Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner / Infizierung / Logfiles

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 14.10.2012, 13:55   #1
MichaelHH
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Moin zusammen,
auch mich hat es leider erwischt.
Der Kaspersky Windowsunlocker hatte leider keinen Erfolg.
Nun habe ich die Schritte des folgenden Posts abgearbeitet:
http://www.trojaner-board.de/69886-a...-beachten.html

Im Anhang die Logfiles...hoffentlich vollständig und mit allen benötigten Daten.

Für Eure Hilfe schon einmal vielen Dank im voraus!!

Viele Grüße,
Michael

Alt 14.10.2012, 20:46   #2
DerJazzer
/// Malwareteam
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________

__________________

Alt 15.10.2012, 13:56   #3
DerJazzer
/// Malwareteam
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Hallo und

Ich bin Christoph und möchte dir bei deinem Problem helfen.
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (Posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software außer Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen außer ich fordere Dich dazu auf. Erschwert mir nämlich das Auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Schritt 1
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Bitte poste in deiner nächsten Antwort
  • Combofix.txt
__________________
__________________

Alt 15.10.2012, 14:38   #4
MichaelHH
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Moin Christoph,

vielen Dank für die Hilfe!!
ComboFix ist erflogreich durchgelaufen.
Hier der Inhalt der ComboFix.txt

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-14.03 - Horst 15.10.2012  15:12:18.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.49.1031.18.1790.872 [GMT 2:00]
ausgeführt von:: c:\users\Horst\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\87_fg.pad
c:\users\Horst\Babylon7_setup_eng_ger_eng.exe
c:\windows\IsUn0407.exe
c:\windows\system32\SET8DE9.tmp
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-15 bis 2012-10-15  ))))))))))))))))))))))))))))))
.
.
2012-10-15 13:19 . 2012-10-15 13:24	--------	d-----w-	c:\users\Horst\AppData\Local\temp
2012-10-15 13:19 . 2012-10-15 13:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-14 10:28 . 2012-10-14 10:28	--------	d-----w-	c:\users\Horst\AppData\Roaming\Malwarebytes
2012-10-14 10:08 . 2012-10-14 10:08	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-14 10:08 . 2012-10-14 10:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-14 10:08 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-12 14:42 . 2012-10-12 14:42	--------	d-----w-	C:\found.000
2012-10-03 12:07 . 2012-10-03 12:07	--------	d-----w-	c:\program files\SiteRanker
2012-10-03 12:05 . 2012-10-03 12:05	--------	d-----w-	c:\program files\Inbox Toolbar
2012-10-01 07:23 . 2012-10-01 07:23	--------	d-----w-	c:\windows\Sun
2012-10-01 07:23 . 2012-10-01 07:23	--------	d-----w-	c:\users\Horst\AppData\Roaming\Haufe
2012-10-01 07:23 . 2012-10-01 07:23	--------	d-----w-	c:\users\Horst\AppData\Local\Haufe
2012-10-01 07:16 . 2012-10-01 07:18	--------	d-----w-	c:\programdata\Lexware
2012-10-01 07:16 . 2012-10-01 07:16	--------	d-----w-	c:\programdata\BTrieve
2012-10-01 07:16 . 2012-10-01 07:16	--------	d-----w-	c:\program files\Lexware
2012-10-01 07:14 . 2012-10-01 07:14	86016	----a-r-	c:\users\Horst\AppData\Roaming\Microsoft\Installer\{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}\ARPPRODUCTICON.exe
2012-10-01 07:13 . 2012-10-01 07:13	--------	d-----w-	c:\program files\Haufe
2012-10-01 07:13 . 2012-10-01 07:13	--------	d-----w-	c:\programdata\Haufe
2012-10-01 07:13 . 2007-07-12 00:22	69632	----a-w-	c:\windows\system32\javacpl.cpl
2012-10-01 07:12 . 2012-10-01 07:13	--------	d-----w-	c:\program files\Java
2012-10-01 07:12 . 2012-10-01 07:12	--------	d-----w-	c:\program files\Common Files\Java
2012-10-01 07:06 . 2012-10-01 07:06	--------	d-----w-	c:\program files\Microsoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 08:17 . 2012-10-09 08:42	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FDF7213-4007-44CA-9CF8-D438BB622116}\mpengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-09-04 06:15	343296	----a-w-	c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37	221184	----a-w-	c:\program files\Family Toolbar\mhxpcomi.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"S3Trayp"="S3trayp.exe" [2006-12-15 176128]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-01-02 471040]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2007-12-21 791392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TrayServer"="c:\progra~1\MAGIX\FILME_~1\TrayServer.exe" [2008-01-17 90112]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"InboxToolbar"="c:\program files\Inbox Toolbar\Inbox.exe" [2012-09-20 1661144]
"SiteRanker"="c:\program files\SiteRanker\SiteRankTray.exe" [2012-09-04 320000]
.
c:\users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lotus Organizer EasyClip.lnk - c:\program files\lotus\organize\easyclip6.exe [1999-9-15 229432]
PC sync Quick Data Copy.lnk - c:\pcsync\QDCTRAY.EXE [2007-9-16 28672]
PMB Medien-Prüfung.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-7-6 333088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Photo Loader resident.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2007-9-16 217088]
Telefonauskunft für den PC 2005 - Schnellstarter.lnk - c:\program files\Telefonauskunft für den PC\Telefonauskunft für den PC 2005\KSTART32.EXE [2007-9-16 437760]
wissen.de kit.lnk - c:\program files\connex software GmbH\wissen.de kit\kit.exe [2008-11-1 1960960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 06:27	570664	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-10 19:04	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2310108276-4256975300-3386034454-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [x]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-12 17:34]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 18:01]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 18:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: wissen.de kit - c:\progra~1\CONNEX~1\WISSEN~1.DEK\kit.htm
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\lotus\organize\bandobjs.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
.
.
------- Dateityp-Verknüpfung -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Device Detection - c:\program files\Lidl_Fotos\dd.exe
AddRemove-AGFINSTALL - c:\windows\agfclean
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-15 15:28
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1???????????????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:00000042
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\System32\s3trayp.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\IoctlSvc.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-15  15:33:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-15 13:33
.
Vor Suchlauf: 15 Verzeichnis(se), 12.319.088.640 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 14.691.020.800 Bytes frei
.
- - End Of File - - 4DB9D029EAAA13AB1CE72E3856FEB797
         
--- --- ---


Liest sich ja nicht so sooo schlecht, aber ich bin gespannt was Du sagst...

Danke und Gruß,
Michael

Alt 15.10.2012, 15:42   #5
DerJazzer
/// Malwareteam
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Hi Michael

sieht gut aus, sind aber noch Reste übrig.

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=dword:0x1

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2310108276-4256975300-3386034454-1000]
"EnableNotifications" =dword:0x1

:Commands
[emptytemp]
         
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2

Malwarebytes
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter "Log Dateien" finden.


Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Starte bitte die OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.


Bitte poste in deiner nächsten Antwort
  • OTL-Fixlog
  • Malwarebytes-Log
  • Eset-log
  • OTL.txt & Extras.txt

__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 16.10.2012, 07:05   #6
MichaelHH
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Moin Christoph,

ales klar...hat geklappt...auf in die nächste Runde ;-)

Ich mußte die Dateien wieder als Archiv anhängen.
ESET hat nichts gefunden, daher wurde mir kein Report angeboten(screenshot mit im Arschiv).

Was meinst Du?
Tausend Dank und viele Grüße,
Michael

Alt 16.10.2012, 15:32   #7
DerJazzer
/// Malwareteam
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Hi Michael

Du hast auf deinem System seit längerer Zeit keine Updates eingespielt, das müssen wir jetzt nachholen.

Schritt 1
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.


Schritt 2
  • Gehe sicher, dass Windows verfügbare Updates automatisch installiert: Klicke auf Start -> Systemsteuerung -> System und Sicherheit -> Automatische Updates aktivieren oder deaktivieren
  • Vergewissere dich, dass unter Wichtige Updates die Option Updates automatisch installieren (empfohlen) aktiviert und unter Empfohlene Updates der Haken bei Empfohlene Updates auf die gleiche Weise wie wichtige Updates bereitstellen gesetzt ist.

Installiere alle angebotenen Updates.



Schritt 3

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunterladen.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Schritt 5

Adobe-Reader-Update
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader
    Start--> Systemsteuerung--> Software--> Adobe Reader
    und lade dir die neue Version von Hier herunter-
    Entferne den Haken für den McAfee SecurityScan bzw. Google Chrome.


Schritt 6
  • Deinstalliere bitte deine aktuelle Version vom Adobe FlashPlayer
    Start--> Systemsteuerung--> Software--> Adobe Flashplayer (Activex)
    und lade dir die neue Version von Hier herunter-
    Entferne den Haken für den McAfee SecurityScan bzw. Google Chrome.


Schritt 7

Deine Version von Avira ist veraltet.
  • Bitte downloade dir von hier die aktuelle Version.
  • Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die folgende Software:
    Code:
    ATTFilter
    Avira AntiVir Personal - Free Antivirus
             
    Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden oder nicht deinstallieren kannst.
  • Downloade dir jetzt den Avira-RegistryCleaner und führe ihn aus. Lasse alle gefundenen Schlüssel löschen und stimme dem geforderten Neustart zu.
  • Installiere jetzt die neue Version von Avira, die du gerade heruntergeladen hast.
    Alternativ, downloade und Installiere Dir eines der folgenden AVPs.


Schritt 8

Starte bitte die OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.


Bitte poste in deiner nächsten Antwort
  • AdwCleaner[S1].txt
  • OTL.txt & Extras.txt
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 17.10.2012, 22:01   #8
MichaelHH
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Moin Christoph,

ich sollte wohl wirklich mehr auf die Updates achten :-/
Die Schritte wurden alle befolgt...Logs im Anhang.

DANKE...mal wieder...!

Viele Grüße,
Michael

Alt 18.10.2012, 17:41   #9
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Hi,

ich übernehme ab hier, da DerJazzer sehr beschäftigt ist im Moment.

Bitte poste die Logfiles in den Thread, nicht anhängen, und teile mir mit ob Du noch Probleme hast.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.10.2012, 17:56   #10
MichaelHH
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Moin schrauber,

es sind zu viele Zeichen um es in Threads zu verpacken, daher habe ich dem Forum-Hinweis folge geleistet...

Zitat:
Der Text, den Sie eingegeben haben, besteht aus 164780 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.

Logs bitte als Archiv an den Beitrag anhängen!

Die OTL alleine hat schon über 120.000 Zeichen.
Probleme gibt es keine mehr. Scheint alles hervorragend geklappt zu haben.

Sorry für die Umstände!

Danke und Gruß,
Michael

Alt 18.10.2012, 18:03   #11
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Adwcleaner öffnen > uninstall

Dann AdwCleaner neu laden und suchen lassen, danach löschen lassen. Dann bitte ein frisches OTL logfile, einfach Quick scan klicken.

Die 3 Logfiles sollten klein genug sein um sie einzeln im Thread zu posten
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.10.2012, 17:21   #12
MichaelHH
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Moin schrauber,

OK...also bei Quickscan bekomme ich keine Extras.txt.
Daher habe ich auch noch mal einen "Scan" durchgeführt.
Die OTL Dateien sind bei beiden Scans (Quickscan und "normaler" Scan) über 120.000 Zeichen lang und können hier nicht gepostet werden.
Daher leider erneut als Anhang.

Hier die AdwCleaner[S1]
Zitat:
# AdwCleaner v2.005 - Datei am 19/10/2012 um 17:18:00 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic (32 bits)
# Benutzer : Horst - HORST-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Horst\Desktop\adwcleaner2.005.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Users\Horst\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Horst\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Horst\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.17037

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [4055 octets] - [19/10/2012 17:16:45]
AdwCleaner[S1].txt - [3697 octets] - [19/10/2012 17:18:00]

########## EOF - C:\AdwCleaner[S1].txt - [3757 octets] ##########
Hier die Extras aus dem normalen Scan:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.10.2012 17:51:02 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Horst\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 53,87% Memory free
3,72 Gb Paging File | 2,65 Gb Available in Paging File | 71,45% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 12,68 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 3,31 Gb Free Space | 7,34% Space Free | Partition Type: NTFS
 
Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2310108276-4256975300-3386034454-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10C7E70B-4D7F-4F0D-8D5A-4FF143EF0023}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{136F02DF-44FF-458C-B9C5-E1D34AA8B051}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{207AC436-3E0B-4EC1-B529-917287767E4B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2C0DC0BA-865A-445D-8606-832127A6ABE5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3256CA43-A42E-4F7F-9DFB-52A599568045}" = lport=139 | protocol=6 | dir=in | app=system | 
"{389A5095-21DC-4563-BED1-399354272F2F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{47DB4AC4-1418-49F7-AFF5-2A1CF1530634}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4E6ECF93-BA1D-4E61-B29E-90BB90C89F27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{663E2054-B099-4181-A3B9-4B82A0D19C4E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{74372E62-A8B1-4BA3-93D1-86B9D1559A74}" = lport=138 | protocol=17 | dir=in | app=system | 
"{75C3BDEF-1BD5-444E-82D3-CCE86CC920F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{77B880A8-78F3-49AB-8A5A-02E493E41D95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{85E808D3-9219-4919-982A-12C03C399428}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{872B5F1A-2402-432A-8F74-29ED58CE2DB4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8C781EB5-9DDF-4ED1-8358-C0C4A382A48E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{93F1F60D-C07D-4AFE-872D-DE65F52E8D32}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{983A6196-3E0C-4462-BE32-B362D93E9FC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99421341-2B29-4E41-BAAD-437887420EC6}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{A3E121A6-3CBE-46C3-AE32-9EDE18819E39}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C94ABF4F-EA09-4222-AEC6-34C058867D2B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D0AB2CD9-A2B9-4CC4-8F8E-2A4CCE13FF56}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D5BE0BE1-16B8-4AA4-B0D3-6C312D5FEF72}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027E35D7-0BCA-4BF2-B43E-85DDFD03D92A}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{07700AEE-EB31-4550-B4ED-AA5C229F9DA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C6E81AE-36E5-47F2-AB5E-D302EEDDCDEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0D20E043-5BB3-4A9A-90F8-6B9024E338C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{13083BD2-3F1B-42BD-A8D0-50130AEA8945}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1899F855-A2EC-485A-ADFA-692A9EC83960}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1C2BB0F8-C11F-49C4-9AEF-0AF086E46DC5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{384E067B-B1C7-4C48-A025-D6FD3DAC032C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3A55F86D-85D5-4986-A0B8-C02596BDD503}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5CC8C4CF-C735-4844-BBB3-FFD197503011}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{85FA4783-3136-44BD-9964-88B804BC2703}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF841E7F-408F-4D30-AF26-F7996834F831}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{AFF4F0B3-7E9B-40AC-A03C-624EA3A2FFF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B611791C-CBA3-465C-8552-E71D68B47463}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C253BA6B-707A-43ED-BD30-0A3FA5364535}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C3D6C123-5488-481D-A6BB-529BD58EAB22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D7D9F724-51A3-42A1-AB5E-506F254C1366}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E142854F-5C50-4481-8397-A119D2DB719B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F614FC4D-D83E-4868-80BB-6CF243A5E8D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8C4492B-B9F1-42D6-AA2C-22809782CA84}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FC52C706-5A6F-4474-837B-1DE5EB81817E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FCE10908-2060-4265-9090-E595F9225406}" = protocol=6 | dir=out | app=system | 
"TCP Query User{198ABA51-EB49-42DC-8364-09C30C4F35C9}C:\program files\agfeo\tk-suite-basic\tools\ctimon.exe" = protocol=6 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tools\ctimon.exe | 
"TCP Query User{2EE123D1-25B4-4437-AC2F-BC9A7366A126}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{2F00680E-4414-42E4-9D11-DB19AC114DFB}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"TCP Query User{3DC7CFA3-E51D-4C57-B87F-D03F5164E4DB}C:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe" = protocol=6 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe | 
"TCP Query User{7695D138-E459-4709-B9B9-E2AE676D4569}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{A12C9B40-B011-49A7-899A-AC931EA4C889}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"TCP Query User{D502EE73-8DAB-411F-BEA0-77312D687BE0}C:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe" = protocol=6 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe | 
"TCP Query User{E9372A0E-9DEA-4121-A6B7-D73A1BCE6B18}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{0338947E-5D85-4B21-85E1-D71E5E742075}C:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe" = protocol=17 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe | 
"UDP Query User{126A0E04-BEF2-4A5A-994C-60E83C9BE595}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3E074027-3757-4C22-8F73-3EF19BC187B8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{8AC6773D-4BE8-4069-A768-ED85AC594CEE}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"UDP Query User{8B84909F-FFE3-4EA1-A523-A4DB5B5CE3DB}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe | 
"UDP Query User{D5A4D89D-502B-4391-B1A5-1FF1B1E531EE}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{D805E500-F854-44E2-890E-61EB9938CB19}C:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe" = protocol=17 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe | 
"UDP Query User{E6118DB0-89D8-4DCE-AC58-5E5914B5DF22}C:\program files\agfeo\tk-suite-basic\tools\ctimon.exe" = protocol=17 | dir=in | app=c:\program files\agfeo\tk-suite-basic\tools\ctimon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""TopWare Print-Studio"" = "TopWare Print-Studio"
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{043671DC-DE3A-4A5B-B7A2-34F7DF6F5523}" = Haufe iDesk-Browser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{09B7AB90-B6F6-4D33-9E0E-3F8056EE8DF0}" = 4200_Help
"{0C419DF8-74EE-4491-BDE5-409642047D46}" = Telefonauskunft für den PC
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0FE6C844-4243-4F5B-BC5B-E8B4C3450946}" = USB CASIO Digital Camera Device Driver
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}" = Photohands 1.0G
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C5B3B2-E935-441F-9D3A-0B331E1FE4B9}" = HOT ALBUM MYBOX
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.2G
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91065458-A5CF-474C-9160-B44B974B3C25}" = MAGIX USB-Videowandler 2
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3E9492-87F0-4D08-B054-2596F738AB35}" = 4200Trb
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A4E86B6A-6EEC-41FD-8960-26947F0E3353}" = Haufe iDesk-Service
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B754B683-E23C-4583-9312-50AD86836B42}" = Steuer Hilfesammlung
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE4FBF52-6825-4C31-8C7A-B12FA71A1583}" = 4200
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AGFEO TK-Soft 32" = AGFEO TK-Soft 32
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Family Toolbar" = Family Toolbar
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Updater" = Google Updater
"GPS Photo Tagger_TSI" = GPS Photo Tagger V1.2.3.h10
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{57C5B3B2-E935-441F-9D3A-0B331E1FE4B9}" = HOT ALBUM MYBOX
"InstallShield_{91065458-A5CF-474C-9160-B44B974B3C25}" = MAGIX USB-Videowandler 2
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"KlickTel98" = KlickTel ´98 32-Bit
"MAGIX Filme auf DVD 8 D" = MAGIX Filme auf DVD 8 8.0.0.11 (D)
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.2
"MAGIX Music Cleaning Lab 2008 deluxe D" = MAGIX Music Cleaning Lab 2008 deluxe 9.0.0.0 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nokia Ovi Suite" = Nokia Ovi Suite
"Organizer V99.1" = Lotus Organizer 6.0
"Picasa 3" = Picasa 3
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"TVEpaDrv" = MAGIXUSB-Videowandler 2 Device Driver
"verwandt.de - Home Edition_is1" = verwandt.de - Home Edition 1.02
"VIA Chrome9 HC IGP Windows Vista Display" = VIA Chrome9 HC IGP Windows Vista Display
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WinRAR archiver" = WinRAR
"wissen.de kit" = wissen.de kit
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.10.2012 03:42:29 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.17037, Zeitstempel
 0x4b9658a0, fehlerhaftes Modul AviraCallingIDhelper.dll, Version 1.0.0.1, Zeitstempel
 0x503567b5, Ausnahmecode 0xc0000096, Fehleroffset 0x0001ccf8,  Prozess-ID 0xe7c, 
Anwendungsstartzeit 01cdad041569293e.
 
Error - 18.10.2012 03:43:51 | Computer Name = Horst-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6000.17037, Zeitstempel
 0x4b9658a0, fehlerhaftes Modul AviraCallingIDhelper.dll, Version 1.0.0.1, Zeitstempel
 0x503567b5, Ausnahmecode 0xc0000096, Fehleroffset 0x0001ccf8,  Prozess-ID 0xe9c, 
Anwendungsstartzeit 01cdad04297a281a.
 
Error - 18.10.2012 03:53:47 | Computer Name = Horst-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.10.2012 03:55:55 | Computer Name = Horst-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 18.10.2012 05:41:50 | Computer Name = Horst-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.10.2012 05:43:38 | Computer Name = Horst-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 19.10.2012 11:07:40 | Computer Name = Horst-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.10.2012 11:10:00 | Computer Name = Horst-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 19.10.2012 11:28:38 | Computer Name = Horst-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.10.2012 11:31:14 | Computer Name = Horst-PC | Source = WerSvc | ID = 5007
Description = 
 
[ System Events ]
Error - 17.10.2012 16:13:26 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 17.10.2012 16:24:34 | Computer Name = Horst-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.10.2012 05:39:02 | Computer Name = Horst-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.120 für die Netzwerkkarte mit der Netzwerkadresse
 00140B3493DE wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 18.10.2012 05:39:06 | Computer Name = Horst-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker HP Officejet 4200 series fax nicht
 unter dem Namen HP Officejet 4200 series fax freigeben. Fehler: 2114. Der Drucker
 kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 18.10.2012 05:39:06 | Computer Name = Horst-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker HP Officejet 4200 series (Neu)
 nicht unter dem Namen HP Officejet 4200 series (Neu) freigeben. Fehler: 2114. Der
 Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 19.10.2012 11:06:54 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.10.2012 11:07:26 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 19.10.2012 11:25:08 | Computer Name = Horst-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 19.10.2012 11:28:03 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.10.2012 11:28:34 | Computer Name = Horst-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
--- --- ---


Wie gesagt...die Dateien sind leider zu lang. :-(
Sorry!

Viele Grüße,
Michael

Alt 19.10.2012, 19:06   #13
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
:files
C:\Users\Horst\*.IDX
:Commands
[emptytemp]
         
[list][*]und füge es hier ein: [*] Schließe alle Programme.[*] Klicke auf den Fix Button.[*] Klick auf .[*] OTL verlangt einen Neustart. Bitte zulassen.[*] Nach dem Neustart findest Du ein Textdokument.
/list]
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.10.2012, 08:32   #14
MichaelHH
 
GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Moin schrauber,

ok, ohne Probleme durchgelaufen...hier die Log-Datei.
Zitat:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Users\Horst\CA00.IDX moved successfully.
C:\Users\Horst\CA01.IDX moved successfully.
C:\Users\Horst\CA02.IDX moved successfully.
C:\Users\Horst\CA03.IDX moved successfully.
C:\Users\Horst\CA04.IDX moved successfully.
C:\Users\Horst\CA05.IDX moved successfully.
C:\Users\Horst\CA06.IDX moved successfully.
C:\Users\Horst\CA07.IDX moved successfully.
C:\Users\Horst\CA08.IDX moved successfully.
C:\Users\Horst\CA09.IDX moved successfully.
C:\Users\Horst\CA0A.IDX moved successfully.
C:\Users\Horst\CA0B.IDX moved successfully.
C:\Users\Horst\CA0C.IDX moved successfully.
C:\Users\Horst\CA0D.IDX moved successfully.
C:\Users\Horst\CA0E.IDX moved successfully.
C:\Users\Horst\CA0F.IDX moved successfully.
C:\Users\Horst\CA10.IDX moved successfully.
C:\Users\Horst\CA11.IDX moved successfully.
C:\Users\Horst\CA12.IDX moved successfully.
C:\Users\Horst\CA13.IDX moved successfully.
C:\Users\Horst\CA14.IDX moved successfully.
C:\Users\Horst\CA15.IDX moved successfully.
C:\Users\Horst\CA16.IDX moved successfully.
C:\Users\Horst\CA17.IDX moved successfully.
C:\Users\Horst\CA18.IDX moved successfully.
C:\Users\Horst\CA19.IDX moved successfully.
C:\Users\Horst\CA1A.IDX moved successfully.
C:\Users\Horst\CA1B.IDX moved successfully.
C:\Users\Horst\CA1C.IDX moved successfully.
C:\Users\Horst\CA1D.IDX moved successfully.
C:\Users\Horst\CA1E.IDX moved successfully.
C:\Users\Horst\CA1F.IDX moved successfully.
C:\Users\Horst\CA20.IDX moved successfully.
C:\Users\Horst\CA21.IDX moved successfully.
C:\Users\Horst\CA22.IDX moved successfully.
C:\Users\Horst\CA23.IDX moved successfully.
C:\Users\Horst\CA24.IDX moved successfully.
C:\Users\Horst\CA25.IDX moved successfully.
C:\Users\Horst\CA26.IDX moved successfully.
C:\Users\Horst\CA27.IDX moved successfully.
C:\Users\Horst\CA28.IDX moved successfully.
C:\Users\Horst\CA29.IDX moved successfully.
C:\Users\Horst\CA2A.IDX moved successfully.
C:\Users\Horst\CA2B.IDX moved successfully.
C:\Users\Horst\CA2C.IDX moved successfully.
C:\Users\Horst\CA2D.IDX moved successfully.
C:\Users\Horst\CA2E.IDX moved successfully.
C:\Users\Horst\CA2F.IDX moved successfully.
C:\Users\Horst\CA30.IDX moved successfully.
C:\Users\Horst\CA31.IDX moved successfully.
C:\Users\Horst\CA32.IDX moved successfully.
C:\Users\Horst\CA33.IDX moved successfully.
C:\Users\Horst\CA34.IDX moved successfully.
C:\Users\Horst\CA35.IDX moved successfully.
C:\Users\Horst\CA36.IDX moved successfully.
C:\Users\Horst\CA37.IDX moved successfully.
C:\Users\Horst\CA38.IDX moved successfully.
C:\Users\Horst\CA39.IDX moved successfully.
C:\Users\Horst\CA3A.IDX moved successfully.
C:\Users\Horst\CA3B.IDX moved successfully.
C:\Users\Horst\CA3C.IDX moved successfully.
C:\Users\Horst\CA3D.IDX moved successfully.
C:\Users\Horst\CA3E.IDX moved successfully.
C:\Users\Horst\CA3F.IDX moved successfully.
C:\Users\Horst\CA40.IDX moved successfully.
C:\Users\Horst\CA41.IDX moved successfully.
C:\Users\Horst\CA42.IDX moved successfully.
C:\Users\Horst\CA43.IDX moved successfully.
C:\Users\Horst\CA44.IDX moved successfully.
C:\Users\Horst\CA45.IDX moved successfully.
C:\Users\Horst\CA46.IDX moved successfully.
C:\Users\Horst\CA47.IDX moved successfully.
C:\Users\Horst\CA48.IDX moved successfully.
C:\Users\Horst\CA49.IDX moved successfully.
C:\Users\Horst\CA4A.IDX moved successfully.
C:\Users\Horst\CA4B.IDX moved successfully.
C:\Users\Horst\CA4C.IDX moved successfully.
C:\Users\Horst\CA4D.IDX moved successfully.
C:\Users\Horst\CA4E.IDX moved successfully.
C:\Users\Horst\CA4F.IDX moved successfully.
C:\Users\Horst\CA50.IDX moved successfully.
C:\Users\Horst\CA51.IDX moved successfully.
C:\Users\Horst\CA52.IDX moved successfully.
C:\Users\Horst\CA53.IDX moved successfully.
C:\Users\Horst\CA54.IDX moved successfully.
C:\Users\Horst\CA55.IDX moved successfully.
C:\Users\Horst\CA56.IDX moved successfully.
C:\Users\Horst\CA57.IDX moved successfully.
C:\Users\Horst\CA58.IDX moved successfully.
C:\Users\Horst\CA59.IDX moved successfully.
C:\Users\Horst\CA5A.IDX moved successfully.
C:\Users\Horst\CA5B.IDX moved successfully.
C:\Users\Horst\CA5C.IDX moved successfully.
C:\Users\Horst\CA5D.IDX moved successfully.
C:\Users\Horst\CA5E.IDX moved successfully.
C:\Users\Horst\CA5F.IDX moved successfully.
C:\Users\Horst\CA60.IDX moved successfully.
C:\Users\Horst\CA61.IDX moved successfully.
C:\Users\Horst\CA62.IDX moved successfully.
C:\Users\Horst\CA63.IDX moved successfully.
C:\Users\Horst\CA64.IDX moved successfully.
C:\Users\Horst\CA65.IDX moved successfully.
C:\Users\Horst\CA66.IDX moved successfully.
C:\Users\Horst\CA67.IDX moved successfully.
C:\Users\Horst\CA68.IDX moved successfully.
C:\Users\Horst\CA69.IDX moved successfully.
C:\Users\Horst\CA6A.IDX moved successfully.
C:\Users\Horst\CA6B.IDX moved successfully.
C:\Users\Horst\CA6C.IDX moved successfully.
C:\Users\Horst\CA6D.IDX moved successfully.
C:\Users\Horst\CA6E.IDX moved successfully.
C:\Users\Horst\CA6F.IDX moved successfully.
C:\Users\Horst\CA70.IDX moved successfully.
C:\Users\Horst\CA71.IDX moved successfully.
C:\Users\Horst\CA72.IDX moved successfully.
C:\Users\Horst\CA73.IDX moved successfully.
C:\Users\Horst\CA74.IDX moved successfully.
C:\Users\Horst\CA75.IDX moved successfully.
C:\Users\Horst\CA76.IDX moved successfully.
C:\Users\Horst\CA77.IDX moved successfully.
C:\Users\Horst\CA78.IDX moved successfully.
C:\Users\Horst\CA79.IDX moved successfully.
C:\Users\Horst\CA7A.IDX moved successfully.
C:\Users\Horst\CA7B.IDX moved successfully.
C:\Users\Horst\CA7C.IDX moved successfully.
C:\Users\Horst\CA7D.IDX moved successfully.
C:\Users\Horst\CA7E.IDX moved successfully.
C:\Users\Horst\CA7F.IDX moved successfully.
C:\Users\Horst\CA80.IDX moved successfully.
C:\Users\Horst\CA81.IDX moved successfully.
C:\Users\Horst\CA82.IDX moved successfully.
C:\Users\Horst\CA83.IDX moved successfully.
C:\Users\Horst\CA84.IDX moved successfully.
C:\Users\Horst\CA85.IDX moved successfully.
C:\Users\Horst\CA86.IDX moved successfully.
C:\Users\Horst\CA87.IDX moved successfully.
C:\Users\Horst\CA88.IDX moved successfully.
C:\Users\Horst\CA89.IDX moved successfully.
C:\Users\Horst\CA8A.IDX moved successfully.
C:\Users\Horst\CA8B.IDX moved successfully.
C:\Users\Horst\CA8C.IDX moved successfully.
C:\Users\Horst\CA8D.IDX moved successfully.
C:\Users\Horst\CA8E.IDX moved successfully.
C:\Users\Horst\CA8F.IDX moved successfully.
C:\Users\Horst\CA90.IDX moved successfully.
C:\Users\Horst\CA91.IDX moved successfully.
C:\Users\Horst\CA92.IDX moved successfully.
C:\Users\Horst\CA93.IDX moved successfully.
C:\Users\Horst\CA94.IDX moved successfully.
C:\Users\Horst\CA95.IDX moved successfully.
C:\Users\Horst\CA96.IDX moved successfully.
C:\Users\Horst\CA97.IDX moved successfully.
C:\Users\Horst\CA98.IDX moved successfully.
C:\Users\Horst\CA99.IDX moved successfully.
C:\Users\Horst\CA9A.IDX moved successfully.
C:\Users\Horst\CA9B.IDX moved successfully.
C:\Users\Horst\CA9C.IDX moved successfully.
C:\Users\Horst\CA9D.IDX moved successfully.
C:\Users\Horst\CA9E.IDX moved successfully.
C:\Users\Horst\CA9F.IDX moved successfully.
C:\Users\Horst\CAA0.IDX moved successfully.
C:\Users\Horst\CAA1.IDX moved successfully.
C:\Users\Horst\CAA2.IDX moved successfully.
C:\Users\Horst\CAA3.IDX moved successfully.
C:\Users\Horst\CAA4.IDX moved successfully.
C:\Users\Horst\CAA5.IDX moved successfully.
C:\Users\Horst\CAA6.IDX moved successfully.
C:\Users\Horst\CAA7.IDX moved successfully.
C:\Users\Horst\CAA8.IDX moved successfully.
C:\Users\Horst\CAA9.IDX moved successfully.
C:\Users\Horst\CAAA.IDX moved successfully.
C:\Users\Horst\CAAB.IDX moved successfully.
C:\Users\Horst\CAAC.IDX moved successfully.
C:\Users\Horst\CAAD.IDX moved successfully.
C:\Users\Horst\CAAE.IDX moved successfully.
C:\Users\Horst\CAAF.IDX moved successfully.
C:\Users\Horst\CAB0.IDX moved successfully.
C:\Users\Horst\CAB1.IDX moved successfully.
C:\Users\Horst\CAB2.IDX moved successfully.
C:\Users\Horst\CAB3.IDX moved successfully.
C:\Users\Horst\CAB4.IDX moved successfully.
C:\Users\Horst\CAB5.IDX moved successfully.
C:\Users\Horst\CAB6.IDX moved successfully.
C:\Users\Horst\CAB7.IDX moved successfully.
C:\Users\Horst\CAB8.IDX moved successfully.
C:\Users\Horst\CAB9.IDX moved successfully.
C:\Users\Horst\CABA.IDX moved successfully.
C:\Users\Horst\CABB.IDX moved successfully.
C:\Users\Horst\CABC.IDX moved successfully.
C:\Users\Horst\CABD.IDX moved successfully.
C:\Users\Horst\CABE.IDX moved successfully.
C:\Users\Horst\CABF.IDX moved successfully.
C:\Users\Horst\CAC0.IDX moved successfully.
C:\Users\Horst\CAC1.IDX moved successfully.
C:\Users\Horst\CAC2.IDX moved successfully.
C:\Users\Horst\CAC3.IDX moved successfully.
C:\Users\Horst\CAC4.IDX moved successfully.
C:\Users\Horst\CAC5.IDX moved successfully.
C:\Users\Horst\CAC6.IDX moved successfully.
C:\Users\Horst\CAC7.IDX moved successfully.
C:\Users\Horst\CAC8.IDX moved successfully.
C:\Users\Horst\CAC9.IDX moved successfully.
C:\Users\Horst\CACA.IDX moved successfully.
C:\Users\Horst\CACB.IDX moved successfully.
C:\Users\Horst\CACC.IDX moved successfully.
C:\Users\Horst\CACD.IDX moved successfully.
C:\Users\Horst\CACE.IDX moved successfully.
C:\Users\Horst\CACF.IDX moved successfully.
C:\Users\Horst\CAD0.IDX moved successfully.
C:\Users\Horst\CAD1.IDX moved successfully.
C:\Users\Horst\CAD2.IDX moved successfully.
C:\Users\Horst\CAD3.IDX moved successfully.
C:\Users\Horst\CAD4.IDX moved successfully.
C:\Users\Horst\CAD5.IDX moved successfully.
C:\Users\Horst\CAD6.IDX moved successfully.
C:\Users\Horst\CAD7.IDX moved successfully.
C:\Users\Horst\CAD8.IDX moved successfully.
C:\Users\Horst\CAD9.IDX moved successfully.
C:\Users\Horst\CADA.IDX moved successfully.
C:\Users\Horst\CADB.IDX moved successfully.
C:\Users\Horst\CADC.IDX moved successfully.
C:\Users\Horst\CADD.IDX moved successfully.
C:\Users\Horst\CADE.IDX moved successfully.
C:\Users\Horst\CADF.IDX moved successfully.
C:\Users\Horst\CAE0.IDX moved successfully.
C:\Users\Horst\CAE1.IDX moved successfully.
C:\Users\Horst\CAE2.IDX moved successfully.
C:\Users\Horst\CAE3.IDX moved successfully.
C:\Users\Horst\CAE4.IDX moved successfully.
C:\Users\Horst\CAE5.IDX moved successfully.
C:\Users\Horst\CAE6.IDX moved successfully.
C:\Users\Horst\CAE7.IDX moved successfully.
C:\Users\Horst\CAE8.IDX moved successfully.
C:\Users\Horst\CAE9.IDX moved successfully.
C:\Users\Horst\CAEA.IDX moved successfully.
C:\Users\Horst\CAEB.IDX moved successfully.
C:\Users\Horst\CAEC.IDX moved successfully.
C:\Users\Horst\CAED.IDX moved successfully.
C:\Users\Horst\CAEE.IDX moved successfully.
C:\Users\Horst\CAEF.IDX moved successfully.
C:\Users\Horst\CAF0.IDX moved successfully.
C:\Users\Horst\CAF1.IDX moved successfully.
C:\Users\Horst\CAF2.IDX moved successfully.
C:\Users\Horst\CAF3.IDX moved successfully.
C:\Users\Horst\CAF4.IDX moved successfully.
C:\Users\Horst\CAF5.IDX moved successfully.
C:\Users\Horst\CAF6.IDX moved successfully.
C:\Users\Horst\CAF7.IDX moved successfully.
C:\Users\Horst\CAF8.IDX moved successfully.
C:\Users\Horst\CAF9.IDX moved successfully.
C:\Users\Horst\CAFA.IDX moved successfully.
C:\Users\Horst\CAFB.IDX moved successfully.
C:\Users\Horst\CAFC.IDX moved successfully.
C:\Users\Horst\CAFD.IDX moved successfully.
C:\Users\Horst\CAFE.IDX moved successfully.
C:\Users\Horst\CAFF.IDX moved successfully.
C:\Users\Horst\CAUC.IDX moved successfully.
C:\Users\Horst\CH00.IDX moved successfully.
C:\Users\Horst\CH01.IDX moved successfully.
C:\Users\Horst\CH02.IDX moved successfully.
C:\Users\Horst\CH03.IDX moved successfully.
C:\Users\Horst\CH04.IDX moved successfully.
C:\Users\Horst\CH05.IDX moved successfully.
C:\Users\Horst\CH06.IDX moved successfully.
C:\Users\Horst\CH07.IDX moved successfully.
C:\Users\Horst\CH08.IDX moved successfully.
C:\Users\Horst\CH09.IDX moved successfully.
C:\Users\Horst\CH0A.IDX moved successfully.
C:\Users\Horst\CH0B.IDX moved successfully.
C:\Users\Horst\CH0C.IDX moved successfully.
C:\Users\Horst\CH0D.IDX moved successfully.
C:\Users\Horst\CH0E.IDX moved successfully.
C:\Users\Horst\CH0F.IDX moved successfully.
C:\Users\Horst\CH10.IDX moved successfully.
C:\Users\Horst\CH11.IDX moved successfully.
C:\Users\Horst\CH12.IDX moved successfully.
C:\Users\Horst\CH13.IDX moved successfully.
C:\Users\Horst\CH14.IDX moved successfully.
C:\Users\Horst\CH15.IDX moved successfully.
C:\Users\Horst\CH16.IDX moved successfully.
C:\Users\Horst\CH17.IDX moved successfully.
C:\Users\Horst\CH18.IDX moved successfully.
C:\Users\Horst\CH19.IDX moved successfully.
C:\Users\Horst\CH1A.IDX moved successfully.
C:\Users\Horst\CH1B.IDX moved successfully.
C:\Users\Horst\CH1C.IDX moved successfully.
C:\Users\Horst\CH1D.IDX moved successfully.
C:\Users\Horst\CH1E.IDX moved successfully.
C:\Users\Horst\CH1F.IDX moved successfully.
C:\Users\Horst\CH20.IDX moved successfully.
C:\Users\Horst\CH21.IDX moved successfully.
C:\Users\Horst\CH22.IDX moved successfully.
C:\Users\Horst\CH23.IDX moved successfully.
C:\Users\Horst\CH24.IDX moved successfully.
C:\Users\Horst\CH25.IDX moved successfully.
C:\Users\Horst\CH26.IDX moved successfully.
C:\Users\Horst\CH27.IDX moved successfully.
C:\Users\Horst\CH28.IDX moved successfully.
C:\Users\Horst\CH29.IDX moved successfully.
C:\Users\Horst\CH2A.IDX moved successfully.
C:\Users\Horst\CH2B.IDX moved successfully.
C:\Users\Horst\CH2C.IDX moved successfully.
C:\Users\Horst\CH2D.IDX moved successfully.
C:\Users\Horst\CH2E.IDX moved successfully.
C:\Users\Horst\CH2F.IDX moved successfully.
C:\Users\Horst\CH30.IDX moved successfully.
C:\Users\Horst\CH31.IDX moved successfully.
C:\Users\Horst\CH32.IDX moved successfully.
C:\Users\Horst\CH33.IDX moved successfully.
C:\Users\Horst\CH34.IDX moved successfully.
C:\Users\Horst\CH35.IDX moved successfully.
C:\Users\Horst\CH36.IDX moved successfully.
C:\Users\Horst\CH37.IDX moved successfully.
C:\Users\Horst\CH38.IDX moved successfully.
C:\Users\Horst\CH39.IDX moved successfully.
C:\Users\Horst\CH3A.IDX moved successfully.
C:\Users\Horst\CH3B.IDX moved successfully.
C:\Users\Horst\CH3C.IDX moved successfully.
C:\Users\Horst\CH3D.IDX moved successfully.
C:\Users\Horst\CH3E.IDX moved successfully.
C:\Users\Horst\CH3F.IDX moved successfully.
C:\Users\Horst\CH40.IDX moved successfully.
C:\Users\Horst\CH41.IDX moved successfully.
C:\Users\Horst\CH42.IDX moved successfully.
C:\Users\Horst\CH43.IDX moved successfully.
C:\Users\Horst\CH44.IDX moved successfully.
C:\Users\Horst\CH45.IDX moved successfully.
C:\Users\Horst\CH46.IDX moved successfully.
C:\Users\Horst\CH47.IDX moved successfully.
C:\Users\Horst\CH48.IDX moved successfully.
C:\Users\Horst\CH49.IDX moved successfully.
C:\Users\Horst\CH4A.IDX moved successfully.
C:\Users\Horst\CH4B.IDX moved successfully.
C:\Users\Horst\CH4C.IDX moved successfully.
C:\Users\Horst\CH4D.IDX moved successfully.
C:\Users\Horst\CH4E.IDX moved successfully.
C:\Users\Horst\CH4F.IDX moved successfully.
C:\Users\Horst\CH50.IDX moved successfully.
C:\Users\Horst\CH51.IDX moved successfully.
C:\Users\Horst\CH52.IDX moved successfully.
C:\Users\Horst\CH53.IDX moved successfully.
C:\Users\Horst\CH54.IDX moved successfully.
C:\Users\Horst\CH55.IDX moved successfully.
C:\Users\Horst\CH56.IDX moved successfully.
C:\Users\Horst\CH57.IDX moved successfully.
C:\Users\Horst\CH58.IDX moved successfully.
C:\Users\Horst\CH59.IDX moved successfully.
C:\Users\Horst\CH5A.IDX moved successfully.
C:\Users\Horst\CH5B.IDX moved successfully.
C:\Users\Horst\CH5C.IDX moved successfully.
C:\Users\Horst\CH5D.IDX moved successfully.
C:\Users\Horst\CH5E.IDX moved successfully.
C:\Users\Horst\CH5F.IDX moved successfully.
C:\Users\Horst\CH60.IDX moved successfully.
C:\Users\Horst\CH61.IDX moved successfully.
C:\Users\Horst\CH62.IDX moved successfully.
C:\Users\Horst\CH63.IDX moved successfully.
C:\Users\Horst\CH64.IDX moved successfully.
C:\Users\Horst\CH65.IDX moved successfully.
C:\Users\Horst\CH66.IDX moved successfully.
C:\Users\Horst\CH67.IDX moved successfully.
C:\Users\Horst\CH68.IDX moved successfully.
C:\Users\Horst\CH69.IDX moved successfully.
C:\Users\Horst\CH6A.IDX moved successfully.
C:\Users\Horst\CH6B.IDX moved successfully.
C:\Users\Horst\CH6C.IDX moved successfully.
C:\Users\Horst\CH6D.IDX moved successfully.
C:\Users\Horst\CH6E.IDX moved successfully.
C:\Users\Horst\CH6F.IDX moved successfully.
C:\Users\Horst\CH70.IDX moved successfully.
C:\Users\Horst\CH71.IDX moved successfully.
C:\Users\Horst\CH72.IDX moved successfully.
C:\Users\Horst\CH73.IDX moved successfully.
C:\Users\Horst\CH74.IDX moved successfully.
C:\Users\Horst\CH75.IDX moved successfully.
C:\Users\Horst\CH76.IDX moved successfully.
C:\Users\Horst\CH77.IDX moved successfully.
C:\Users\Horst\CH78.IDX moved successfully.
C:\Users\Horst\CH79.IDX moved successfully.
C:\Users\Horst\CH7A.IDX moved successfully.
C:\Users\Horst\CH7B.IDX moved successfully.
C:\Users\Horst\CH7C.IDX moved successfully.
C:\Users\Horst\CH7D.IDX moved successfully.
C:\Users\Horst\CH7E.IDX moved successfully.
C:\Users\Horst\CH7F.IDX moved successfully.
C:\Users\Horst\CH80.IDX moved successfully.
C:\Users\Horst\CH81.IDX moved successfully.
C:\Users\Horst\CH82.IDX moved successfully.
C:\Users\Horst\CH83.IDX moved successfully.
C:\Users\Horst\CH84.IDX moved successfully.
C:\Users\Horst\CH85.IDX moved successfully.
C:\Users\Horst\CH86.IDX moved successfully.
C:\Users\Horst\CH87.IDX moved successfully.
C:\Users\Horst\CH88.IDX moved successfully.
C:\Users\Horst\CH89.IDX moved successfully.
C:\Users\Horst\CH8A.IDX moved successfully.
C:\Users\Horst\CH8B.IDX moved successfully.
C:\Users\Horst\CH8C.IDX moved successfully.
C:\Users\Horst\CH8D.IDX moved successfully.
C:\Users\Horst\CH8E.IDX moved successfully.
C:\Users\Horst\CH8F.IDX moved successfully.
C:\Users\Horst\CH90.IDX moved successfully.
C:\Users\Horst\CH91.IDX moved successfully.
C:\Users\Horst\CH92.IDX moved successfully.
C:\Users\Horst\CH93.IDX moved successfully.
C:\Users\Horst\CH94.IDX moved successfully.
C:\Users\Horst\CH95.IDX moved successfully.
C:\Users\Horst\CH96.IDX moved successfully.
C:\Users\Horst\CH97.IDX moved successfully.
C:\Users\Horst\CH98.IDX moved successfully.
C:\Users\Horst\CH99.IDX moved successfully.
C:\Users\Horst\CH9A.IDX moved successfully.
C:\Users\Horst\CH9B.IDX moved successfully.
C:\Users\Horst\CH9C.IDX moved successfully.
C:\Users\Horst\CH9D.IDX moved successfully.
C:\Users\Horst\CH9E.IDX moved successfully.
C:\Users\Horst\CH9F.IDX moved successfully.
C:\Users\Horst\CHA0.IDX moved successfully.
C:\Users\Horst\CHA1.IDX moved successfully.
C:\Users\Horst\CHA2.IDX moved successfully.
C:\Users\Horst\CHA3.IDX moved successfully.
C:\Users\Horst\CHA4.IDX moved successfully.
C:\Users\Horst\CHA5.IDX moved successfully.
C:\Users\Horst\CHA6.IDX moved successfully.
C:\Users\Horst\CHA7.IDX moved successfully.
C:\Users\Horst\CHA8.IDX moved successfully.
C:\Users\Horst\CHA9.IDX moved successfully.
C:\Users\Horst\CHAA.IDX moved successfully.
C:\Users\Horst\CHAB.IDX moved successfully.
C:\Users\Horst\CHAC.IDX moved successfully.
C:\Users\Horst\CHAD.IDX moved successfully.
C:\Users\Horst\CHAE.IDX moved successfully.
C:\Users\Horst\CHAF.IDX moved successfully.
C:\Users\Horst\CHB0.IDX moved successfully.
C:\Users\Horst\CHB1.IDX moved successfully.
C:\Users\Horst\CHB2.IDX moved successfully.
C:\Users\Horst\CHB3.IDX moved successfully.
C:\Users\Horst\CHB4.IDX moved successfully.
C:\Users\Horst\CHB5.IDX moved successfully.
C:\Users\Horst\CHB6.IDX moved successfully.
C:\Users\Horst\CHB7.IDX moved successfully.
C:\Users\Horst\CHB8.IDX moved successfully.
C:\Users\Horst\CHB9.IDX moved successfully.
C:\Users\Horst\CHBA.IDX moved successfully.
C:\Users\Horst\CHBB.IDX moved successfully.
C:\Users\Horst\CHBC.IDX moved successfully.
C:\Users\Horst\CHBD.IDX moved successfully.
C:\Users\Horst\CHBE.IDX moved successfully.
C:\Users\Horst\CHBF.IDX moved successfully.
C:\Users\Horst\CHC0.IDX moved successfully.
C:\Users\Horst\CHC1.IDX moved successfully.
C:\Users\Horst\CHC2.IDX moved successfully.
C:\Users\Horst\CHC3.IDX moved successfully.
C:\Users\Horst\CHC4.IDX moved successfully.
C:\Users\Horst\CHC5.IDX moved successfully.
C:\Users\Horst\CHC6.IDX moved successfully.
C:\Users\Horst\CHC7.IDX moved successfully.
C:\Users\Horst\CHC8.IDX moved successfully.
C:\Users\Horst\CHC9.IDX moved successfully.
C:\Users\Horst\CHCA.IDX moved successfully.
C:\Users\Horst\CHCB.IDX moved successfully.
C:\Users\Horst\CHCC.IDX moved successfully.
C:\Users\Horst\CHCD.IDX moved successfully.
C:\Users\Horst\CHCE.IDX moved successfully.
C:\Users\Horst\CHCF.IDX moved successfully.
C:\Users\Horst\CHD0.IDX moved successfully.
C:\Users\Horst\CHD1.IDX moved successfully.
C:\Users\Horst\CHD2.IDX moved successfully.
C:\Users\Horst\CHD3.IDX moved successfully.
C:\Users\Horst\CHD4.IDX moved successfully.
C:\Users\Horst\CHD5.IDX moved successfully.
C:\Users\Horst\CHD6.IDX moved successfully.
C:\Users\Horst\CHD7.IDX moved successfully.
C:\Users\Horst\CHD8.IDX moved successfully.
C:\Users\Horst\CHD9.IDX moved successfully.
C:\Users\Horst\CHDA.IDX moved successfully.
C:\Users\Horst\CHDB.IDX moved successfully.
C:\Users\Horst\CHDC.IDX moved successfully.
C:\Users\Horst\CHDD.IDX moved successfully.
C:\Users\Horst\CHDE.IDX moved successfully.
C:\Users\Horst\CHDF.IDX moved successfully.
C:\Users\Horst\CHE0.IDX moved successfully.
C:\Users\Horst\CHE1.IDX moved successfully.
C:\Users\Horst\CHE2.IDX moved successfully.
C:\Users\Horst\CHE3.IDX moved successfully.
C:\Users\Horst\CHE4.IDX moved successfully.
C:\Users\Horst\CHE5.IDX moved successfully.
C:\Users\Horst\CHE6.IDX moved successfully.
C:\Users\Horst\CHE7.IDX moved successfully.
C:\Users\Horst\CHE8.IDX moved successfully.
C:\Users\Horst\CHE9.IDX moved successfully.
C:\Users\Horst\CHEA.IDX moved successfully.
C:\Users\Horst\CHEB.IDX moved successfully.
C:\Users\Horst\CHEC.IDX moved successfully.
C:\Users\Horst\CHED.IDX moved successfully.
C:\Users\Horst\CHEE.IDX moved successfully.
C:\Users\Horst\CHEF.IDX moved successfully.
C:\Users\Horst\CHF0.IDX moved successfully.
C:\Users\Horst\CHF1.IDX moved successfully.
C:\Users\Horst\CHF2.IDX moved successfully.
C:\Users\Horst\CHF3.IDX moved successfully.
C:\Users\Horst\CHF4.IDX moved successfully.
C:\Users\Horst\CHF5.IDX moved successfully.
C:\Users\Horst\CHF6.IDX moved successfully.
C:\Users\Horst\CHF7.IDX moved successfully.
C:\Users\Horst\CHF8.IDX moved successfully.
C:\Users\Horst\CHF9.IDX moved successfully.
C:\Users\Horst\CHFA.IDX moved successfully.
C:\Users\Horst\CHFB.IDX moved successfully.
C:\Users\Horst\CHFC.IDX moved successfully.
C:\Users\Horst\CHFD.IDX moved successfully.
C:\Users\Horst\CHFE.IDX moved successfully.
C:\Users\Horst\CHFF.IDX moved successfully.
C:\Users\Horst\CT00.IDX moved successfully.
C:\Users\Horst\CT01.IDX moved successfully.
C:\Users\Horst\CT02.IDX moved successfully.
C:\Users\Horst\CT03.IDX moved successfully.
C:\Users\Horst\CT04.IDX moved successfully.
C:\Users\Horst\CT05.IDX moved successfully.
C:\Users\Horst\CT06.IDX moved successfully.
C:\Users\Horst\CT07.IDX moved successfully.
C:\Users\Horst\CT08.IDX moved successfully.
C:\Users\Horst\CT09.IDX moved successfully.
C:\Users\Horst\CT0A.IDX moved successfully.
C:\Users\Horst\CT0B.IDX moved successfully.
C:\Users\Horst\CT0C.IDX moved successfully.
C:\Users\Horst\CT0D.IDX moved successfully.
C:\Users\Horst\CT0E.IDX moved successfully.
C:\Users\Horst\CT0F.IDX moved successfully.
C:\Users\Horst\CT10.IDX moved successfully.
C:\Users\Horst\CT11.IDX moved successfully.
C:\Users\Horst\CT12.IDX moved successfully.
C:\Users\Horst\CT13.IDX moved successfully.
C:\Users\Horst\CT14.IDX moved successfully.
C:\Users\Horst\CT15.IDX moved successfully.
C:\Users\Horst\CT16.IDX moved successfully.
C:\Users\Horst\CT17.IDX moved successfully.
C:\Users\Horst\CT18.IDX moved successfully.
C:\Users\Horst\CT19.IDX moved successfully.
C:\Users\Horst\CT1A.IDX moved successfully.
C:\Users\Horst\CT1B.IDX moved successfully.
C:\Users\Horst\CT1C.IDX moved successfully.
C:\Users\Horst\CT1D.IDX moved successfully.
C:\Users\Horst\CT1E.IDX moved successfully.
C:\Users\Horst\CT1F.IDX moved successfully.
C:\Users\Horst\CT20.IDX moved successfully.
C:\Users\Horst\CT21.IDX moved successfully.
C:\Users\Horst\CT22.IDX moved successfully.
C:\Users\Horst\CT23.IDX moved successfully.
C:\Users\Horst\CT24.IDX moved successfully.
C:\Users\Horst\CT25.IDX moved successfully.
C:\Users\Horst\CT26.IDX moved successfully.
C:\Users\Horst\CT27.IDX moved successfully.
C:\Users\Horst\CT28.IDX moved successfully.
C:\Users\Horst\CT29.IDX moved successfully.
C:\Users\Horst\CT2A.IDX moved successfully.
C:\Users\Horst\CT2B.IDX moved successfully.
C:\Users\Horst\CT2C.IDX moved successfully.
C:\Users\Horst\CT2D.IDX moved successfully.
C:\Users\Horst\CT2E.IDX moved successfully.
C:\Users\Horst\CT2F.IDX moved successfully.
C:\Users\Horst\CT30.IDX moved successfully.
C:\Users\Horst\CT31.IDX moved successfully.
C:\Users\Horst\CT32.IDX moved successfully.
C:\Users\Horst\CT33.IDX moved successfully.
C:\Users\Horst\CT34.IDX moved successfully.
C:\Users\Horst\CT35.IDX moved successfully.
C:\Users\Horst\CT36.IDX moved successfully.
C:\Users\Horst\CT37.IDX moved successfully.
C:\Users\Horst\CT38.IDX moved successfully.
C:\Users\Horst\CT39.IDX moved successfully.
C:\Users\Horst\CT3A.IDX moved successfully.
C:\Users\Horst\CT3B.IDX moved successfully.
C:\Users\Horst\CT3C.IDX moved successfully.
C:\Users\Horst\CT3D.IDX moved successfully.
C:\Users\Horst\CT3E.IDX moved successfully.
C:\Users\Horst\CT3F.IDX moved successfully.
C:\Users\Horst\CT40.IDX moved successfully.
C:\Users\Horst\CT41.IDX moved successfully.
C:\Users\Horst\CT42.IDX moved successfully.
C:\Users\Horst\CT43.IDX moved successfully.
C:\Users\Horst\CT44.IDX moved successfully.
C:\Users\Horst\CT45.IDX moved successfully.
C:\Users\Horst\CT46.IDX moved successfully.
C:\Users\Horst\CT47.IDX moved successfully.
C:\Users\Horst\CT48.IDX moved successfully.
C:\Users\Horst\CT49.IDX moved successfully.
C:\Users\Horst\CT4A.IDX moved successfully.
C:\Users\Horst\CT4B.IDX moved successfully.
C:\Users\Horst\CT4C.IDX moved successfully.
C:\Users\Horst\CT4D.IDX moved successfully.
C:\Users\Horst\CT4E.IDX moved successfully.
C:\Users\Horst\CT4F.IDX moved successfully.
C:\Users\Horst\CT50.IDX moved successfully.
C:\Users\Horst\CT51.IDX moved successfully.
C:\Users\Horst\CT52.IDX moved successfully.
C:\Users\Horst\CT53.IDX moved successfully.
C:\Users\Horst\CT54.IDX moved successfully.
C:\Users\Horst\CT55.IDX moved successfully.
C:\Users\Horst\CT56.IDX moved successfully.
C:\Users\Horst\CT57.IDX moved successfully.
C:\Users\Horst\CT58.IDX moved successfully.
C:\Users\Horst\CT59.IDX moved successfully.
C:\Users\Horst\CT5A.IDX moved successfully.
C:\Users\Horst\CT5B.IDX moved successfully.
C:\Users\Horst\CT5C.IDX moved successfully.
C:\Users\Horst\CT5D.IDX moved successfully.
C:\Users\Horst\CT5E.IDX moved successfully.
C:\Users\Horst\CT5F.IDX moved successfully.
C:\Users\Horst\CT60.IDX moved successfully.
C:\Users\Horst\CT61.IDX moved successfully.
C:\Users\Horst\CT62.IDX moved successfully.
C:\Users\Horst\CT63.IDX moved successfully.
C:\Users\Horst\CT64.IDX moved successfully.
C:\Users\Horst\CT65.IDX moved successfully.
C:\Users\Horst\CT66.IDX moved successfully.
C:\Users\Horst\CT67.IDX moved successfully.
C:\Users\Horst\CT68.IDX moved successfully.
C:\Users\Horst\CT69.IDX moved successfully.
C:\Users\Horst\CT6A.IDX moved successfully.
C:\Users\Horst\CT6B.IDX moved successfully.
C:\Users\Horst\CT6C.IDX moved successfully.
C:\Users\Horst\CT6D.IDX moved successfully.
C:\Users\Horst\CT6E.IDX moved successfully.
C:\Users\Horst\CT6F.IDX moved successfully.
C:\Users\Horst\CT70.IDX moved successfully.
C:\Users\Horst\CT71.IDX moved successfully.
C:\Users\Horst\CT72.IDX moved successfully.
C:\Users\Horst\CT73.IDX moved successfully.
C:\Users\Horst\CT74.IDX moved successfully.
C:\Users\Horst\CT75.IDX moved successfully.
C:\Users\Horst\CT76.IDX moved successfully.
C:\Users\Horst\CT77.IDX moved successfully.
C:\Users\Horst\CT78.IDX moved successfully.
C:\Users\Horst\CT79.IDX moved successfully.
C:\Users\Horst\CT7A.IDX moved successfully.
C:\Users\Horst\CT7B.IDX moved successfully.
C:\Users\Horst\CT7C.IDX moved successfully.
C:\Users\Horst\CT7D.IDX moved successfully.
C:\Users\Horst\CT7E.IDX moved successfully.
C:\Users\Horst\CT7F.IDX moved successfully.
C:\Users\Horst\CT80.IDX moved successfully.
C:\Users\Horst\CT81.IDX moved successfully.
C:\Users\Horst\CT82.IDX moved successfully.
C:\Users\Horst\CT83.IDX moved successfully.
C:\Users\Horst\CT84.IDX moved successfully.
C:\Users\Horst\CT85.IDX moved successfully.
C:\Users\Horst\CT86.IDX moved successfully.
C:\Users\Horst\CT87.IDX moved successfully.
C:\Users\Horst\CT88.IDX moved successfully.
C:\Users\Horst\CT89.IDX moved successfully.
C:\Users\Horst\CT8A.IDX moved successfully.
C:\Users\Horst\CT8B.IDX moved successfully.
C:\Users\Horst\CT8C.IDX moved successfully.
C:\Users\Horst\CT8D.IDX moved successfully.
C:\Users\Horst\CT8E.IDX moved successfully.
C:\Users\Horst\CT8F.IDX moved successfully.
C:\Users\Horst\CT90.IDX moved successfully.
C:\Users\Horst\CT91.IDX moved successfully.
C:\Users\Horst\CT92.IDX moved successfully.
C:\Users\Horst\CT93.IDX moved successfully.
C:\Users\Horst\CT94.IDX moved successfully.
C:\Users\Horst\CT95.IDX moved successfully.
C:\Users\Horst\CT96.IDX moved successfully.
C:\Users\Horst\CT97.IDX moved successfully.
C:\Users\Horst\CT98.IDX moved successfully.
C:\Users\Horst\CT99.IDX moved successfully.
C:\Users\Horst\CT9A.IDX moved successfully.
C:\Users\Horst\CT9B.IDX moved successfully.
C:\Users\Horst\CT9C.IDX moved successfully.
C:\Users\Horst\CT9D.IDX moved successfully.
C:\Users\Horst\CT9E.IDX moved successfully.
C:\Users\Horst\CT9F.IDX moved successfully.
C:\Users\Horst\CTA0.IDX moved successfully.
C:\Users\Horst\CTA1.IDX moved successfully.
C:\Users\Horst\CTA2.IDX moved successfully.
C:\Users\Horst\CTA3.IDX moved successfully.
C:\Users\Horst\CTA4.IDX moved successfully.
C:\Users\Horst\CTA5.IDX moved successfully.
C:\Users\Horst\CTA6.IDX moved successfully.
C:\Users\Horst\CTA7.IDX moved successfully.
C:\Users\Horst\CTA8.IDX moved successfully.
C:\Users\Horst\CTA9.IDX moved successfully.
C:\Users\Horst\CTAA.IDX moved successfully.
C:\Users\Horst\CTAB.IDX moved successfully.
C:\Users\Horst\CTAC.IDX moved successfully.
C:\Users\Horst\CTAD.IDX moved successfully.
C:\Users\Horst\CTAE.IDX moved successfully.
C:\Users\Horst\CTAF.IDX moved successfully.
C:\Users\Horst\CTB0.IDX moved successfully.
C:\Users\Horst\CTB1.IDX moved successfully.
C:\Users\Horst\CTB2.IDX moved successfully.
C:\Users\Horst\CTB3.IDX moved successfully.
C:\Users\Horst\CTB4.IDX moved successfully.
C:\Users\Horst\CTB5.IDX moved successfully.
C:\Users\Horst\CTB6.IDX moved successfully.
C:\Users\Horst\CTB7.IDX moved successfully.
C:\Users\Horst\CTB8.IDX moved successfully.
C:\Users\Horst\CTB9.IDX moved successfully.
C:\Users\Horst\CTBA.IDX moved successfully.
C:\Users\Horst\CTBB.IDX moved successfully.
C:\Users\Horst\CTBC.IDX moved successfully.
C:\Users\Horst\CTBD.IDX moved successfully.
C:\Users\Horst\CTBE.IDX moved successfully.
C:\Users\Horst\CTBF.IDX moved successfully.
C:\Users\Horst\CTC0.IDX moved successfully.
C:\Users\Horst\CTC1.IDX moved successfully.
C:\Users\Horst\CTC2.IDX moved successfully.
C:\Users\Horst\CTC3.IDX moved successfully.
C:\Users\Horst\CTC4.IDX moved successfully.
C:\Users\Horst\CTC5.IDX moved successfully.
C:\Users\Horst\CTC6.IDX moved successfully.
C:\Users\Horst\CTC7.IDX moved successfully.
C:\Users\Horst\CTC8.IDX moved successfully.
C:\Users\Horst\CTC9.IDX moved successfully.
C:\Users\Horst\CTCA.IDX moved successfully.
C:\Users\Horst\CTCB.IDX moved successfully.
C:\Users\Horst\CTCC.IDX moved successfully.
C:\Users\Horst\CTCD.IDX moved successfully.
C:\Users\Horst\CTCE.IDX moved successfully.
C:\Users\Horst\CTCF.IDX moved successfully.
C:\Users\Horst\CTD0.IDX moved successfully.
C:\Users\Horst\CTD1.IDX moved successfully.
C:\Users\Horst\CTD2.IDX moved successfully.
C:\Users\Horst\CTD3.IDX moved successfully.
C:\Users\Horst\CTD4.IDX moved successfully.
C:\Users\Horst\CTD5.IDX moved successfully.
C:\Users\Horst\CTD6.IDX moved successfully.
C:\Users\Horst\CTD7.IDX moved successfully.
C:\Users\Horst\CTD8.IDX moved successfully.
C:\Users\Horst\CTD9.IDX moved successfully.
C:\Users\Horst\CTDA.IDX moved successfully.
C:\Users\Horst\CTDB.IDX moved successfully.
C:\Users\Horst\CTDC.IDX moved successfully.
C:\Users\Horst\CTDD.IDX moved successfully.
C:\Users\Horst\CTDE.IDX moved successfully.
C:\Users\Horst\CTDF.IDX moved successfully.
C:\Users\Horst\CTE0.IDX moved successfully.
C:\Users\Horst\CTE1.IDX moved successfully.
C:\Users\Horst\CTE2.IDX moved successfully.
C:\Users\Horst\CTE3.IDX moved successfully.
C:\Users\Horst\CTE4.IDX moved successfully.
C:\Users\Horst\CTE5.IDX moved successfully.
C:\Users\Horst\CTE6.IDX moved successfully.
C:\Users\Horst\CTE7.IDX moved successfully.
C:\Users\Horst\CTE8.IDX moved successfully.
C:\Users\Horst\CTE9.IDX moved successfully.
C:\Users\Horst\CTEA.IDX moved successfully.
C:\Users\Horst\CTEB.IDX moved successfully.
C:\Users\Horst\CTEC.IDX moved successfully.
C:\Users\Horst\CTED.IDX moved successfully.
C:\Users\Horst\CTEE.IDX moved successfully.
C:\Users\Horst\CTEF.IDX moved successfully.
C:\Users\Horst\CTF0.IDX moved successfully.
C:\Users\Horst\CTF1.IDX moved successfully.
C:\Users\Horst\CTF2.IDX moved successfully.
C:\Users\Horst\CTF3.IDX moved successfully.
C:\Users\Horst\CTF4.IDX moved successfully.
C:\Users\Horst\CTF5.IDX moved successfully.
C:\Users\Horst\CTF6.IDX moved successfully.
C:\Users\Horst\CTF7.IDX moved successfully.
C:\Users\Horst\CTF8.IDX moved successfully.
C:\Users\Horst\CTF9.IDX moved successfully.
C:\Users\Horst\CTFA.IDX moved successfully.
C:\Users\Horst\CTFB.IDX moved successfully.
C:\Users\Horst\CTFC.IDX moved successfully.
C:\Users\Horst\CTFD.IDX moved successfully.
C:\Users\Horst\CTFE.IDX moved successfully.
C:\Users\Horst\CTFF.IDX moved successfully.
C:\Users\Horst\CTUC.IDX moved successfully.
C:\Users\Horst\SA00.IDX moved successfully.
C:\Users\Horst\SA01.IDX moved successfully.
C:\Users\Horst\SA02.IDX moved successfully.
C:\Users\Horst\SA03.IDX moved successfully.
C:\Users\Horst\SA04.IDX moved successfully.
C:\Users\Horst\SA05.IDX moved successfully.
C:\Users\Horst\SA06.IDX moved successfully.
C:\Users\Horst\SA07.IDX moved successfully.
C:\Users\Horst\SA08.IDX moved successfully.
C:\Users\Horst\SA09.IDX moved successfully.
C:\Users\Horst\SA0A.IDX moved successfully.
C:\Users\Horst\SA0B.IDX moved successfully.
C:\Users\Horst\SA0C.IDX moved successfully.
C:\Users\Horst\SA0D.IDX moved successfully.
C:\Users\Horst\SA0E.IDX moved successfully.
C:\Users\Horst\SA0F.IDX moved successfully.
C:\Users\Horst\SA10.IDX moved successfully.
C:\Users\Horst\SA11.IDX moved successfully.
C:\Users\Horst\SA12.IDX moved successfully.
C:\Users\Horst\SA13.IDX moved successfully.
C:\Users\Horst\SA14.IDX moved successfully.
C:\Users\Horst\SA15.IDX moved successfully.
C:\Users\Horst\SA16.IDX moved successfully.
C:\Users\Horst\SA17.IDX moved successfully.
C:\Users\Horst\SA18.IDX moved successfully.
C:\Users\Horst\SA19.IDX moved successfully.
C:\Users\Horst\SA1A.IDX moved successfully.
C:\Users\Horst\SA1B.IDX moved successfully.
C:\Users\Horst\SA1C.IDX moved successfully.
C:\Users\Horst\SA1D.IDX moved successfully.
C:\Users\Horst\SA1E.IDX moved successfully.
C:\Users\Horst\SA1F.IDX moved successfully.
C:\Users\Horst\SA20.IDX moved successfully.
C:\Users\Horst\SA21.IDX moved successfully.
C:\Users\Horst\SA22.IDX moved successfully.
C:\Users\Horst\SA23.IDX moved successfully.
C:\Users\Horst\SA24.IDX moved successfully.
C:\Users\Horst\SA25.IDX moved successfully.
C:\Users\Horst\SA26.IDX moved successfully.
C:\Users\Horst\SA27.IDX moved successfully.
C:\Users\Horst\SA28.IDX moved successfully.
C:\Users\Horst\SA29.IDX moved successfully.
C:\Users\Horst\SA2A.IDX moved successfully.
C:\Users\Horst\SA2B.IDX moved successfully.
C:\Users\Horst\SA2C.IDX moved successfully.
C:\Users\Horst\SA2D.IDX moved successfully.
C:\Users\Horst\SA2E.IDX moved successfully.
C:\Users\Horst\SA2F.IDX moved successfully.
C:\Users\Horst\SA30.IDX moved successfully.
C:\Users\Horst\SA31.IDX moved successfully.
C:\Users\Horst\SA32.IDX moved successfully.
C:\Users\Horst\SA33.IDX moved successfully.
C:\Users\Horst\SA34.IDX moved successfully.
C:\Users\Horst\SA35.IDX moved successfully.
C:\Users\Horst\SA36.IDX moved successfully.
C:\Users\Horst\SA37.IDX moved successfully.
C:\Users\Horst\SA38.IDX moved successfully.
C:\Users\Horst\SA39.IDX moved successfully.
C:\Users\Horst\SA3A.IDX moved successfully.
C:\Users\Horst\SA3B.IDX moved successfully.
C:\Users\Horst\SA3C.IDX moved successfully.
C:\Users\Horst\SA3D.IDX moved successfully.
C:\Users\Horst\SA3E.IDX moved successfully.
C:\Users\Horst\SA3F.IDX moved successfully.
C:\Users\Horst\SA40.IDX moved successfully.
C:\Users\Horst\SA41.IDX moved successfully.
C:\Users\Horst\SA42.IDX moved successfully.
C:\Users\Horst\SA43.IDX moved successfully.
C:\Users\Horst\SA44.IDX moved successfully.
C:\Users\Horst\SA45.IDX moved successfully.
C:\Users\Horst\SA46.IDX moved successfully.
C:\Users\Horst\SA47.IDX moved successfully.
C:\Users\Horst\SA48.IDX moved successfully.
C:\Users\Horst\SA49.IDX moved successfully.
C:\Users\Horst\SA4A.IDX moved successfully.
C:\Users\Horst\SA4B.IDX moved successfully.
C:\Users\Horst\SA4C.IDX moved successfully.
C:\Users\Horst\SA4D.IDX moved successfully.
C:\Users\Horst\SA4E.IDX moved successfully.
C:\Users\Horst\SA4F.IDX moved successfully.
C:\Users\Horst\SA50.IDX moved successfully.
C:\Users\Horst\SA51.IDX moved successfully.
C:\Users\Horst\SA52.IDX moved successfully.
C:\Users\Horst\SA53.IDX moved successfully.
C:\Users\Horst\SA54.IDX moved successfully.
C:\Users\Horst\SA55.IDX moved successfully.
C:\Users\Horst\SA56.IDX moved successfully.
C:\Users\Horst\SA57.IDX moved successfully.
C:\Users\Horst\SA58.IDX moved successfully.
C:\Users\Horst\SA59.IDX moved successfully.
C:\Users\Horst\SA5A.IDX moved successfully.
C:\Users\Horst\SA5B.IDX moved successfully.
C:\Users\Horst\SA5C.IDX moved successfully.
C:\Users\Horst\SA5D.IDX moved successfully.
C:\Users\Horst\SA5E.IDX moved successfully.
C:\Users\Horst\SA5F.IDX moved successfully.
C:\Users\Horst\SA60.IDX moved successfully.
C:\Users\Horst\SA61.IDX moved successfully.
C:\Users\Horst\SA62.IDX moved successfully.
C:\Users\Horst\SA63.IDX moved successfully.
C:\Users\Horst\SA64.IDX moved successfully.
C:\Users\Horst\SA65.IDX moved successfully.
C:\Users\Horst\SA66.IDX moved successfully.
C:\Users\Horst\SA67.IDX moved successfully.
C:\Users\Horst\SA68.IDX moved successfully.
C:\Users\Horst\SA69.IDX moved successfully.
C:\Users\Horst\SA6A.IDX moved successfully.
C:\Users\Horst\SA6B.IDX moved successfully.
C:\Users\Horst\SA6C.IDX moved successfully.
C:\Users\Horst\SA6D.IDX moved successfully.
C:\Users\Horst\SA6E.IDX moved successfully.
C:\Users\Horst\SA6F.IDX moved successfully.
C:\Users\Horst\SA70.IDX moved successfully.
C:\Users\Horst\SA71.IDX moved successfully.
C:\Users\Horst\SA72.IDX moved successfully.
C:\Users\Horst\SA73.IDX moved successfully.
C:\Users\Horst\SA74.IDX moved successfully.
C:\Users\Horst\SA75.IDX moved successfully.
C:\Users\Horst\SA76.IDX moved successfully.
C:\Users\Horst\SA77.IDX moved successfully.
C:\Users\Horst\SA78.IDX moved successfully.
C:\Users\Horst\SA79.IDX moved successfully.
C:\Users\Horst\SA7A.IDX moved successfully.
C:\Users\Horst\SA7B.IDX moved successfully.
C:\Users\Horst\SA7C.IDX moved successfully.
C:\Users\Horst\SA7D.IDX moved successfully.
C:\Users\Horst\SA7E.IDX moved successfully.
C:\Users\Horst\SA7F.IDX moved successfully.
C:\Users\Horst\SA80.IDX moved successfully.
C:\Users\Horst\SA81.IDX moved successfully.
C:\Users\Horst\SA82.IDX moved successfully.
C:\Users\Horst\SA83.IDX moved successfully.
C:\Users\Horst\SA84.IDX moved successfully.
C:\Users\Horst\SA85.IDX moved successfully.
C:\Users\Horst\SA86.IDX moved successfully.
C:\Users\Horst\SA87.IDX moved successfully.
C:\Users\Horst\SA88.IDX moved successfully.
C:\Users\Horst\SA89.IDX moved successfully.
C:\Users\Horst\SA8A.IDX moved successfully.
C:\Users\Horst\SA8B.IDX moved successfully.
C:\Users\Horst\SA8C.IDX moved successfully.
C:\Users\Horst\SA8D.IDX moved successfully.
C:\Users\Horst\SA8E.IDX moved successfully.
C:\Users\Horst\SA8F.IDX moved successfully.
C:\Users\Horst\SA90.IDX moved successfully.
C:\Users\Horst\SA91.IDX moved successfully.
C:\Users\Horst\SA92.IDX moved successfully.
C:\Users\Horst\SA93.IDX moved successfully.
C:\Users\Horst\SA94.IDX moved successfully.
C:\Users\Horst\SA95.IDX moved successfully.
C:\Users\Horst\SA96.IDX moved successfully.
C:\Users\Horst\SA97.IDX moved successfully.
C:\Users\Horst\SA98.IDX moved successfully.
C:\Users\Horst\SA99.IDX moved successfully.
C:\Users\Horst\SA9A.IDX moved successfully.
C:\Users\Horst\SA9B.IDX moved successfully.
C:\Users\Horst\SA9C.IDX moved successfully.
C:\Users\Horst\SA9D.IDX moved successfully.
C:\Users\Horst\SA9E.IDX moved successfully.
C:\Users\Horst\SA9F.IDX moved successfully.
C:\Users\Horst\SAA0.IDX moved successfully.
C:\Users\Horst\SAA1.IDX moved successfully.
C:\Users\Horst\SAA2.IDX moved successfully.
C:\Users\Horst\SAA3.IDX moved successfully.
C:\Users\Horst\SAA4.IDX moved successfully.
C:\Users\Horst\SAA5.IDX moved successfully.
C:\Users\Horst\SAA6.IDX moved successfully.
C:\Users\Horst\SAA7.IDX moved successfully.
C:\Users\Horst\SAA8.IDX moved successfully.
C:\Users\Horst\SAA9.IDX moved successfully.
C:\Users\Horst\SAAA.IDX moved successfully.
C:\Users\Horst\SAAB.IDX moved successfully.
C:\Users\Horst\SAAC.IDX moved successfully.
C:\Users\Horst\SAAD.IDX moved successfully.
C:\Users\Horst\SAAE.IDX moved successfully.
C:\Users\Horst\SAAF.IDX moved successfully.
C:\Users\Horst\SAB0.IDX moved successfully.
C:\Users\Horst\SAB1.IDX moved successfully.
C:\Users\Horst\SAB2.IDX moved successfully.
C:\Users\Horst\SAB3.IDX moved successfully.
C:\Users\Horst\SAB4.IDX moved successfully.
C:\Users\Horst\SAB5.IDX moved successfully.
C:\Users\Horst\SAB6.IDX moved successfully.
C:\Users\Horst\SAB7.IDX moved successfully.
C:\Users\Horst\SAB8.IDX moved successfully.
C:\Users\Horst\SAB9.IDX moved successfully.
C:\Users\Horst\SABA.IDX moved successfully.
C:\Users\Horst\SABB.IDX moved successfully.
C:\Users\Horst\SABC.IDX moved successfully.
C:\Users\Horst\SABD.IDX moved successfully.
C:\Users\Horst\SABE.IDX moved successfully.
C:\Users\Horst\SABF.IDX moved successfully.
C:\Users\Horst\SAC0.IDX moved successfully.
C:\Users\Horst\SAC1.IDX moved successfully.
C:\Users\Horst\SAC2.IDX moved successfully.
C:\Users\Horst\SAC3.IDX moved successfully.
C:\Users\Horst\SAC4.IDX moved successfully.
C:\Users\Horst\SAC5.IDX moved successfully.
C:\Users\Horst\SAC6.IDX moved successfully.
C:\Users\Horst\SAC7.IDX moved successfully.
C:\Users\Horst\SAC8.IDX moved successfully.
C:\Users\Horst\SAC9.IDX moved successfully.
C:\Users\Horst\SACA.IDX moved successfully.
C:\Users\Horst\SACB.IDX moved successfully.
C:\Users\Horst\SACC.IDX moved successfully.
C:\Users\Horst\SACD.IDX moved successfully.
C:\Users\Horst\SACE.IDX moved successfully.
C:\Users\Horst\SACF.IDX moved successfully.
C:\Users\Horst\SAD0.IDX moved successfully.
C:\Users\Horst\SAD1.IDX moved successfully.
C:\Users\Horst\SAD2.IDX moved successfully.
C:\Users\Horst\SAD3.IDX moved successfully.
C:\Users\Horst\SAD4.IDX moved successfully.
C:\Users\Horst\SAD5.IDX moved successfully.
C:\Users\Horst\SAD6.IDX moved successfully.
C:\Users\Horst\SAD7.IDX moved successfully.
C:\Users\Horst\SAD8.IDX moved successfully.
C:\Users\Horst\SAD9.IDX moved successfully.
C:\Users\Horst\SADA.IDX moved successfully.
C:\Users\Horst\SADB.IDX moved successfully.
C:\Users\Horst\SADC.IDX moved successfully.
C:\Users\Horst\SADD.IDX moved successfully.
C:\Users\Horst\SADE.IDX moved successfully.
C:\Users\Horst\SADF.IDX moved successfully.
C:\Users\Horst\SAE0.IDX moved successfully.
C:\Users\Horst\SAE1.IDX moved successfully.
C:\Users\Horst\SAE2.IDX moved successfully.
C:\Users\Horst\SAE3.IDX moved successfully.
C:\Users\Horst\SAE4.IDX moved successfully.
C:\Users\Horst\SAE5.IDX moved successfully.
C:\Users\Horst\SAE6.IDX moved successfully.
C:\Users\Horst\SAE7.IDX moved successfully.
C:\Users\Horst\SAE8.IDX moved successfully.
C:\Users\Horst\SAE9.IDX moved successfully.
C:\Users\Horst\SAEA.IDX moved successfully.
C:\Users\Horst\SAEB.IDX moved successfully.
C:\Users\Horst\SAEC.IDX moved successfully.
C:\Users\Horst\SAED.IDX moved successfully.
C:\Users\Horst\SAEE.IDX moved successfully.
C:\Users\Horst\SAEF.IDX moved successfully.
C:\Users\Horst\SAF0.IDX moved successfully.
C:\Users\Horst\SAF1.IDX moved successfully.
C:\Users\Horst\SAF2.IDX moved successfully.
C:\Users\Horst\SAF3.IDX moved successfully.
C:\Users\Horst\SAF4.IDX moved successfully.
C:\Users\Horst\SAF5.IDX moved successfully.
C:\Users\Horst\SAF6.IDX moved successfully.
C:\Users\Horst\SAF7.IDX moved successfully.
C:\Users\Horst\SAF8.IDX moved successfully.
C:\Users\Horst\SAF9.IDX moved successfully.
C:\Users\Horst\SAFA.IDX moved successfully.
C:\Users\Horst\SAFB.IDX moved successfully.
C:\Users\Horst\SAFC.IDX moved successfully.
C:\Users\Horst\SAFD.IDX moved successfully.
C:\Users\Horst\SAFE.IDX moved successfully.
C:\Users\Horst\SAFF.IDX moved successfully.
C:\Users\Horst\SAUC.IDX moved successfully.
C:\Users\Horst\ST00.IDX moved successfully.
C:\Users\Horst\ST01.IDX moved successfully.
C:\Users\Horst\ST02.IDX moved successfully.
C:\Users\Horst\ST03.IDX moved successfully.
C:\Users\Horst\ST04.IDX moved successfully.
C:\Users\Horst\ST05.IDX moved successfully.
C:\Users\Horst\ST06.IDX moved successfully.
C:\Users\Horst\ST07.IDX moved successfully.
C:\Users\Horst\ST08.IDX moved successfully.
C:\Users\Horst\ST09.IDX moved successfully.
C:\Users\Horst\ST0A.IDX moved successfully.
C:\Users\Horst\ST0B.IDX moved successfully.
C:\Users\Horst\ST0C.IDX moved successfully.
C:\Users\Horst\ST0D.IDX moved successfully.
C:\Users\Horst\ST0E.IDX moved successfully.
C:\Users\Horst\ST0F.IDX moved successfully.
C:\Users\Horst\ST10.IDX moved successfully.
C:\Users\Horst\ST11.IDX moved successfully.
C:\Users\Horst\ST12.IDX moved successfully.
C:\Users\Horst\ST13.IDX moved successfully.
C:\Users\Horst\ST14.IDX moved successfully.
C:\Users\Horst\ST15.IDX moved successfully.
C:\Users\Horst\ST16.IDX moved successfully.
C:\Users\Horst\ST17.IDX moved successfully.
C:\Users\Horst\ST18.IDX moved successfully.
C:\Users\Horst\ST19.IDX moved successfully.
C:\Users\Horst\ST1A.IDX moved successfully.
C:\Users\Horst\ST1B.IDX moved successfully.
C:\Users\Horst\ST1C.IDX moved successfully.
C:\Users\Horst\ST1D.IDX moved successfully.
C:\Users\Horst\ST1E.IDX moved successfully.
C:\Users\Horst\ST1F.IDX moved successfully.
C:\Users\Horst\ST20.IDX moved successfully.
C:\Users\Horst\ST21.IDX moved successfully.
C:\Users\Horst\ST22.IDX moved successfully.
C:\Users\Horst\ST23.IDX moved successfully.
C:\Users\Horst\ST24.IDX moved successfully.
C:\Users\Horst\ST25.IDX moved successfully.
C:\Users\Horst\ST26.IDX moved successfully.
C:\Users\Horst\ST27.IDX moved successfully.
C:\Users\Horst\ST28.IDX moved successfully.
C:\Users\Horst\ST29.IDX moved successfully.
C:\Users\Horst\ST2A.IDX moved successfully.
C:\Users\Horst\ST2B.IDX moved successfully.
C:\Users\Horst\ST2C.IDX moved successfully.
C:\Users\Horst\ST2D.IDX moved successfully.
C:\Users\Horst\ST2E.IDX moved successfully.
C:\Users\Horst\ST2F.IDX moved successfully.
C:\Users\Horst\ST30.IDX moved successfully.
C:\Users\Horst\ST31.IDX moved successfully.
C:\Users\Horst\ST32.IDX moved successfully.
C:\Users\Horst\ST33.IDX moved successfully.
C:\Users\Horst\ST34.IDX moved successfully.
C:\Users\Horst\ST35.IDX moved successfully.
C:\Users\Horst\ST36.IDX moved successfully.
C:\Users\Horst\ST37.IDX moved successfully.
C:\Users\Horst\ST38.IDX moved successfully.
C:\Users\Horst\ST39.IDX moved successfully.
C:\Users\Horst\ST3A.IDX moved successfully.
C:\Users\Horst\ST3B.IDX moved successfully.
C:\Users\Horst\ST3C.IDX moved successfully.
C:\Users\Horst\ST3D.IDX moved successfully.
C:\Users\Horst\ST3E.IDX moved successfully.
C:\Users\Horst\ST3F.IDX moved successfully.
C:\Users\Horst\ST40.IDX moved successfully.
C:\Users\Horst\ST41.IDX moved successfully.
C:\Users\Horst\ST42.IDX moved successfully.
C:\Users\Horst\ST43.IDX moved successfully.
C:\Users\Horst\ST44.IDX moved successfully.
C:\Users\Horst\ST45.IDX moved successfully.
C:\Users\Horst\ST46.IDX moved successfully.
C:\Users\Horst\ST47.IDX moved successfully.
C:\Users\Horst\ST48.IDX moved successfully.
C:\Users\Horst\ST49.IDX moved successfully.
C:\Users\Horst\ST4A.IDX moved successfully.
C:\Users\Horst\ST4B.IDX moved successfully.
C:\Users\Horst\ST4C.IDX moved successfully.
C:\Users\Horst\ST4D.IDX moved successfully.
C:\Users\Horst\ST4E.IDX moved successfully.
C:\Users\Horst\ST4F.IDX moved successfully.
C:\Users\Horst\ST50.IDX moved successfully.
C:\Users\Horst\ST51.IDX moved successfully.
C:\Users\Horst\ST52.IDX moved successfully.
C:\Users\Horst\ST53.IDX moved successfully.
C:\Users\Horst\ST54.IDX moved successfully.
C:\Users\Horst\ST55.IDX moved successfully.
C:\Users\Horst\ST56.IDX moved successfully.
C:\Users\Horst\ST57.IDX moved successfully.
C:\Users\Horst\ST58.IDX moved successfully.
C:\Users\Horst\ST59.IDX moved successfully.
C:\Users\Horst\ST5A.IDX moved successfully.
C:\Users\Horst\ST5B.IDX moved successfully.
C:\Users\Horst\ST5C.IDX moved successfully.
C:\Users\Horst\ST5D.IDX moved successfully.
C:\Users\Horst\ST5E.IDX moved successfully.
C:\Users\Horst\ST5F.IDX moved successfully.
C:\Users\Horst\ST60.IDX moved successfully.
C:\Users\Horst\ST61.IDX moved successfully.
C:\Users\Horst\ST62.IDX moved successfully.
C:\Users\Horst\ST63.IDX moved successfully.
C:\Users\Horst\ST64.IDX moved successfully.
C:\Users\Horst\ST65.IDX moved successfully.
C:\Users\Horst\ST66.IDX moved successfully.
C:\Users\Horst\ST67.IDX moved successfully.
C:\Users\Horst\ST68.IDX moved successfully.
C:\Users\Horst\ST69.IDX moved successfully.
C:\Users\Horst\ST6A.IDX moved successfully.
C:\Users\Horst\ST6B.IDX moved successfully.
C:\Users\Horst\ST6C.IDX moved successfully.
C:\Users\Horst\ST6D.IDX moved successfully.
C:\Users\Horst\ST6E.IDX moved successfully.
C:\Users\Horst\ST6F.IDX moved successfully.
C:\Users\Horst\ST70.IDX moved successfully.
C:\Users\Horst\ST71.IDX moved successfully.
C:\Users\Horst\ST72.IDX moved successfully.
C:\Users\Horst\ST73.IDX moved successfully.
C:\Users\Horst\ST74.IDX moved successfully.
C:\Users\Horst\ST75.IDX moved successfully.
C:\Users\Horst\ST76.IDX moved successfully.
C:\Users\Horst\ST77.IDX moved successfully.
C:\Users\Horst\ST78.IDX moved successfully.
C:\Users\Horst\ST79.IDX moved successfully.
C:\Users\Horst\ST7A.IDX moved successfully.
C:\Users\Horst\ST7B.IDX moved successfully.
C:\Users\Horst\ST7C.IDX moved successfully.
C:\Users\Horst\ST7D.IDX moved successfully.
C:\Users\Horst\ST7E.IDX moved successfully.
C:\Users\Horst\ST7F.IDX moved successfully.
C:\Users\Horst\ST80.IDX moved successfully.
C:\Users\Horst\ST81.IDX moved successfully.
C:\Users\Horst\ST82.IDX moved successfully.
C:\Users\Horst\ST83.IDX moved successfully.
C:\Users\Horst\ST84.IDX moved successfully.
C:\Users\Horst\ST85.IDX moved successfully.
C:\Users\Horst\ST86.IDX moved successfully.
C:\Users\Horst\ST87.IDX moved successfully.
C:\Users\Horst\ST88.IDX moved successfully.
C:\Users\Horst\ST89.IDX moved successfully.
C:\Users\Horst\ST8A.IDX moved successfully.
C:\Users\Horst\ST8B.IDX moved successfully.
C:\Users\Horst\ST8C.IDX moved successfully.
C:\Users\Horst\ST8D.IDX moved successfully.
C:\Users\Horst\ST8E.IDX moved successfully.
C:\Users\Horst\ST8F.IDX moved successfully.
C:\Users\Horst\ST90.IDX moved successfully.
C:\Users\Horst\ST91.IDX moved successfully.
C:\Users\Horst\ST92.IDX moved successfully.
C:\Users\Horst\ST93.IDX moved successfully.
C:\Users\Horst\ST94.IDX moved successfully.
C:\Users\Horst\ST95.IDX moved successfully.
C:\Users\Horst\ST96.IDX moved successfully.
C:\Users\Horst\ST97.IDX moved successfully.
C:\Users\Horst\ST98.IDX moved successfully.
C:\Users\Horst\ST99.IDX moved successfully.
C:\Users\Horst\ST9A.IDX moved successfully.
C:\Users\Horst\ST9B.IDX moved successfully.
C:\Users\Horst\ST9C.IDX moved successfully.
C:\Users\Horst\ST9D.IDX moved successfully.
C:\Users\Horst\ST9E.IDX moved successfully.
C:\Users\Horst\ST9F.IDX moved successfully.
C:\Users\Horst\STA0.IDX moved successfully.
C:\Users\Horst\STA1.IDX moved successfully.
C:\Users\Horst\STA2.IDX moved successfully.
C:\Users\Horst\STA3.IDX moved successfully.
C:\Users\Horst\STA4.IDX moved successfully.
C:\Users\Horst\STA5.IDX moved successfully.
C:\Users\Horst\STA6.IDX moved successfully.
C:\Users\Horst\STA7.IDX moved successfully.
C:\Users\Horst\STA8.IDX moved successfully.
C:\Users\Horst\STA9.IDX moved successfully.
C:\Users\Horst\STAA.IDX moved successfully.
C:\Users\Horst\STAB.IDX moved successfully.
C:\Users\Horst\STAC.IDX moved successfully.
C:\Users\Horst\STAD.IDX moved successfully.
C:\Users\Horst\STAE.IDX moved successfully.
C:\Users\Horst\STAF.IDX moved successfully.
C:\Users\Horst\STB0.IDX moved successfully.
C:\Users\Horst\STB1.IDX moved successfully.
C:\Users\Horst\STB2.IDX moved successfully.
C:\Users\Horst\STB3.IDX moved successfully.
C:\Users\Horst\STB4.IDX moved successfully.
C:\Users\Horst\STB5.IDX moved successfully.
C:\Users\Horst\STB6.IDX moved successfully.
C:\Users\Horst\STB7.IDX moved successfully.
C:\Users\Horst\STB8.IDX moved successfully.
C:\Users\Horst\STB9.IDX moved successfully.
C:\Users\Horst\STBA.IDX moved successfully.
C:\Users\Horst\STBB.IDX moved successfully.
C:\Users\Horst\STBC.IDX moved successfully.
C:\Users\Horst\STBD.IDX moved successfully.
C:\Users\Horst\STBE.IDX moved successfully.
C:\Users\Horst\STBF.IDX moved successfully.
C:\Users\Horst\STC0.IDX moved successfully.
C:\Users\Horst\STC1.IDX moved successfully.
C:\Users\Horst\STC2.IDX moved successfully.
C:\Users\Horst\STC3.IDX moved successfully.
C:\Users\Horst\STC4.IDX moved successfully.
C:\Users\Horst\STC5.IDX moved successfully.
C:\Users\Horst\STC6.IDX moved successfully.
C:\Users\Horst\STC7.IDX moved successfully.
C:\Users\Horst\STC8.IDX moved successfully.
C:\Users\Horst\STC9.IDX moved successfully.
C:\Users\Horst\STCA.IDX moved successfully.
C:\Users\Horst\STCB.IDX moved successfully.
C:\Users\Horst\STCC.IDX moved successfully.
C:\Users\Horst\STCD.IDX moved successfully.
C:\Users\Horst\STCE.IDX moved successfully.
C:\Users\Horst\STCF.IDX moved successfully.
C:\Users\Horst\STD0.IDX moved successfully.
C:\Users\Horst\STD1.IDX moved successfully.
C:\Users\Horst\STD2.IDX moved successfully.
C:\Users\Horst\STD3.IDX moved successfully.
C:\Users\Horst\STD4.IDX moved successfully.
C:\Users\Horst\STD5.IDX moved successfully.
C:\Users\Horst\STD6.IDX moved successfully.
C:\Users\Horst\STD7.IDX moved successfully.
C:\Users\Horst\STD8.IDX moved successfully.
C:\Users\Horst\STD9.IDX moved successfully.
C:\Users\Horst\STDA.IDX moved successfully.
C:\Users\Horst\STDB.IDX moved successfully.
C:\Users\Horst\STDC.IDX moved successfully.
C:\Users\Horst\STDD.IDX moved successfully.
C:\Users\Horst\STDE.IDX moved successfully.
C:\Users\Horst\STDF.IDX moved successfully.
C:\Users\Horst\STE0.IDX moved successfully.
C:\Users\Horst\STE1.IDX moved successfully.
C:\Users\Horst\STE2.IDX moved successfully.
C:\Users\Horst\STE3.IDX moved successfully.
C:\Users\Horst\STE4.IDX moved successfully.
C:\Users\Horst\STE5.IDX moved successfully.
C:\Users\Horst\STE6.IDX moved successfully.
C:\Users\Horst\STE7.IDX moved successfully.
C:\Users\Horst\STE8.IDX moved successfully.
C:\Users\Horst\STE9.IDX moved successfully.
C:\Users\Horst\STEA.IDX moved successfully.
C:\Users\Horst\STEB.IDX moved successfully.
C:\Users\Horst\STEC.IDX moved successfully.
C:\Users\Horst\STED.IDX moved successfully.
C:\Users\Horst\STEE.IDX moved successfully.
C:\Users\Horst\STEF.IDX moved successfully.
C:\Users\Horst\STF0.IDX moved successfully.
C:\Users\Horst\STF1.IDX moved successfully.
C:\Users\Horst\STF2.IDX moved successfully.
C:\Users\Horst\STF3.IDX moved successfully.
C:\Users\Horst\STF4.IDX moved successfully.
C:\Users\Horst\STF5.IDX moved successfully.
C:\Users\Horst\STF6.IDX moved successfully.
C:\Users\Horst\STF7.IDX moved successfully.
C:\Users\Horst\STF8.IDX moved successfully.
C:\Users\Horst\STF9.IDX moved successfully.
C:\Users\Horst\STFA.IDX moved successfully.
C:\Users\Horst\STFB.IDX moved successfully.
C:\Users\Horst\STFC.IDX moved successfully.
C:\Users\Horst\STFD.IDX moved successfully.
C:\Users\Horst\STFE.IDX moved successfully.
C:\Users\Horst\STFF.IDX moved successfully.
C:\Users\Horst\STUC.IDX moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Horst
->Temp folder emptied: 2956530 bytes
->Temporary Internet Files folder emptied: 48388685 bytes
->Java cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 936098 bytes
RecycleBin emptied: 121568956 bytes

Total Files Cleaned = 166,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10202012_091630

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Danke und Gruß,
Michael

Alt 20.10.2012, 14:51   #15
schrauber
/// the machine
/// TB-Ausbilder
 

GVU Trojaner / Infizierung / Logfiles - Standard

GVU Trojaner / Infizierung / Logfiles



Neues OTL log bitte, sollte nun gehen mit direkt posten. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu GVU Trojaner / Infizierung / Logfiles
.html, anhang, benötigte, folge, folgende, folgenden, gvu trojaner, infizierung, kaspersky, kaspersky windowsunlocker, logfile, logfiles, posts, schritte, troja, trojaner, vollständig, windowsunlocker, zusammen



Ähnliche Themen: GVU Trojaner / Infizierung / Logfiles


  1. Trojaner/Viren Infizierung per Post von der Telekom
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (18)
  2. BKA Trojaner aktuelle Infizierung
    Plagegeister aller Art und deren Bekämpfung - 18.03.2014 (10)
  3. Windows 7/Verdacht auf Infizierung mit BKA-Trojaner u.a.
    Log-Analyse und Auswertung - 23.12.2013 (2)
  4. GVU Trojaner Infizierung
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (14)
  5. Infizierung durch Matsnu Trojaner von Groupon
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (11)
  6. webseite mit trojaner - nach 10 sek. internet gekappt, infizierung möglich?
    Log-Analyse und Auswertung - 15.01.2013 (9)
  7. GVU Trojaner-Infizierung; dll-Fehler beim Systemstart
    Log-Analyse und Auswertung - 21.11.2012 (17)
  8. Bundespolizei Trojaner-Infizierung und Löschung.?
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (26)
  9. Infizierung mit einem Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (12)
  10. OTL Logfiles nach Infizierung mit GVU Trojaner ; PC jetzt sauber? Hilfe
    Log-Analyse und Auswertung - 13.08.2012 (18)
  11. Bundespolizei Trojaner-Infizierung und Löschung.?
    Log-Analyse und Auswertung - 21.07.2012 (2)
  12. OTL-Logfile-Auswertung nach GVU-Trojaner-Infizierung
    Log-Analyse und Auswertung - 09.07.2012 (2)
  13. Infizierung mit einem Windows-Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 14.06.2012 (3)
  14. Infizierung mit locked-Trojaner
    Log-Analyse und Auswertung - 12.06.2012 (31)
  15. Infizierung durch Trojaner?
    Log-Analyse und Auswertung - 21.01.2011 (46)
  16. Malware oder Trojaner infizierung
    Log-Analyse und Auswertung - 19.08.2010 (6)
  17. Was tun gegen Trojaner-Infizierung?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2006 (3)

Zum Thema GVU Trojaner / Infizierung / Logfiles - Moin zusammen, auch mich hat es leider erwischt. Der Kaspersky Windowsunlocker hatte leider keinen Erfolg. Nun habe ich die Schritte des folgenden Posts abgearbeitet: http://www.trojaner-board.de/69886-a...-beachten.html Im Anhang die Logfiles...hoffentlich vollständig - GVU Trojaner / Infizierung / Logfiles...
Archiv
Du betrachtest: GVU Trojaner / Infizierung / Logfiles auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.