-94D9-381C948DB71A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{D299D1E2-AD9F-4E47-8600-A73EDD52990C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D6EDF5BE-5141-46E9-82D7-3EE46BCEEF44}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{DB1F0F95-BCDF-4785-971C-06F942B770F1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E0323D20-B495-4491-A883-7620D818545D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{E470DE5C-E69C-415A-BBED-758F52A9F4AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E6BC14D3-7F54-4FE3-A8B8-ABD9B2B1B3BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC50F221-6BF4-410E-9768-FE08C769C3B2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{EE670B1A-DD79-42C5-B42C-770E44F8C01D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{F0A69901-C4C3-484D-A656-B882CBA96868}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F3E7D9E3-9AE2-4868-99FE-CA7F4A49C637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5393AA7-88D1-4B8C-BC03-99FF35C935C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{F7153BDF-473C-4531-8B26-4BFC0A805C47}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{FFC6B540-3C59-4B0C-A123-65DF54F41977}" = protocol=6 | dir=out | app=system |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1195
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 26
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Advanced PDF Tools v2.0_is1" = Advanced PDF Tools v2.0
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"splashtop" = VAIO Quick Web Access
"VAIO Help and Support" =
"VAIO NW screensaver" = VAIO NW screensaver
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.06.2011 12:09:56 | Computer Name = Irochka-VAIO | Source = .NET Runtime | ID = 1023
Description =
Error - 16.06.2011 12:09:56 | Computer Name = Irochka-VAIO | Source = .NET Runtime | ID = 1023
Description =
Error - 16.06.2011 12:09:56 | Computer Name = Irochka-VAIO | Source = .NET Runtime | ID = 1023
Description =
Error - 16.06.2011 12:09:56 | Computer Name = Irochka-VAIO | Source = .NET Runtime | ID = 1023
Description =
Error - 16.06.2011 12:09:56 | Computer Name = Irochka-VAIO | Source = .NET Runtime | ID = 1023
Description =
Error - 16.06.2011 12:09:56 | Computer Name = Irochka-VAIO | Source = .NET Runtime | ID = 1023
Description =
Error - 16.06.2011 12:09:56 | Computer Name = Irochka-VAIO | Source = .NET Runtime | ID = 1023
Description =
Error - 16.06.2011 12:09:56 | Computer Name = Irochka-VAIO | Source = .NET Runtime | ID = 1023
Description =
Error - 16.06.2011 12:09:56 | Computer Name = Irochka-VAIO | Source = .NET Runtime | ID = 1023
Description =
Error - 16.06.2011 12:09:56 | Computer Name = Irochka-VAIO | Source = .NET Runtime | ID = 1023
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 15.04.2012 09:04:24 | Computer Name = Irochka-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 15.04.2012 09:04:24 | Computer Name = Irochka-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 23.05.2012 17:57:51 | Computer Name = Irochka-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 23.05.2012 17:57:51 | Computer Name = Irochka-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 23.05.2012 17:57:51 | Computer Name = Irochka-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7566 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 23.05.2012 17:57:51 | Computer Name = Irochka-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 325 Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 07.07.2012 15:55:14 | Computer Name = Irochka-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 07.07.2012 15:55:14 | Computer Name = Irochka-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 07.07.2012 15:55:14 | Computer Name = Irochka-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7566 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 07.07.2012 15:55:14 | Computer Name = Irochka-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 325 Invoked
Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
[ OSession Events ]
Error - 06.07.2010 16:24:56 | Computer Name = Irochka-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1361 seconds with 780 seconds of active time. This session ended with a
crash.
Error - 02.12.2010 20:23:40 | Computer Name = Irochka-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 16644 seconds with 12780 seconds of active time. This session ended with
a crash.
Error - 12.05.2011 07:51:20 | Computer Name = Irochka-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 86
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28.08.2012 13:41:22 | Computer Name = Irochka-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2012 13:41:34 | Computer Name = Irochka-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2012 13:41:34 | Computer Name = Irochka-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2012 13:41:34 | Computer Name = Irochka-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2012 13:43:24 | Computer Name = Irochka-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2012 13:43:24 | Computer Name = Irochka-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2012 13:43:24 | Computer Name = Irochka-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2012 13:43:40 | Computer Name = Irochka-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2012 13:43:40 | Computer Name = Irochka-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 28.08.2012 13:43:40 | Computer Name = Irochka-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
|
|
29.08.2012, 03:42
| #2 |
| /// Helfer-Team  | Trojaner Trojan.Ransom.FGen entfernen Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes,DefaultScope = {656F534B-CB2B-4BFA-96C2-AD26A36A22DF}
IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes\{4419DA01-D67D-4413-AE23-031228F60C22}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes\{656F534B-CB2B-4BFA-96C2-AD26A36A22DF}: "URL" = http://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deDE352
IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\SearchScopes\{6E16E1BA-7A6D-455F-AB4C-71F0B34D7238}: "URL" = http://services.zinio.com/search?s={selection}&rf=sonyslices
IE - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-1204554181-1409427882-90293359-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-1204554181-1409427882-90293359-1000..\Run: [sdchange] C:\Users\Irochka\AppData\Local\Microsoft\Windows\4891\sdchange.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
[2009.11.08 21:03:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
:Files
C:\Users\Irochka\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Irochka\AppData\Local\Temp\*.exe
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
29.08.2012, 12:39
| #3 |
| | Trojaner Trojan.Ransom.FGen entfernen Vielen, vielen Dank!
__________________Das Log-File nach Neustart sieht wie folgt aus: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
HKEY_USERS\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4419DA01-D67D-4413-AE23-031228F60C22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4419DA01-D67D-4413-AE23-031228F60C22}\ not found.
Registry key HKEY_USERS\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Internet Explorer\SearchScopes\{656F534B-CB2B-4BFA-96C2-AD26A36A22DF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{656F534B-CB2B-4BFA-96C2-AD26A36A22DF}\ not found.
Registry key HKEY_USERS\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6E16E1BA-7A6D-455F-AB4C-71F0B34D7238}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E16E1BA-7A6D-455F-AB4C-71F0B34D7238}\ not found.
HKU\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01" removed from browser.startup.homepage
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
64bit-Registry value HKEY_USERS\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1204554181-1409427882-90293359-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sdchange deleted successfully.
C:\Users\Irochka\AppData\Local\Microsoft\Windows\4891\sdchange.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\ezsidmv.dat moved successfully.
========== FILES ==========
C:\Users\Irochka\AppData\Local\{00141A6C-915C-4E17-9C96-1BCC388CCC29} folder moved successfully.
C:\Users\Irochka\AppData\Local\{010BEC32-835F-4F7B-BDA9-F524DA1478A3} folder moved successfully.
C:\Users\Irochka\AppData\Local\{01159BEB-24E1-42C2-BC65-FA53FDA28C07} folder moved successfully.
C:\Users\Irochka\AppData\Local\{01177B75-38CA-4E18-BF78-17E18B0EA36B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{049B530E-1E56-4CB4-A4F3-0337C777A3DA} folder moved successfully.
C:\Users\Irochka\AppData\Local\{04B2FEE8-EB52-4628-987A-0F8DC283F927} folder moved successfully.
C:\Users\Irochka\AppData\Local\{05C4D8E4-2E3A-45B7-942B-52C071412F08} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0707CC34-D647-4E1F-8359-8DA9421513C9} folder moved successfully.
C:\Users\Irochka\AppData\Local\{08CEC66E-C66E-477C-B9B0-907FB554818A} folder moved successfully.
C:\Users\Irochka\AppData\Local\{09AFDDD4-6A58-4C60-B51C-9306DA0B766F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0A46BBF5-F849-4E50-B831-CDB263CBC4A7} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0BDE582A-8BC2-437C-9965-37A6A6148F9E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0BF81413-1301-4543-8E8E-4B73BFE0AB18} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0C74CBE4-ABAF-4263-B054-7644E7BB2E12} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0C83DD1A-4E69-4ADA-BB4F-B9B68DBFB9C7} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0CA97F9B-3F31-4121-A15C-71EB1AB4CB97} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0DDD63D6-8330-412B-9C75-D7AD75B3AE76} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0F36FF3D-919D-4FF1-8859-04A0551540D5} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0F85D03F-FAC9-4FE8-9EE3-4E5AF1B54FF9} folder moved successfully.
C:\Users\Irochka\AppData\Local\{0FE5933C-4A5A-4E7E-93A1-9CAE4917BB7D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{10262945-4AA7-4BF8-81BA-B50BB406E34B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{10AD8CAB-53C0-45AD-AE05-B632A9858C43} folder moved successfully.
C:\Users\Irochka\AppData\Local\{111C5EEB-175B-43A0-8696-25C660795005} folder moved successfully.
C:\Users\Irochka\AppData\Local\{112263BA-4580-46E7-B743-77424EA4E555} folder moved successfully.
C:\Users\Irochka\AppData\Local\{129B36BF-A02C-40F0-939D-988CF984192E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{12F5195A-F4A3-4291-9529-006EC632C160} folder moved successfully.
C:\Users\Irochka\AppData\Local\{136D8453-FCE1-466A-B666-A450D7407C56} folder moved successfully.
C:\Users\Irochka\AppData\Local\{13D59A4B-39BD-4F18-BF56-A70BCC20D6B8} folder moved successfully.
C:\Users\Irochka\AppData\Local\{15B13F34-D7EF-4985-8D97-403BA73E1ACA} folder moved successfully.
C:\Users\Irochka\AppData\Local\{169FFBE7-FFFE-44A2-AC69-8861BC636704} folder moved successfully.
C:\Users\Irochka\AppData\Local\{16AB29A5-2803-44FC-B475-37D2E5EEBA2A} folder moved successfully.
C:\Users\Irochka\AppData\Local\{16ADDEFD-524D-4C0B-924C-0ACCA1CE73F7} folder moved successfully.
C:\Users\Irochka\AppData\Local\{16E874CB-3142-452B-8BAF-E148D14DF7EE} folder moved successfully.
C:\Users\Irochka\AppData\Local\{17246724-1A96-4028-BFDC-2CA8662F84E8} folder moved successfully.
C:\Users\Irochka\AppData\Local\{17252665-81BD-48C0-A7A7-0804B5FEE980} folder moved successfully.
C:\Users\Irochka\AppData\Local\{181A9BF0-A804-443B-8F83-D2D7FD09B978} folder moved successfully.
C:\Users\Irochka\AppData\Local\{18229296-167C-429C-B8AE-799BF028D98B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{1946DA2C-28AB-4D4C-87C1-5DA0D53FEF05} folder moved successfully.
C:\Users\Irochka\AppData\Local\{19AB66B5-7E01-4EB4-9C06-76E0C11DAB7D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{1BFF12F6-69BD-4350-B550-07B09610C590} folder moved successfully.
C:\Users\Irochka\AppData\Local\{1CDCA39E-FFC4-4ADB-8D16-FEDF3939C083} folder moved successfully.
C:\Users\Irochka\AppData\Local\{1D2C9202-384D-48F7-AB58-9973DD7471A2} folder moved successfully.
C:\Users\Irochka\AppData\Local\{1D7BAC5A-B45D-43F6-B1A9-09DB7703ACD8} folder moved successfully.
C:\Users\Irochka\AppData\Local\{1D7E1C0B-B8FA-4425-A44A-3E209116C374} folder moved successfully.
C:\Users\Irochka\AppData\Local\{1DAB29D3-F8FA-45C5-A336-F94AC4AC403F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{1E4AE826-B3DF-45F2-9CCC-9ACD01E36633} folder moved successfully.
C:\Users\Irochka\AppData\Local\{1E4B74B6-CC72-4F9B-9A09-FF88ED86F02C} folder moved successfully.
C:\Users\Irochka\AppData\Local\{1F49A773-3A9E-4D07-8A94-36A8F83672A9} folder moved successfully.
C:\Users\Irochka\AppData\Local\{204051FE-2059-4319-9FB5-BE801E18F2E9} folder moved successfully.
C:\Users\Irochka\AppData\Local\{20FEB166-6849-48F9-9465-EA596C2F7848} folder moved successfully.
C:\Users\Irochka\AppData\Local\{21EA35D8-9255-4E95-87E7-0EBC34B2E848} folder moved successfully.
C:\Users\Irochka\AppData\Local\{2214A03C-92CA-4036-95DC-A1F500E0DA27} folder moved successfully.
C:\Users\Irochka\AppData\Local\{225DB849-5806-4546-B7F9-3900E9F5BA84} folder moved successfully.
C:\Users\Irochka\AppData\Local\{2402812B-244B-4C50-BD11-703539EFA69F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{24618618-1ECA-49F0-8B3E-00B2D6941177} folder moved successfully.
C:\Users\Irochka\AppData\Local\{27AA0D4E-2459-4AC0-93E6-99E1DDB190F7} folder moved successfully.
C:\Users\Irochka\AppData\Local\{293C1EFC-AB21-4E42-98AF-A61B6E9D5761} folder moved successfully.
C:\Users\Irochka\AppData\Local\{2BCB91B9-E31A-49CF-BE71-467C81F4B2A1} folder moved successfully.
C:\Users\Irochka\AppData\Local\{2C71F9DD-B965-4F94-9AD5-D2B52B61C836} folder moved successfully.
C:\Users\Irochka\AppData\Local\{2CDC6D7A-846C-4056-A847-A02680972E5A} folder moved successfully.
C:\Users\Irochka\AppData\Local\{2E9C7288-37A4-4F8D-9D03-16A3015FEAAE} folder moved successfully.
C:\Users\Irochka\AppData\Local\{315056D7-9E0A-48E8-AEFD-ADBD2DC885CB} folder moved successfully.
C:\Users\Irochka\AppData\Local\{31BE387D-BF6D-4F31-9190-38552669448B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{31C16B79-5333-44F6-9FC4-7EB08CF702C9} folder moved successfully.
C:\Users\Irochka\AppData\Local\{32523213-501C-4358-AF08-C1A5BBBFD976} folder moved successfully.
C:\Users\Irochka\AppData\Local\{33851591-B785-4BD7-9B7B-5736F5293644} folder moved successfully.
C:\Users\Irochka\AppData\Local\{338D831B-FC51-47F4-BF25-F7C5D20A2DE5} folder moved successfully.
C:\Users\Irochka\AppData\Local\{33F28016-705C-447B-86EF-FDACC6E318BC} folder moved successfully.
C:\Users\Irochka\AppData\Local\{347EC303-F7B6-4435-99FB-81AC69EEB48F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{34A4B3B6-05B6-4A57-859E-6153E65D28FD} folder moved successfully.
C:\Users\Irochka\AppData\Local\{34CAD58B-FF08-4884-8861-E3595FAB55DB} folder moved successfully.
C:\Users\Irochka\AppData\Local\{35E7268F-7FDA-47F6-BE56-9792A66E5770} folder moved successfully.
C:\Users\Irochka\AppData\Local\{35F868C9-CEB6-45F5-91DC-20622AC1839C} folder moved successfully.
C:\Users\Irochka\AppData\Local\{369A051E-7737-45AE-988D-600E16966D76} folder moved successfully.
C:\Users\Irochka\AppData\Local\{372F64F0-1EB6-450A-8BED-A3AB622D82A0} folder moved successfully.
C:\Users\Irochka\AppData\Local\{37BCA811-2886-4C3A-99D1-B0303349819A} folder moved successfully.
C:\Users\Irochka\AppData\Local\{387292E7-2191-4515-B034-2404D629AE0D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3A0DDD4E-0A21-4436-A015-DEB63CB76163} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3A3F9EBC-F710-485E-8A17-8D2307E4F57B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3AA458A1-3252-40B0-998B-29869E83FB8B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3B84B73B-9E7C-4270-A3DD-553D0E7F1AD6} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3B989735-75C9-459A-A6D1-32AB53956044} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3C303F7A-DBF9-4FC6-9D47-013F015E61D5} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3C5A599B-0139-4233-876A-7C7D99BF590D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3C7D5837-32E8-4928-B294-214E2C8940AC} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3CE10C1D-DFD2-45A3-B3F5-9BE42D9CBE3D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3D36128E-866C-43EA-9FE9-D4C2E42C744E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3DADDFFE-BAD9-4F4E-87A9-B084301E1C91} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3DB3DE18-CB75-4D59-9A10-7410351DB433} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3E21A0DF-267A-4956-9C68-C7D09B197A65} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3E9D349C-B7B2-4B7A-8CBB-911B04B5F693} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3EC063B9-3C7C-418C-A855-40D54717D5AB} folder moved successfully.
C:\Users\Irochka\AppData\Local\{3FF0366F-64F4-4441-B78E-EE363A24980C} folder moved successfully.
C:\Users\Irochka\AppData\Local\{406FBEF5-1622-4D90-88D6-14354B40D58D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{40D41CB0-5FB0-4ECB-935A-D0C748517CB5} folder moved successfully.
C:\Users\Irochka\AppData\Local\{445160CE-C8A5-462E-9792-00A8B7050285} folder moved successfully.
C:\Users\Irochka\AppData\Local\{4455E71B-57B7-417E-8B0D-97A2A3D0DA4C} folder moved successfully.
C:\Users\Irochka\AppData\Local\{4531C1B2-BED1-443D-8BFD-394371B36A84} folder moved successfully.
C:\Users\Irochka\AppData\Local\{463FBD56-303B-4094-9C89-B94DA66899F1} folder moved successfully.
C:\Users\Irochka\AppData\Local\{467D324E-4804-40E4-9147-A64552B574B4} folder moved successfully.
C:\Users\Irochka\AppData\Local\{480BF096-BB03-4E98-B7CE-B14F3A9B1B26} folder moved successfully.
C:\Users\Irochka\AppData\Local\{48579B46-38CF-4636-953A-863058852CA8} folder moved successfully.
C:\Users\Irochka\AppData\Local\{48791A48-A3FB-4AB2-8EA8-68EE1A47F236} folder moved successfully.
C:\Users\Irochka\AppData\Local\{48C28649-EEA4-4065-9A4A-0D296AAFF1C4} folder moved successfully.
C:\Users\Irochka\AppData\Local\{492991F8-F8D3-4AEB-9774-73F89742BE64} folder moved successfully.
C:\Users\Irochka\AppData\Local\{4A44C026-BBF7-44AF-80AF-BD28325A68DE} folder moved successfully.
C:\Users\Irochka\AppData\Local\{4ADA60BB-F7A9-48D8-9C71-DF7D71A041F6} folder moved successfully.
C:\Users\Irochka\AppData\Local\{4EDF45E2-C80A-48A5-921A-75CF53609FFB} folder moved successfully.
C:\Users\Irochka\AppData\Local\{510A0252-A94D-4DCE-BFF2-811B254AD752} folder moved successfully.
C:\Users\Irochka\AppData\Local\{513DA33C-745A-49FE-AA6E-1710E515D4BF} folder moved successfully.
C:\Users\Irochka\AppData\Local\{516EAA9E-2203-471F-9D8F-9FD46EC3F0E9} folder moved successfully.
C:\Users\Irochka\AppData\Local\{518492D0-C3E2-4FB4-AF7F-90231937DC1C} folder moved successfully.
C:\Users\Irochka\AppData\Local\{52CE5913-36FB-4B06-88BF-6D42D60621B4} folder moved successfully.
C:\Users\Irochka\AppData\Local\{53274345-0481-4E5E-B646-6A3D0454BD3B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{54128B3B-62B5-4A16-A1D3-32DD28551834} folder moved successfully.
C:\Users\Irochka\AppData\Local\{549436E1-B77D-44BE-A6EE-ADBC8CFE17AE} folder moved successfully.
C:\Users\Irochka\AppData\Local\{5506FD76-AAB4-4D41-8A4E-CDF54DE9B974} folder moved successfully.
C:\Users\Irochka\AppData\Local\{55C8BB3C-FB10-4890-9802-706D5FCDD7A9} folder moved successfully.
C:\Users\Irochka\AppData\Local\{55FC3DF4-9837-4D7D-98DD-83EB3E76DAAA} folder moved successfully.
C:\Users\Irochka\AppData\Local\{564642F3-F291-4148-82C0-F902CDDF7899} folder moved successfully.
C:\Users\Irochka\AppData\Local\{56C075D0-01D6-4949-B984-E6F0C834F67E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{58991030-D486-478B-B5C4-EF45C440C6D7} folder moved successfully.
C:\Users\Irochka\AppData\Local\{592205C4-6566-42DA-B67E-1F18E2DD8D77} folder moved successfully.
C:\Users\Irochka\AppData\Local\{5961CED7-C0BD-43CD-BDFF-7736147960D0} folder moved successfully.
C:\Users\Irochka\AppData\Local\{599ABBB3-3A6A-4271-8FE7-7E0DBA229650} folder moved successfully.
C:\Users\Irochka\AppData\Local\{59BEC9FF-164E-4D7A-9ADA-E4318CA0E24F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{59F753B9-9499-4582-B5C6-344495FFFEBC} folder moved successfully.
C:\Users\Irochka\AppData\Local\{5AB9E2A5-A5CB-491B-AD8C-A91332A17305} folder moved successfully.
C:\Users\Irochka\AppData\Local\{5C90B1B0-8DA1-48FA-89FF-14F57EEBBB74} folder moved successfully.
C:\Users\Irochka\AppData\Local\{5CA23E99-EE3D-4CC2-A8F1-CCC1F5788E02} folder moved successfully.
C:\Users\Irochka\AppData\Local\{5EDA0B58-FAC7-47C3-A9C6-BCFB1491B6F0} folder moved successfully.
C:\Users\Irochka\AppData\Local\{60CDE4A0-B43D-468C-8978-77FE7BC702A4} folder moved successfully.
C:\Users\Irochka\AppData\Local\{62FCB5E9-F4EA-41E7-ABC9-1349188D2FF8} folder moved successfully.
C:\Users\Irochka\AppData\Local\{63D9FE4F-0B8C-4BA0-B9EB-0312A30EA59C} folder moved successfully.
C:\Users\Irochka\AppData\Local\{64C65930-B770-406B-A9A7-CB85615E0725} folder moved successfully.
C:\Users\Irochka\AppData\Local\{65204EF2-CEA6-4EDB-967E-451521F4D626} folder moved successfully.
C:\Users\Irochka\AppData\Local\{661E8587-BA45-4322-A00D-667D018E91E1} folder moved successfully.
C:\Users\Irochka\AppData\Local\{675DB283-47F8-4C67-8551-1BC22494AC85} folder moved successfully.
C:\Users\Irochka\AppData\Local\{687C1D41-8A7C-4ADD-901E-57977DA003F8} folder moved successfully.
C:\Users\Irochka\AppData\Local\{696DD181-1BA1-4FF1-BF37-E2B64534A2F7} folder moved successfully.
C:\Users\Irochka\AppData\Local\{6970BFC4-0C6C-413B-BB93-0D367C2BB3DC} folder moved successfully.
C:\Users\Irochka\AppData\Local\{6A1BBFFD-09E1-41E9-AB90-A83C1C17E130} folder moved successfully.
C:\Users\Irochka\AppData\Local\{6A44B598-2A80-43DF-92DC-C0FF0E34CC75} folder moved successfully.
C:\Users\Irochka\AppData\Local\{6AFA30A5-F843-4EDC-B859-2F43E327585C} folder moved successfully.
C:\Users\Irochka\AppData\Local\{6B2CA6FF-1692-4B47-A1F9-588297C43608} folder moved successfully.
C:\Users\Irochka\AppData\Local\{6C59F395-8B87-413B-9BFE-CE27D9DF48DA} folder moved successfully.
C:\Users\Irochka\AppData\Local\{6D483F0E-05FE-4038-B996-E8766078BFBD} folder moved successfully.
C:\Users\Irochka\AppData\Local\{6D8E0505-76C6-445F-9AB1-38ADFD3BA45F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{703CE1AA-368B-49AD-979C-9F267A7C6C5B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{70601D1A-519E-4DE3-AD49-1B854158133A} folder moved successfully.
C:\Users\Irochka\AppData\Local\{70EEC75A-880C-4223-9599-7650318C0A7D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7136E6D6-9B6A-4AEB-BBDC-C0CADBD44718} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7344A843-E4CC-46F5-8311-EE303D246C27} folder moved successfully.
C:\Users\Irochka\AppData\Local\{737BAED5-7061-464E-A8DE-0814DB0A2A62} folder moved successfully.
C:\Users\Irochka\AppData\Local\{739FA63F-A70F-4722-BD6A-4AAFBCA11F48} folder moved successfully.
C:\Users\Irochka\AppData\Local\{73C7D3D1-2CA6-4147-B143-4DBA659BEDF5} folder moved successfully.
C:\Users\Irochka\AppData\Local\{74DEA911-79AE-49C6-80C2-4E5CBC13FB49} folder moved successfully.
C:\Users\Irochka\AppData\Local\{75E35D58-E8A2-417A-A45E-5EFE873D51B6} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7657177F-0124-421A-9B80-BD483B2EE702} folder moved successfully.
C:\Users\Irochka\AppData\Local\{774724CD-40E9-4F2A-AA5A-6C149B473C44} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7819AA80-409D-4085-9EE0-CBD546D19DAC} folder moved successfully.
C:\Users\Irochka\AppData\Local\{782FFCC2-35ED-4642-8387-624A971458BF} folder moved successfully.
C:\Users\Irochka\AppData\Local\{785D072B-8DB1-44E3-B1D7-3B922399231D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{786F6274-2968-4EBA-8185-2CEACC78020B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7990F42B-1294-4342-8B35-733F8089FFE6} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7B1688B4-F3AD-4A06-B1F7-D56B3985F6F4} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7C18B6CD-D1FF-4C5A-AF8D-A04D718D272F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7CF2135F-B66A-4F06-B449-0C47B0729943} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7D10CB43-5474-415F-83EE-286023013374} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7D630692-E581-417F-8E4F-726E21DE8F73} folder moved successfully.
C:\Users\Irochka\AppData\Local\{7DEE514A-A8A3-4C3F-9DE6-EA52297D113B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{80782CB1-87AD-4FA4-AAC2-A487585D50CB} folder moved successfully.
C:\Users\Irochka\AppData\Local\{809F6A7C-5C29-4377-B2FA-0698D275819D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{80F9A579-218E-43F8-8150-02512579153B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{81DE5E33-3F4E-4872-96DE-D74FF5C1F4DB} folder moved successfully.
C:\Users\Irochka\AppData\Local\{82B0C115-8EC7-4867-A3B6-577032249199} folder moved successfully.
C:\Users\Irochka\AppData\Local\{8303777F-C5FA-4595-979C-9775C354B496} folder moved successfully.
C:\Users\Irochka\AppData\Local\{83573BB4-1761-4744-8D86-06442D730CD3} folder moved successfully.
C:\Users\Irochka\AppData\Local\{8372489B-F2F6-4F1B-9D28-C5AD8BEBBA95} folder moved successfully.
C:\Users\Irochka\AppData\Local\{850AC1D9-3CC8-4A69-A642-69DE32DCB41A} folder moved successfully.
C:\Users\Irochka\AppData\Local\{855D7447-A8BD-4479-A809-9DF1755F75F1} folder moved successfully.
C:\Users\Irochka\AppData\Local\{8654D6F2-3E37-4884-BAFD-B2013064186F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{86D3E543-7556-4642-8081-19018725D4C1} folder moved successfully.
C:\Users\Irochka\AppData\Local\{87585DA9-0B6D-4D2A-A57B-D71398A85B62} folder moved successfully.
C:\Users\Irochka\AppData\Local\{8833E69B-3DBA-465B-BD8B-BFAF49D8708C} folder moved successfully.
C:\Users\Irochka\AppData\Local\{88FF0CE7-BE22-40B0-9498-2ABB2A07C3E1} folder moved successfully.
C:\Users\Irochka\AppData\Local\{89F8C1C1-F2B1-4ABA-AEA8-65F3AE6052CC} folder moved successfully.
C:\Users\Irochka\AppData\Local\{8C0E28DE-2FDA-41B3-B65A-98D625DE943F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{8C735E57-65D7-4BE2-B6D4-793ABEBA4E25} folder moved successfully.
C:\Users\Irochka\AppData\Local\{8DA5F53F-8897-4909-8137-CDAAF407E012} folder moved successfully.
C:\Users\Irochka\AppData\Local\{8E784C2A-19C1-4F3C-A00D-241AB98D658F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{8F109BBD-3AE2-4E44-A58E-22B4AD7550A6} folder moved successfully.
C:\Users\Irochka\AppData\Local\{907024FE-1244-493D-96E9-98502CCEFF55} folder moved successfully.
C:\Users\Irochka\AppData\Local\{90861493-E570-45D6-AE1D-38A0672A7CD2} folder moved successfully.
C:\Users\Irochka\AppData\Local\{9097F1E9-2BD7-41AC-B563-07E08FB65D22} folder moved successfully.
C:\Users\Irochka\AppData\Local\{91349FF6-0CDC-4922-B5D9-B0D0B8CF6247} folder moved successfully.
C:\Users\Irochka\AppData\Local\{91AA4486-34B5-47CC-87C0-698A92903DC7} folder moved successfully.
C:\Users\Irochka\AppData\Local\{929CB00E-356B-461A-B731-DE79CAC29B12} folder moved successfully.
C:\Users\Irochka\AppData\Local\{92C23962-85C2-40E4-9570-548A68BA870A} folder moved successfully.
C:\Users\Irochka\AppData\Local\{92EA8F9A-FCD9-4698-9AB8-3F8A2B90AF95} folder moved successfully.
C:\Users\Irochka\AppData\Local\{92EE63CE-6F6C-46E1-99EA-A53A1D19AA86} folder moved successfully.
C:\Users\Irochka\AppData\Local\{9342C936-9956-4742-BD8C-88C0D5AF46BA} folder moved successfully.
C:\Users\Irochka\AppData\Local\{957B1D13-C5EF-4A10-A6FE-3746E383A375} folder moved successfully.
C:\Users\Irochka\AppData\Local\{95F8011F-72CC-4E92-8644-A7EBEFDF935E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{9604C8BC-E2D3-4CF2-89F3-03925F4FB49E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{960DEA45-D893-4568-BAAE-D82F50416D7B} folder moved successfully.
C:\Users\Irochka\AppData\Local\{966EE3BD-C0C1-4AA2-8402-34E43D633021} folder moved successfully.
C:\Users\Irochka\AppData\Local\{97ABAEF0-62AB-485D-9285-392584383777} folder moved successfully.
C:\Users\Irochka\AppData\Local\{97EC404E-2489-4D19-8EB0-98BA0BCE343F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{9857397C-58A0-41AA-9C81-F52CCE805E69} folder moved successfully.
C:\Users\Irochka\AppData\Local\{9C7DD2C2-CCF9-4AB9-ADFC-6BFCF9BDE6ED} folder moved successfully.
C:\Users\Irochka\AppData\Local\{9CFBCE37-1793-474E-9602-7299EAD28620} folder moved successfully.
C:\Users\Irochka\AppData\Local\{9EB9C8B9-4E77-461F-A878-FB8FC050737E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{9F450B2D-6FF4-4C82-87F1-EB23CBBB0109} folder moved successfully.
C:\Users\Irochka\AppData\Local\{9FE4569D-E8E9-4666-BF93-3A0408BE9782} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A02FA885-83AA-49DE-8DF1-D30C8B4682C4} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A0AD8781-0D2A-4477-A696-0456A591EA71} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A0D9E15C-C5F2-482D-9189-AECF83A53A0C} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A2DE8C7F-48CD-4ECB-9E56-43F8196EA104} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A3179885-45D9-4E7C-B580-A81608583FC8} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A34D44AF-ED77-4C44-AAE2-62D517EC6CBB} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A39DC160-3B08-4D2C-8B75-A68597ABC726} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A4395B4C-E2C6-42DF-8E84-E9724C027634} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A4BE18ED-A569-4CA9-96B5-F1B57C856127} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A5246A83-2C92-4525-B152-46CB32E13035} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A580EE6B-8B08-4EAD-B1A9-3E727E5D3518} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A5FD3311-2ADE-474C-BDF2-558B4B0E8429} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A61338A3-1A8D-48E8-9FD4-4333ADACC1F5} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A73F0F27-F858-4E65-BDEE-404B4B376971} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A7BA96C3-7D68-4731-B1FE-43CF5B56C9FA} folder moved successfully.
C:\Users\Irochka\AppData\Local\{A8D8BA84-AA15-45C6-877B-19634A880421} folder moved successfully.
C:\Users\Irochka\AppData\Local\{AADD0BE2-587C-429B-8A76-951B2F96C444} folder moved successfully.
C:\Users\Irochka\AppData\Local\{AB1EDA09-057C-467A-AEC4-5D799FA3403E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{ABF7DCD2-254C-4ED3-BD84-261D34A1A8AA} folder moved successfully.
C:\Users\Irochka\AppData\Local\{AC3F75A3-73D0-4CFE-9649-2716BCA74B56} folder moved successfully.
C:\Users\Irochka\AppData\Local\{AC94D968-133A-4890-BD55-99F52E937D99} folder moved successfully.
C:\Users\Irochka\AppData\Local\{ACB6C918-04A2-460A-A19A-20549A6AFFFF} folder moved successfully.
C:\Users\Irochka\AppData\Local\{AEACE9BE-6119-40E9-B10B-2BCA8F6722ED} folder moved successfully.
C:\Users\Irochka\AppData\Local\{AF646F16-6CFD-4AE4-A88A-D15E9E95F025} folder moved successfully.
C:\Users\Irochka\AppData\Local\{AFDAE97C-CD77-4409-A019-F462A2921B46} folder moved successfully.
C:\Users\Irochka\AppData\Local\{B033B33D-E5D7-436A-9222-D116C95F62C0} folder moved successfully.
C:\Users\Irochka\AppData\Local\{B0B77566-7F39-4E93-8E04-1C1113193564} folder moved successfully.
C:\Users\Irochka\AppData\Local\{B2682E89-08DF-47F1-B862-DAF1F3721BD1} folder moved successfully.
C:\Users\Irochka\AppData\Local\{B3157357-2761-40E6-A8A8-7F02E7EBA93D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{B348F2BE-0FFA-4D2B-9724-E4D148A51425} folder moved successfully.
C:\Users\Irochka\AppData\Local\{B3EFDEB4-7CD8-4A01-AD90-FC343F62C92E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{B71D6BA0-EFD3-4AB9-B379-073D2FC01936} folder moved successfully.
C:\Users\Irochka\AppData\Local\{B8474221-439F-4139-B3DB-0E7D78E8AA25} moved successfully.
C:\Users\Irochka\AppData\Local\{B978FCB1-F458-4BC3-9A27-E8D44E914A5D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{B98F48F9-3DF6-499D-8AA5-4E2C5CB0275A} folder moved successfully.
C:\Users\Irochka\AppData\Local\{BA575088-ECCD-4789-9D30-7865E2EAFBAE} folder moved successfully.
C:\Users\Irochka\AppData\Local\{BB387025-2DC2-4851-85FC-FEB91B37013E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{BB844F42-EC53-49B1-9111-690D814C8331} folder moved successfully.
C:\Users\Irochka\AppData\Local\{BC37EC46-4673-4597-B516-979AFD5B703F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C03D658D-12F4-4BB7-9709-62A61BCD6B96} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C14E8D71-20D1-4081-A8D7-2781F0ACC326} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C2095213-BC98-4CE8-856A-7340764F7251} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C29AF046-3C6D-4DDC-8021-27E1503A1E69} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C2AF138F-CAE5-4933-9F30-881F51058B67} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C3955963-7857-422D-A8FA-3708D7964DB5} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C3D8EFAB-6121-4BA7-95B3-EBD0B1B8CF34} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C47308DE-BF5E-4480-8EAC-A6578F029E19} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C499A156-86ED-4687-8A03-76E21FDA4AEB} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C4F813B0-D277-414D-BDE5-A96226804088} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C56478FD-5B1A-44A8-9C42-9B9BE505197E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C5978FED-4690-4E45-940E-3AA1943789A2} moved successfully.
C:\Users\Irochka\AppData\Local\{C5E851CD-19A2-4C5C-800D-4039E1E7B689} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C844ADC9-0AFB-4B3A-BB01-35B3D6AA709F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C8BF99C4-0CC2-4EB4-8642-54440E70B0D9} folder moved successfully.
C:\Users\Irochka\AppData\Local\{C99F3346-DF0F-46F0-928A-2DF848C7F099} folder moved successfully.
C:\Users\Irochka\AppData\Local\{CB02E5AC-7D3F-47EC-8B2A-B8C02C7BFB89} folder moved successfully.
C:\Users\Irochka\AppData\Local\{CB8AB60A-2426-4778-BDFF-CB8DDF5658DD} folder moved successfully.
C:\Users\Irochka\AppData\Local\{CC55DAF6-F746-4B80-A829-BD3EE83F3EE6} folder moved successfully.
C:\Users\Irochka\AppData\Local\{CCF4B052-4937-4A0A-BA47-BE4B5F2228BD} folder moved successfully.
C:\Users\Irochka\AppData\Local\{CD23BEB9-0A0D-4870-97CC-1A0BC7912D20} folder moved successfully.
C:\Users\Irochka\AppData\Local\{CD44A026-F016-41E6-94DC-3F41F9A2795D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D060D71C-84AE-4E69-985C-4D1F3E9B2626} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D0766CBE-1EAD-44E9-BA4B-3D03E38FB767} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D090949C-5015-4079-AAB5-9F54456F9E06} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D11EED79-7096-41A9-BD96-BFF12FC2F708} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D124E2C6-AEE8-45C7-A2F0-03C96734E11F} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D2265666-9DDC-4130-ACB7-25335BC387DD} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D2599FA9-1557-471F-A6B1-077530CBACE1} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D44DE64C-37CE-4F9C-B2A7-021E8A0C5784} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D6837829-7181-44D2-A8DC-FC8F0676A2DC} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D739F17B-09BB-4E0F-A7A4-C0A2B8F2EA6E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D87DBE41-0CAB-4B66-A9A5-7A5EC15C2A74} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D90078DF-3B02-4E1B-A697-5799C0139B9A} folder moved successfully.
C:\Users\Irochka\AppData\Local\{D99E59C0-48D7-4D21-9227-58460C982D56} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DA23C93E-9458-4535-8CC4-714B7A08BAF9} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DA6421EC-94BB-48A9-AF65-4D6EB0771B07} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DB5DE81D-F1D6-450F-AEE3-608819514874} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DBBDAA37-6625-48B9-8047-5272DF96E093} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DC2602AC-5356-4E75-B97F-D9B6B7F029D3} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DC2977D9-1A74-44B0-8465-5220F23B71E5} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DC905755-D717-4539-B657-DDD672448C1E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DD619905-3F36-47C9-9A3D-3DF13D18A882} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DE096EEA-A5C2-43ED-8211-BB53F4B16BD2} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DE2DF620-514B-4012-8187-A97009909295} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DEA042BF-E40B-406C-B040-6607FC3D7B80} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DEE6B4AE-0B60-47BF-8ABE-DA5F1A25CC0E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{DEEC2E2C-1F73-414A-A6D3-44EC495A7155} folder moved successfully.
C:\Users\Irochka\AppData\Local\{E0546890-425D-4D8D-BA09-8655106000A3} folder moved successfully.
C:\Users\Irochka\AppData\Local\{E05C6E8D-1102-4BF4-A8A9-1589DA68DC03} folder moved successfully.
C:\Users\Irochka\AppData\Local\{E0A396A1-6F19-412E-8B19-12391223BF15} folder moved successfully.
C:\Users\Irochka\AppData\Local\{E19B097C-C7F9-4564-B82C-08F23B137322} folder moved successfully.
C:\Users\Irochka\AppData\Local\{E352D571-8571-427E-AF05-2F332CDFF332} folder moved successfully.
C:\Users\Irochka\AppData\Local\{E665A3F7-531F-42A8-A021-51D738562143} folder moved successfully.
C:\Users\Irochka\AppData\Local\{E7645ABE-C085-4D96-9B0F-CD20AAB47E56} folder moved successfully.
C:\Users\Irochka\AppData\Local\{E9448DF0-47AD-4713-AA6C-91222C91E643} folder moved successfully.
C:\Users\Irochka\AppData\Local\{EF9EA3A3-7790-4DD3-905A-FE4A2963FCBD} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F016064C-BA4B-4E04-880C-429DE2C2B6DB} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F0501164-0FAA-498D-9CBC-43CBE1DAEA12} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F13264F8-9A31-4DE1-AED1-9FFAC1809569} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F18EC208-2809-4988-925C-B48F3F63C476} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F230A904-F4F7-45E2-9338-396B2F8B5024} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F25484FC-843D-442E-B55A-B3E186D7A719} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F26F7446-DC55-4AD7-B413-331852DE9880} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F39BDF3A-C500-4F48-B8BA-EE8431DFB687} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F4512435-6037-4D33-A5B4-BD801DAF246D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F48A502E-3510-491A-989B-FEB5DB9E5F84} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F648086D-CC28-4451-838D-D616D77A8BA9} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F6865246-D30E-4123-8007-F0E567EC09F0} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F6B9AD7D-F2F6-4F28-A82D-5DB4F2852616} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F6E2B6FA-3556-4203-8625-5997973390C7} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F71E4831-011A-4A29-917F-06217C2274AD} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F73737EC-A285-43E2-AB2A-C7B3CF8DF765} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F7C65A17-56AA-440A-A613-B2A67354221D} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F9BB1E5F-92EA-473F-A2CF-8D2346237CFA} folder moved successfully.
C:\Users\Irochka\AppData\Local\{F9F029AF-4942-40D5-BE1D-0E26FD4670F8} folder moved successfully.
C:\Users\Irochka\AppData\Local\{FCABE0E5-9CBD-4736-9A39-0235C5E0E05E} folder moved successfully.
C:\Users\Irochka\AppData\Local\{FCC23CE3-1936-4323-9C32-E187CFFF52A3} folder moved successfully.
C:\Users\Irochka\AppData\Local\{FCF5D4A0-8DA2-4F75-A78A-6EE8C1AB8DEA} folder moved successfully.
C:\Users\Irochka\AppData\Local\{FD868519-5251-49CE-9E40-2A6DDD12E968} folder moved successfully.
C:\Users\Irochka\AppData\Local\{FD99901A-FC28-46F7-A379-259C73FB07E8} folder moved successfully.
C:\Users\Irochka\AppData\Local\{FDF86D1A-DBAE-427F-B496-DB8C0DFA57B0} folder moved successfully.
C:\Users\Irochka\AppData\Local\{FE400702-4687-4B51-ADC7-EDD565962603} folder moved successfully.
C:\Users\Irochka\AppData\Local\{FF19C0F4-1F09-4B94-B76B-BA972DBF5865} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\Irochka\AppData\Local\Temp\DC3Dx64.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\DivXInstaller.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\DivXSetup.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\FlashPlayerUpdate.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\msgD26D.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\ose00001.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\OutlookConnector.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\pdf24-creator-update.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\SearchWithGoogleUpdate.exe moved successfully.
C:\Users\Irochka\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Irochka\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Irochka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Irochka\Desktop\cmd.bat deleted successfully.
C:\Users\Irochka\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Irochka
->Temp folder emptied: 1592549215 bytes
->Temporary Internet Files folder emptied: 2161659722 bytes
->FireFox cache emptied: 183877570 bytes
->Google Chrome cache emptied: 6452670 bytes
->Flash cache emptied: 90423 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 713375579 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36130192 bytes
RecycleBin emptied: 188264847 bytes
Total Files Cleaned = 4.656,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 08292012_132104
Files\Folders moved on Reboot...
C:\Users\Irochka\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
29.08.2012, 18:59
| #4 |
| /// Helfer-Team | Trojaner Trojan.Ransom.FGen entfernen Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
03.09.2012, 07:15
| #5 |
| | Trojaner Trojan.Ransom.FGen entfernen Vielen vielen Dank, äußerlich läuft er einwandfrei! Unten noch der Scan vom letzten Malwarebytes-Scan. Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.31.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Irochka :: IROCHKA-VAIO [Administrator] 31.08.2012 12:34:33 mbam-log-2012-08-31 (12-34-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 364431 Laufzeit: 1 Stunde(n), 37 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\08292012_132104\C_Users\Irochka\AppData\Local\Microsoft\Windows\4891\sdchange.exe (Trojan.Zbot.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen Dank, Andreas |
|
03.09.2012, 20:12
| #6 |
| /// Helfer-Team | Trojaner Trojan.Ransom.FGen entfernen Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Trojaner Trojan.Ransom.FGen entfernen |
|
24.10.2012, 08:43
| #7 |
| /// Helfer-Team | Trojaner Trojan.Ransom.FGen entfernen Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Trojaner Trojan.Ransom.FGen entfernen |
| autorun, bho, bildschirm, bonjour, computer, document, entfernen, error, failed, firefox, flash player, format, gesperrt, home, install.exe, logfile, object, office 2007, officejet, plug-in, realtek, registry, rundll, security, senden, server, software, svchost.exe, symantec, trojan.ransom.fgen, trojaner |
Linear-Darstellung
